The behavior analysis system is a cloud based service that is used to help determine whether a file exhibits malicious behavior. Once submitted to the system, the unknown executable will be automatically run in a virtual environment and all actions that it takes will be monitored. For example, processes spawned, files and registry key modifications, host state changes and network activity will be recorded.
If these behaviors are found to be malicious then the signature of the executable is automatically added to the antivirus black list.
The above learn that behaviour analysis has already been part of CIS by means of cloud and has been named as such.
As I mentioned previous, the current BB does block behaviors such as screengrabbing and keylogging. The previous automatic sandbox did not do this.
So, it is blocking behaviors, not just automatically sandboxing things. No, it’s not yet a traditional behavior blocker, but in the interim I don’t see a problem with calling it a BB when it is in fact blocking certain suspicious behaviors.