Symantec EDR Internals — Criterion

Criterion

Start Of The Journey

General Flow

Determining The Scoring Decision

Scored

Unscored

Populating File Features

Attributes & Features Collection

List of “File Features” and “Attributes” to collect

Calculating The Final Score

Sample_X,0,0,0,0,5,1,0,0,0,0,0,0,0,0,3,0,5,0,0,2,0,0,0,500,0,0,0,0,0,30,1,0,1,11,11,29,0,1,1,0,0,8,8,0,0,0,0,0,0,?
Result of the “See5Sam” engine
File classified as “Suspicious” by “Criterion”

Conclusion & Future Research

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store