The Right Answer to all Security Questions
The IKARUS scan.engine is not only the heart of our in-house security solutions. Our technology is used under different names and brands worldwide, securing it-solutions and services. The IKARUS scan.engine can easily be integrated into any existing product, and it can be used to develop your own malware-detecting security solutions: There are unlimited possibilities!
Advanced multistage content and behavioural analysis ensure a strong detection performance on both known and newly arising threats. A resource-saving operation mode allows for developing user-friendly applications that are hardly perceptible.
This is how the IKARUS scan.engine works
The IKARUS scan.engine is one of the world’s best carrier-grade content scanning engines. It detects, extracts, analyses and eliminates malware, vulnerabilities, and exploits in virtually all file systems and archives. The IKARUS scan.engine uses advanced high-performance scan-technologies to analyse different types of files and code – regardless of their appearance, size or file identifier.
The first scanning operation is about cryptographic hash calculation, analysis of suspicious or conspicuous data elements and detection of signatures and exploits. Known viruses that can be identified via our virus databases, are immediately isolated and defanged. Most of the data will be further analysed in a closed virtual environment.
Behaviour-based Heuristics and Simulation
Packed files are unpacked and all data extracted, executables are identified and decrypted. The engine performs all simulations in an integrated closed virtual environment and analyses files for exploits, scripts, iframes, java scripts, actions scripts, macros, and embedded font- or PE-files. Scripts like HTML, XML, Java Script, VBS, MIRC Script, Web Script, X Script, BAT, TXT or binary files are checked for jump and calls, executed and monitored.
Within the virtual environment, API calls are replaced with own features. The behavioural analysis contain API calls, reloaded files or DLLS, and opcodes. Edited storage areas and unpacked codes and files are monitored and measured. Additionally, the behaviour of files after starting the simulation has to be monitored and measured, too: Some viruses use techniques to test their environment and recognize testing environments. Calls for APIs to compare register values, tests of error codes after using wrong parameters or the search for certain files within the process environment block might point to camouflage functions of a virus.
Flexible and Platform-independent Operation
The IKARUS scan.engine is compatible for a wide range of platforms and the most common architectures. Currently x86/x64 and armv5 with Windows, Linux, Android, and FreeBSD are supported.
The IKARUS team of analysts completes and supports the high performance of the IKARUS scan.engine with manual analyses and reverse-engineering. Besides, global threat data from the IKARUS SigQA (Signature Quality Assurance Program) and sample sharing within the industry ensure quality and sustainability.
The renowned VB100 reviews offer an independent performance analysis of the IKARUS scan.engine: Regular testing of anti-malware software measuring reactive and proactive detection rates, system slowdown and stability show the IKARUS scan.engine among the global top performers.