Detection Engine

In the ever-evolving landscape of cybersecurity, detection engines stand as vigilant sentinels, tirelessly scanning for threats to our digital assets. At its core, a detection engine is a software component that analyzes data, identifies anomalies or suspicious patterns, and triggers alerts or actions based on predefined rules or machine learning models. Detection engines operate on the fundamental principle of identifying deviations from normal behavior.

To configure the detection engine settings in detail, navigate to the Settings tab and click 'Detection Settings'.

This document explains the three core detection engines employed by ManageEngine Endpoint Central Next-Gen Antivirus (NGAV) and their significance during policy configuration. Understanding these engines empowers you to tailor your NGAV policies for optimal protection.

In this section:

1. Ransomware Detection Engine
2. DeepAV Engine
3. Behavior Detection Engine

Ransomware Detection Engine

Ransomware often operates stealthily, lying dormant until it encrypts files or blocks system access. The end users are frequently unaware of the infection until confronted with a ransom demand or the loss of their data. By detecting ransomware early, before it causes significant damage, individuals and organizations can proactively respond and potentially prevent irreversible data loss.

Designed specifically to counter ransomware attacks, the Ransomware Detection engine utilizes a proactive defense strategy as follows:

1. Decoy File Monitoring: Strategically places decoy files throughout your system to attract ransomware attempts. When ransomware tries to encrypt these files, an immediate alert is triggered, allowing for prompt response.
2. Behavior Monitoring: Detects suspicious file encryption patterns indicative of ransomware attacks.
3. Patented Technology: Ensures less than one percent false positive alerts, minimizing alert fatigue, and maximizing efficiency.
4. Minimizes False Positives: Users can configure ransomware exceptions by defining exclusions for specific folders or applications to prevent false positives with legitimate processes.

DeepAV Engine

Leveraging the power of deep learning, the DeepAV Engine provides advanced malware detection capabilities. The major features and policy configurations are as follows:

1. Advanced Malware Detection: Combines deep learning-based neural networks and machine learning (ML) for fast and accurate detection of malware families.
2. Manage Exclusions: You can exclude specific folders or applications from DeepAV engine to optimize performance and avoid minimizing resource usage. Depending on your risk tolerance, you can configure the DeepAV engine's sensitivity level to balance threat detection with potential false positives.

Behavior Detection Engine

The Behavior Detection Engine operates by continuously monitoring application behavior for suspicious activities that suggests a potential malware threat. The following are the main features and policy configurations:

1. Real-time Monitoring: Tracks deviations of programs from typical patterns that feature suspicious activities.
2. Behavior-based Allowlisting: Users can enhance the engine's precision by creating a allowlist of trusted applications, preventing them from triggering false positives during behavior monitoring.