How does the Advanced Protection for Windows, Linux and macOS in products based on Aether work?

The protection included in Panda Adaptive Defense and Panda Adaptive Defense 360 over Aether includes continuous monitoring of activity on Windows, macOS and Linux. This monitoring allows us to offer advanced protection in these systems, although the scope of it is not the same in all systems.

The advanced protection has been available for Windows computers and servers since the release of Panda Adaptive Defense in 2015. However, advanced protection on macOS and Linux is included as of version 3.70 (version 2.00.06.0000 of macOS and Linux protections) of Panda Adaptive Defense and Panda Adaptive Defense 360.

The features included in the advanced protection of macOS and Linux in version 3.70 of Panda Adaptive Defense / Panda Adaptive Defense 360 are the following:

• Malware and PUPs detections show their life cycle.
• Malware activity for macOS and Linux detections is displayed. This information helps us to identify the source of the infection, and in case the malware had started to run, to identify what actions it has taken.
• The graphical view is shown with the activity of the malware for macOS and Linux detections, just as we do for Windows detections.
• Telemetry and malware alerts are displayed in Panda Advanced Reporting Tool in the Install, Ops and Alerts tables.
• In case the client has contracted SIEMFeeder, he will receive in SIEM the telemetry of macOS and Linux, in addition to that of Windows.

The Zero-Trust Application Service and the associated protection modes (Audit, Hardening and Lock) are only available in Windows. The same is true with Anti-exploit protection.

In Linux, the ability to detect malicious activity (contextual detection) is included. By default, detected malicious actions will not be blocked to avoid possible issues on certain machines. Unless you are sure that the detected malicious activity is a legitimate action, it is recommended that you change the setting to Block mode in the Detect malicious activity (Linux only) settings of the advanced protection. This additional protection capability in Linux is included from Linux protection version 3.00.00.0000.

The THIS (Threat Hunting Investigation Service) service, included by default in our Panda Adaptive Defense and Panda Adaptive Defense 360 solutions, detects advanced threats and attacks on Windows, macOS and Linux. Thanks to the telemetry sent, we can carry out investigations to detect new attacks on Windows, macOS and Linux.

If an investigation is confirmed as the detection of a new threat, it will be consolidated and taken to the endpoint (Windows / macOS / Linux) of all our clients, adding detection in the signature files or in Collective Intelligence, and ideally in Contextual detection way to stop the new detected attack pattern.