The primary technique employed by a variety of advanced malware-detection products.
Potential malware threat is identified using various techniques.
Network traffic analysis is used to discover potential threats on the network.
Patterns of behavior are analyzed, and suspicious files are sent to the “sandbox”.
The file is then examined in an environment of virtual machines that analyze behavior in a suite of different operating systems and software versions.
All changes made by the file are recorded, and a report is presented which shows all areas of the operating system and software that were changed.
Based on this report, the file can be flagged as malware.