System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits

摘要

A threat detection system is integrated with intrusion protection system (IPS) logic, virtual execution logic and reporting logic is shown. The IPS logic is configured to identify a first plurality of objects as suspicious objects and outputting information associated with the suspicious objects. The virtual execution logic is configured to receive the suspicious objects and verify whether any of the suspicious objects is an exploit. The virtual execution logic includes at least one virtual machine configured to virtually process content within the suspicious objects and monitor for anomalous behaviors during the virtual processing that are indicative of exploits. The reporting logic is configured to issue a report including the information associated with the suspicious objects from the IPS logic and results of the virtual processing of the content within the suspicious objects.