Isn't viruscope kinda the same as auto-sandbox?

Unless I misunderstand something, viruscope detects certain action program tries to do, and asks the user if (s)he wants to allow it. But auto-sandbox already monitors that, and depending on preset will allow or deny action.

Or will viruscope just replace auto-sandbox? So it will just monitor programs that are not in trusted list, kinda like Emsisoft does?

Its a behavior blocker. Auto-sandbox just blocks unrecognized items from running. The idea behind viruscope is that it will monitor the process and see what it does. If it performs a malicious action, it should alert the user. A malicious action could be seen as a new file attempting to modify key registry items or redirecting a web browser. So where the autosandbox just blocks an unknown file from running, viruscope would watch a suspicious file and make sure it’s not doing something malicious.

I just wonder on what level does Viruscope perform. When app runs unlimited and then tries to rollback it’s malicious changes or does it work similar as avast! DeepScreen where files are analyzed using behavior blocker within virtualized environment.

Rejzor, From what I read so far on the help file, it’s supposed to monitor changes and once established as malicious, removes the changes. It’s not working inside the autosandbox so not really sure if it’s running sandboxed but doesn’t get recorded by viruscope, that it will do anything.

Viruscope is static detection layer. You can think Valkyrie in your CIS… this is the clear way to understand

It’s not static based analysis but dynamic, like CAMAS…

forgive me then CIMA in your CIS :-TU Thanks buddy :-TU

No problem, more recognizers will be added but slowly to avoid issues.