Adaptive Defense 360's advanced protection is a new, ground-breaking technology that continuously monitors every process run on the customer's Windows computers.
Adaptive Defense 360 collects all actions taken by the processes run on users' computers and sends them to a server, where they are analyzed applying automatic Machine Learning techniques in Big Data environments. The service returns a classification (goodware or malware) with 99.9991 accuracy (less than 1 error for every100,000 files analyzed), preventing false positives.
For the most complicated cases, Panda Security has a laboratory manned by malware specialists, whose aim is to classify all executable files within the shortest possible time from the time they are first seen on the customer's network.
Adaptive Defense 360 implements three block types for unknown (not yet classified) processes and processes classified as malware:
In Audit mode, Adaptive Defense 360 gives information about the threats it detects but doesn’t block or disinfect the malware found. This mode is useful for testing the security solution or checking that installing the product doesn’t have a negative effect on computer performance.
In those environments where there are constant changes to the software installed on computers, or where many unknown programs are run, for example proprietary software, it may not be viable to wait for Adaptive Defense 360 to learn about them in order to classify them.
Hardening mode aims to keep a balance between the infection risk for computers and user productivity. In this mode, blocking of unknown programs is limited to those initially considered dangerous. Four scenarios are defined:
Files classified by Adaptive Defense 360 as goodware: They are allowed to run.
Files classified by Adaptive Defense 360 as malware: They are sent to quarantine or disinfected.
Unclassified files coming from external sources (Internet, email and others): They are prevented from running until a classification is returned. Once a classification is returned, they are allowed to run (goodware) or not (malware).
This classification is almost immediate in most cases. That is, a program downloaded from the Internet and unknown to Adaptive Defense 360 may be initially blocked, but then allowed to run within minutes if it turns out to be goodware.
Unclassified files that were installed on the user's computer before the implementation of Adaptive Defense 360: They are allowed to run although their actions are monitored and sent to the server for analysis. Once classified, they are allowed to run (goodware) or sent to quarantine (malware).
In environments where security is the top priority, and in order to offer maximum security guarantees, Adaptive Defense 360 should be configured in Lock mode. In this mode, the software that is in the process of classification is prevented from running. This means that only legitimate software is allowed to run.
Just as in Hardening mode, programs classified as malicious are sent to quarantine, whereas unknown programs are prevented from running until they are classified as goodware or malware.
More than 99% of programs found on users' computers are already classified by Adaptive Defense 360. Only a small minority of programs will be prevented from running.
Related topics