Profense SDK enhances application security with proactive features, thwarting various attacks and blocking intruders from system access, even through non-network pathways.
The executive objects monitor keeps an eye on processes and threads, while the executable objects monitor covers executable images and sections, and a state-of-the-art hidden executive objects monitor using SMM technology. The abnormal activity monitor, both SMM and VMM-based, can detect any kind of exploits, Trojans and viruses, using heuristic detection.
The Profense SDK even offers IRP_MAJOR procedure monitoring for proactive defense, hardware interrupt monitoring for low-level system monitoring, and a journal and history logger interface applicable to any kind of monitor. Plus, it has a transport layer network monitor and low-level network monitor along with TcpIp protocol suite capabilities for securing network traffic, and a driver-application communication interface with two simultaneous channel types for asynchronous communication with kernel modules.
But the interface for search of non-exported symbols in kernel environment, real-time instruction tracer interface for catching suspicious interception of system services, executive objects manipulation interface for hidden objects in-memory heuristic search, and Patch Guard manipulation interface are especially noteworthy. Additionally, the SDK also provides a flexible network firewall interface with ALLOW/DENY/CONTENT_BLOCK/CONTENT_MODIFY methods on any active network interface. Overall, it's an all-in-one tool for advanced security infrastructure.
Version 1.00:
First public release.
Added support for AMD64 and IA64 systems.
Added support for multiprocessor environment.
Added support for SVM/VMX systems.
Added support for SMM management.
Added support for Nt object manager manipulation.
Added support for Patch Guard 2/3 manipulation.