Symantec EDR Internals — Criterion


Start Of The Journey

General Flow

Determining The Scoring Decision



Populating File Features

Attributes & Features Collection

List of “File Features” and “Attributes” to collect

Calculating The Final Score

Result of the “See5Sam” engine
File classified as “Suspicious” by “Criterion”

Conclusion & Future Research



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store