What do you guys think about following proposition:
- On-access AV part is removed from CCAV and it becomes pure Sandbox with a caveat that when unknown application is run inside Sandbox, it is scanned using traditional AV signatures.
What this means:
- You can still run it along with any other AV products.
- There is no downgrade in performance as scanning of files coming in picture only when unknown application ends up running in Sandbox.
- You have all the benefits of Cloud
- You still have default deny i.e. if file unknown, it runs in Sandbox.
So you have a mix of
"Low Impact on System" + "Default-Deny" + "Traditional AV detection" + "Compatibility with any other AV product".
and at some point when you have realized that your AV passed what CCAV protected you against, you may ditch
other AV and rely on light weight product that protects you against old, new and yet to born viruses as that's the future of client security as traditional detection approach can not be sustained.
Your feedback is appreciated.