Enhanced virus protection evp: What is EVP (Enhanced Virus Protection)?

How to Enable Processor-Based Security

Home » How to Enable Processor-Based Security

[nextpage title=”Introduction”]
At last PCs operating under Windows have a security level similar to that used by high performance servers. This technology – known under names that vary from manufacturer to manufacturer, such as NX (No eXecute), EVP (Enhanced Virus Protection), XD (eXecute Disable), or DEP (Data Execution Protection) – allows the processor itself to detect when a malicious code (such as a virus or a Trojan horse) is attempting to run and automatically disables such code, “drowning” the virus. In this short tutorial we will teach you how to enable this feature.
This technology works creating separate areas for the execution of programs and for data storage in the RAM memory of the computer, If a code in the area set aside for data storage tries to run, the processor understands that as something suspicious and prevents the execution of the code.
It is important to note that the processor itself doesn’t have the capacity of removing the virus from your computer. If a PC in which the NX technology has been enabled is infected by a virus, the processor will warn you (through the operating system) that your computer is possibly infected and will not permit the virus to turn, but you will still have to run an antivirus to remove the virus from your machine and avoid contaminating friends (for instance, when sending e-mails with attached files).
To have this level of security in your machine you need to fulfill three prerequisites. First, your processor must have this security technology. Second, your operating system has to be capable of recognizing it. Third, it must be enabled on your operating system.
So, the first thing to do is check whether your CPU has this technology or not. This can be done with the aid of a hardware identification utility, such as Sandra or Hwinfo.
On Sandra, click on Hardware, Processors and the program will list all features provided by your CPU. This list will be long and you should scroll down the page that will show up to the “Extended Features” section and look for “XD/NX – No-execute Page Execution Protection” feature. You will see a “yes” besides it if your CPU supports this level of security.
On Figures 1 and 2 we give two examples. The CPU in Figure 1 was from AMD (an Athlon 64 3800+) and the CPU in Figure 2 was from Intel (a Core 2 Extreme X6800). As you can see the latest CPUs from both manufacturers support this technology.

Figure 1: AMD CPU with NX feature.

Figure 2: Intel CPU with NX feature.

If your CPU doesn’t have this feature you won’t be able to enable this protection, of course.
The next step is configuring Windows to correctly enable this feature.
[nextpage title=”Configuring the Operating System”]
As of operating systems, both Linux and Solaris have already adopted this technology for years, but for the Windows operating systems this technology is only present from Windows XP SP2 on. So if you use Windows XP you need to have Service Pack 2 installed. You can check whether SP2 is installed or not by clicking on System icon on Control Panel (a shortcut to this is pressing Windows Pause/Break). If SP2 is installed, it should be listed under “System”. If it isn’t, you need to download and install it.
On Windows XP SP2 and Windows Vista, you can check whether NX technology is correctly enabled or not by clicking on System icon on Control Panel (a shortcut to this is pressing Windows Pause/Break). On the window that will show up, click on Advanced tab, see Figure 3.

Figure 3: Advanced system configurations.

On this window, click on the first Settings button, the on “Performance” field. On the window that will show up click on Data Execution Prevention tab, see Figure 4. This is where the NX technology is configured.

Figure 4: Configuring NX technology.

As you can see, there are two option: “Turn on DEP for essential Windows programs and services only” and “Turn on DEP for all programs and services except those I select”. The main problem is that the first option is the one selected by default. This means that this technology will protect only essential Windows programs and services. With this configuration NX technology won’t protect you from a virus or Trojan Horse if they attack a regular program, for example.
Thus we recommend you selecting the second option, where all programs and services will be protected by NX technology. If in the future you have any kind of false positive – i.e., Windows complaining that a program that you know that isn’t infected is trying to execute code on a memory location mapped as data area –, you can simply go to this window and add the program that is a false positive to the list of exceptions, by clicking on Add.
Click on Ok, restart your computer and now your PC is truly protected with NX technology. But like we said, with this technology you still have to use an anti-virus program and keep it updated. This is just an extra feature that adds an extra security layer to your PC.

AMD Fortifies PC Security With Unique Combination of Hardware and Software Protection

Bringing a new level of security to desktop and mobile PC computing, AMD (NYSE: AMD) today announced that with the release of Microsoft® Windows® XP Service Pack 2 (SP2), Enhanced Virus Protection (EVP) can now be enabled on all AMD Athlon™ 64 processors. This unique hardware and software combination is designed to keep computers protected against certain malicious viruses, computer worms and Trojan horses. AMD Athlon 64 processor customers can now feel more secure performing computing tasks such as e-mailing, sharing music files, and downloading photos, games, and other graphic-intensive computing applications.

