For malicious code monitoring agents,  manual reporting and other channels to receive samples. Multi level screening is used to quickly screen the white list, black list and grey list. Through the unpacking process, it can greatly improve the detection depth and detection rate of malicious code, reduce the overall sample processing load, and improve the throughput.

Dynamic analysis and static analysis

AVLM-A, a special automatic static analysis engine of Microvision, is used to detect the malicious code and API call behavior of multi platform statically and analyze the network behavior of malicious software dynamically.

Study and judge

● Overall engine: it has high-speed detection performance under massive rules, can identify multiple file formats, has the ability to unpack, and the detection performance can reach (excluding preprocessing work) 5000+/s;

● Docking with third party virus: supports docking query with the open source virus library of CNCERT of national security center.

Through the machine learning method based on massive data, it realizes the efficient identification and prevention of sensitive content

● Collect the network log data of the whole network, select all kinds of online logs (IDC/CDN/special line) for cleaning and de-duplication, and extract URL features;

● Through the "unified intelligence base" to quickly screen URLs based on features, and then accurately identify through page element comparison, malicious JS detection, DGA detection, multi-layer filtering detection, intelligent analysis sandbox and other technical means to realize the discovery and identification of domestic and foreign Pornography, gambling and drug websites,  malicious websites and links.