Introduction to Xcitium Verdict
Verdict is a online file verdict system that tests unknown files with a range of static and behavioral checks in order to identify those that are malicious. Because Verdict analyzes the entire run-time behavior of a file, it is more effective at detecting zero-day threats missed by the signature-based detection systems of classic antivirus products.
The Verdict
console allows users to upload new files for analysis and to view
scan results in a range of dashboards and reports. Users can also forward files to Xcitium Labs for in-depth, human expert checks. The Xcitium Unknown File Hunter tool allows users to locally scan entire networks for unknown files then upload them to Verdict for analysis.
- The results of your most recent analysis requests are shown by default
- Click
your user-icon at top-right to navigate to the dashboard and other
important areas
Features
- No installation required, just upload files for analysis
- Automated and human expert analysis (optional) of submitted files
- Comprehensive reporting and dashboards
Overview of the Technologies
Verdict analysis systems consist of multiple techniques to ensure each and every file submitted is analyzed thoroughly before providing the verdict. In order to do that Verdict deploys two types of technologies - Automatic analysis and Human Expert analysis. The techniques used for automatic analysis include Static Analysis, Dynamic Analysis, Verdict Plugins and Embedded Detectors, Signature Based Detection, Trusted Vendor and Certificate Validation, Reputation System and Big Data VirusScope Analysis System.
Static Analysis
This technique involves extraction
and analysis of various binary features and static behavioral
inferences of an executable such as API headers, referred DLLs, PE
sections and more such resources. Any deviation from the expected
results are listed in the static analysis results and the verdict
given accordingly.
Dynamic Analysis
The dynamic analysis technique include studying the run time behavior of a file to identify malware patterns that cannot be be identified through static analysis.
Verdict Plugins and Embedded Detectors
Verdict plugins utilizes the different malware analysis techniques developed by various communities and educational institutions and deployed by them on their systems as RESTful Web Services. Verdict includes these results also to compute a final overall verdict.
Embedded detectors in Verdict uses new methods of malware detection developed by Xcitium AV laboratory to compute an overall final verdict of a file.
Signature Based Detection
Verdict uses different signature based detection sources in order to detect a given sample in the first place. Signature based detection simply checks SHA1 hash of files from signature sources to determine if there is any match in database.
Trusted Vendor and Certificate Validation
Verdict checks vendor details of a file with Trusted Vendor database that are continuously updated. If the vendor is whitelisted, then certificate validation is done to ensure that certificate chain is valid and not revoked or expired.
Reputation System
Reputation data of files that are collected from millions of endpoints through Xcitium network and products are evaluated on a big data platform and converted to intelligence form to be used by Verdict.
Big Data VirusScope Analysis System
VirusScope, a part of Xcitium Security products, is a dynamic application analyzer system that detects malicious behavior of a file, blocks and reverses those actions when necessary. The detected malware are reported to Xcitium servers and this data is also used by Verdict.
Human Expert Analysis
Verdict system includes submission of files by users for manual analysis. Xcitium expert analysis, which consists of the most sophisticated analysis of a file and provides the ultimate verdict of the file.
Guide Structure
This guide is intended to take you through the use of Xcitium Verdict and is broken down into the following main sections.