“AMD is taking a leadership role to deliver a more secure computing experience for home and business users with the enablement of Enhanced Virus Protection on all AMD Athlon 64 processors in the market today,” said Marty Seyer, corporate vice president and general manager, Microprocessor Business Unit, AMD’s Computation Products Group. “The sophistication of viruses has raised the need for security prevention at all platform levels. AMD has addressed this need with Enhanced Virus Protection making the AMD Athlon 64 family of processors the only high-performance PC processors available today that offer this enhanced level of security.

“The combination of Windows XP Service Pack 2 with Advanced Security Technologies and improved hardware technology, as found in Enhanced Virus Protection from AMD, is an important step in providing a multi-layered defense against many common online threats,” said Will Poole, senior vice president, Windows Client Business, Microsoft Corp. “Security is an issue that requires industry-wide collaboration and we are pleased to be working with AMD to deliver a more secure computing experience for our mutual customers.”

Enhanced Virus Protection is a hardware feature designed into AMD Athlon 64 desktop and mobile processors. When combined with the Data Execution Prevention technology found in Windows XP SP2, EVP not only identifies certain malicious code, specifically those that execute buffer overflow attacks, but also prevents them from replicating and spreading throughout the system. By incorporating security technology into the hardware, costs and damages associated with these virus attacks can be significantly reduced while increasing the integrity of the home and corporate network.

“With buffer overflow attacks costing between $385 million and $1.2 billion, it has become absolutely critical that companies mitigate the related exposure,” said Rob Enderle, president and principal analyst for the Enderle Group. “Virus checking products simply cannot respond fast enough to threats that can spread worldwide in minutes when it takes days to develop an effective anti-virus response. The hardware and software technology from AMD and Microsoft is designed to proactively defend computers from these far too prevalent attacks, providing critical protection from some of the fastest-growing and most damaging viruses in the world today.”

Every AMD Athlon 64 FX-53, AMD Athlon 64 mobile and desktop, and Mobile AMD Sempron™ processor customer can now use the built-in EVP capability when enabled by Windows XP SP2. For businesses and enterprises using the AMD Opteron™ processor, EVP will be enabled with the upcoming release of Microsoft Windows Server 2003 Service Pack 1 and Windows Server 2003 for 64-bit Extended Systems.

Source: AMD

Citation:
AMD Fortifies PC Security With Unique Combination of Hardware and Software Protection (2004, August 9)
retrieved 30 June 2023
from https://phys.org/news/2004-08-amd-fortifies-pc-unique-combination.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

Virus protection — what is it, how does computer virus protection work?

Virus protection is one of the modules in a multi-layered software that allows you to detect, block and remove not only viruses, but also other malicious software to protect users from various types of cyber threats.

Virus protection is one of the modules in the multi-layer software that allows you to detect, block and remove not only viruses, but also other malicious software to protect users from various types of cyber threats.

What is virus protection?

At first, virus protection was the main function of software that detected and removed computer viruses from infected devices. However, with the surge in other types of threats, antivirus programs have evolved into sophisticated multilayered device protection solutions against a variety of cyberthreats .

For the safety of users, most modern products use different technologies. They allow users to combat a wide range of threats such as spyware, keystroke readers, credential theft, unauthorized cryptocurrency mining, file encryption with ransomware, information theft (through banking trojans), spam, fraud, and others. forms of cyber attacks.

Modern Internet security solutions also help protect against questionable or potentially unwanted programs. They are not malicious, but they can adversely affect the operation of the device.

How does modern protection against viruses and other threats work?

In the past, most virus protection programs used signatures that described known threats. vendors then extended these signatures with much more sophisticated detections based on information collected by various technologies and approaches such as simulation, heuristics, and behavior analysis.

This technology is augmented with input from machine learning algorithms, sandboxing, cloud reputation, and other technologies that allow products to detect and block most new and suspicious items on the workstation.

According to ESET telemetry, hundreds of malware samples are detected every day. However, there are cases in which no technology can unambiguously determine the security of an object. That’s why human experience remains one of the integral parts of threat research and analysis to avoid false positives.

What are the benefits of using a modern computer virus protection solution?

Robust, multi-layered security solution detects, neutralizes and removes even well-disguised malware, protects user devices from spyware, spam, phishing, and other social engineering methods, and detects attempts by attackers to exploit system vulnerabilities.

This is especially important in today’s environment, where threats use sophisticated cloaking techniques and can hide deep in the system, remaining unnoticed until harm is done.

