A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #8555  by bytejammer
 Wed Sep 14, 2011 5:40 am
"Today at IDF, McAfee SVP Candace Worley showed off a new technology platform called DeepSAFE, which leverages the Intel VTx functionality present in all Core i3, Core i5, and Core i7 chips to detect rootkit malware, even if that malware has never been seen before and its signature is missing from the virus scanner’s definition database. The technology will appear in McAfee products later this fall."

A video of the presentation can be seen here:
http://www.youtube.com/watch?v=iHiKjGhv9no

McAfee DeepSAFE website:
http://www.mcafee.com/us/solutions/mcafee-deepsafe.aspx

Any thoughts on this new technology?
 #8557  by EP_X0FF
 Wed Sep 14, 2011 8:49 am
Hardware assisted hypervisor which is able to catch some suspicious actions like for example cr0 register manipulations - see youtube video, where they demonstrated it against Agony 2007 year rootkit which hooks SST. Effectiveness of this technology only can be proved after various tests against something more fresh in all meaning of this word.