Profense SDK 1.00
PROFENSE SDK IS A POWERFUL HIPS SDK
Simple APIs of Profense SDK include powerful functions: multi
layer packet filter (transport layer and channel layer), system services monitor (SDT monitor), IDT
monitor, GDT monitor, LDT monitor, registry and filesystem access monitor, NT object manager
monitor, filesystem filtering interface, executive objects monitor (processes and threads), executable
objects monitor (executable images and sections), state-of-art hidden executive objects monitor
(SMM based), abnormal activity monitor (SMM based), abnormal activity monitor (VMM based,
including VMX & SVM interfaces), executive objects manipulation interface (using for hidden objects
in-memory heuristic search), Patch Guard manipulation interface (using for internal purposes),
interface for search of non-exported symbols in kernel environment, real-time instruction tracer
interface (using for catching suspicious interception of system services), interface for heuristic
detection of exploits (any kind of exploits, Trojans and viruses), IRP_MAJOR procedures monitor
(using for proactive defense`s purpose), hardware interrupt monitor (IRQ monitor, using for lowlevel
control of system activity), journal and history logger interface (applicable to any kind of
monitor), transport layer network monitor (TDI based filter), low-level network monitor (NDIS
based), TcpIp protocol suite (using for avoiding any malicious interception of network traffic), driver
- application communication interface (with two simultaneous channel type - Command channel
and Data channel, which renders asynchronous interface to communicate with kernel modules),
virtual address manipulation interface (search and enumeration of VAD list on per-process basis),
finite state machine for behavior-based detection (proactive defense decision module), network
firewall interface with flexible rule system (ALLOW/DENY/CONTENT_BLOCK/CONTENT_MODIFY
methods on any active network interface).
Profense SDK engine intercepts control flow of various points of interest in Windows OS kernel.
Finite state machine control sequence of events on per-thread basis and make decision (if any
behavior signature found). Filtering interface render ability for inline modification or blocking
specified packets with defined patterns of data. Flexible system of rules renders ability for host
intrusion prevention on system wide basis. Anti-exploit interface renders ability for prevention of
execution and API offset resolving for any “run-not-from-image” code, including exploits, viruses
and any other suspicious code. TcpIp protocol suite interface grants safe access to any remote
resources, avoiding malicious interception. Registry and filesystem monitors of any kind grants full
control on autorun sections of Windows Registry and filesystem. Signature based scanner grants
detection for malicious software with known signatures (MD5 hash of PE sections). Behavior based
signature scanner grants detection for malicious software with unknown signatures, by determined
behavior. Application level library grants simple and easy interface to any type of application to full
power of Profense SDK in easy way.
Supporting OS:
Windows 2000
Windows XP
Windows 2003 Server
Windows Vista
Windows 2008 Server
Windows 7
Supporting platforms:
IA-32
AMD-64
EM64T
IA-64 (request for quote)
Supporting containers:
Microsoft Visual Studio 6.0 and later
Microsoft Visual Basic 6.0 and later
Microsoft Visual C++ 6.0 and later
Microsoft Visual J++ 6.0 and later
Microsoft Office 97 and later
Microsoft Outlook
Borland C++ Builder 3 and later
Borland Delphi 3.
What is new in 1.00 software version? - First public release.
Added support for AMD64 and IA64 systems.
Added support for multiprocessor environment.
Added support for SVM/VMX systems.
Added support for SMM management.
Added support for Nt object manager manipulation.
Added support for Patch Guard 2/3 manipulation.. What is expected in the future? Newly-made Profense SDK 1.1 be downloaded from current page, we also looking forward to unconfirmed 1.2 release build. You may download profense_sdk_user_manual.zip directly, estimated download time by Dialup or GPRS [~56 kbit/s] is 0:00:13. Just write the reviews of the Profense SDK. System requirements are Minimum requirements - Windows 2000, your favourite IDE. Program has been scanned and verified by the several antivirus and anti-spyware applications and Profense SDK found to be clean. The following languages are supported by Profense SDK: English.