Advanced solutions provide additional protection with UEFI scanning, encryption of valuable data, or monitoring of devices connected to the home network. Whereas tools such as password management allow you to store and use any number of unique and complex passwords for different accounts.

Protecting the device itself in case of loss is also an important module that is included in many anti-theft protections.

ESET Smart Security Premium

The ultimate solution for comprehensive user protection.

ESET Smart Security Premium

The ultimate solution for comprehensive user protection.

Download

Related Topics

Anti-Malware

Anti-Spam

Anti-Phishing

Antispyware Protection

Virus and Threat Protection in Windows Security

Notes:

  • In early versions of Windows 10, Windows Security is called Windows Defender Security.

Protection & Windows Security helps you scan for threats on your device. You can also run different types of scans, view the results of previous virus and threat scans, and get the latest protection from Microsoft Defender Antivirus.

In the area Current threats you can:

  • View when the scan was last run on the device, how long it took, and how many files were scanned.

  • Start a new quick scan or go to scan settings, to run a larger or custom scan.

  • See Threats that have been quarantined before they can affect you and anything identified as a threat that you have allowed on your device.

Note: If you are using third-party antivirus software, you can access its antivirus and threat protection settings here.

Performing necessary checks

Even if Windows Security is enabled and checks the device automatically, you can perform additional checks if necessary.

  • Quick check . Are you worried that you might have taken an action that could have resulted in a suspicious file or virus getting onto your device? Select function Quick scan (called Scan now in previous versions of Windows 10) to immediately scan your device for new threats. This option is useful when you don’t want to waste time running a full scan of all files and folders. If Windows Security recommends running one of the other scan types, you will be notified when the quick scan is complete.

  • Scan parameters . Click this link to select one of the following advanced validation options.

    • Custom check . Only selected files and folders are scanned.


    • Microsoft Defender Offline Scan
      . Uses the latest definitions to scan your device for the latest threats. This occurs after a restart without loading Windows, making it harder for malware to remain hidden or defended. If you are concerned that your device may have been affected by malware or viruses, or if you want to safely test it without an Internet connection, run this test. This will reboot your device, so be sure to save your open files.

      See this standalone Microsoft Defender for more information.

Managing Virus and threat protection settings

Use the Virus and Threat Protection settings to adjust the level of protection, send sample files to Microsoft, exclude trusted files and folders from rescanning, or temporarily disable protection.

Real-time protection management

Need to stop real-time protection for a while? You can disable it temporarily with the real-time protection option. however, after a while, real-time protection will re-enable automatically to restore device protection. When real-time protection is disabled, files that are opened or downloaded are not scanned for threats.

Note: If the device you are using is part of an organization, your system administrator can prevent real-time protection from being turned off.

Accessing cloud protection

Give your device access to the latest threat definitions and dangerous behavior detection in the cloud. This setting allows Microsoft Defender to receive ongoing enhancements from Microsoft while you’re connected to the Internet. This will allow you to more accurately identify, stop and eliminate threats.

This option is enabled by default.

Send us files using automatic sample submission

If you’re connected to the cloud with cloud protection, you can have Defender automatically send suspicious files to Microsoft to be scanned for potential threats. Microsoft will notify you when you need to send additional files and let you know if the request contains personal information so you can decide whether or not you want to send the file.

If you’re concerned about a file and want to make sure it’s submitted for evaluation, select Manually submit a sample to send us the correct file.

Tamper protection protects your security settings

Microsoft Defender Antivirus settings can sometimes be modified by malicious or careless applications or processes; or sometimes unknown to people. With anti-tampering enabled, important options such as «Real-time protection» cannot be easily or accidentally disabled.

By default, this setting is enabled for consumers.

Learn more about Anti-counterfeiting.

Protecting files from unauthorized access

Controlled Folder Access allows you to control which folders can be modified by unapproved applications. You can also add additional applications to the trusted list so that they can make changes to these folders. It is a powerful tool to keep your files safe from ransomware.

When you enable Controlled Folder Access, many of your most frequently used folders will be protected by default. This means unknown or untrusted applications will not be able to access or modify the contents of any of these folders. When additional folders are added, they are also protected.

Learn more about using Controlled Folder Access

Exclude items from the virus check list

There may be situations where you need to exclude certain files, folders, file types, or processes from the scan list, such as trusted items, if you are sure that you do not need to spend time checking them. In such rare cases, you can add an exception for them.

Learn more about adding an exception to Windows Security

Notification settings

Windows Security will send notifications about the health and safety of your device. You can turn notifications on and off from the notifications page.