We would like to take this opportunity to introduce ourselves and our work with Sleuth Kit.
Tabidus Technology is an IT security association which enables the technical collaboration of the global antimalware vendors. Our mission is to provide enterprises a better and easier protection against cyber threats with joint security potentials. For this, Tabidus develops universal security products, which host the various technologies and allow their flexible combination by click, instead of the need to install individual security solutions.
Our first system – United Endpoint Protector – takes care of the antivirus protection of Windows clients and server, together with the corresponding central management solution United Control Center.
One of our many security features are on-demand scans, which allow to create scheduled tasks to scan, for example, the local hard disk, with multiple security vendors, to detected malicious code on it. In order to make this possible, the files must first be listed on the volume to process them further with security technologies. However, as malware evolves and try to hide as much as possible, we face the challenge, that a standard listing with Windows API’s are insufficient. This is where the Sleuth Kit comes into play. We decided to reveal the true content of a volume with the help of your forensic methods, to ensure that we see everything. This output is then routed to the security providers who make an assessment as to whether it is a malicious code or not. The complete results of a scan run, including all assessments of the vendors, are nicely illustrated on the user interface.
Thus, the United Endpoint Protector is one of the first antimalware solutions which use forensic methods for on-demand scans instead of old-fashioned file listings.
