The VectorN Detection engine is a new feature and its purpose is to search for patterns within the blocks that Thor's Traffic Scanning records.
- It works across-the-board on any Windows™ device;
- It does not rely on scanning the code or auditing any system processes. Instead, the new technology uses Machine Learning Detection (MLD) to perform an in-depth analysis of all incoming and outgoing HTTP, HTTPS and DNS traffic.
- It matches Machine Learning (MLD) insights with Indicators of compromise/attack (IOC/IOA) and network forensics, turning Thor Foresight into a unique, proactive cybersecurity suite.
- It helps users discover even hidden, second-generation malware that tries to infect the endpoint or attempts to harvest data from the compromised system.
- By tracking device-to-infrastructure communication, this technology enables users to detect and block advanced malware, regardless of the attack vector.
If Thor Foresight's Traffic Scanning is blocking a specific domain or multiple domains at a specific time of the day, VectorN Detection will consider this a pattern and will inform the user that there might be a possible threat.
- A domain is blocked multiple times a day in a very short time period.
- A domain is blocked every day at a specific time
- Multiple domains are blocked in a very short time period.
When a pattern is found, that means something on the machine tries to reach the blocked domains but Thor Foresight does not allow that. It's recommended to run the antivirus you have at your disposal, such as Thor Vigilance.