Harpoon Memory Injection Blocking FAQ
Why use Harpoon Security for your memory injection problem?
Every day over 1 million new pieces of malware are created and launched against Windows desktops, laptops and servers. A large percentage of these attacks are using memory injection techniques as their entry point, therefore they remain invisible and are never written to the computer hard-drive. This kind of malware is only detected by modern anti-virus software AFTER it has infected the target computer. Only Harpoon Security blocks memory injection attacks before they infect the computer, and gain lateral movement. All other solutions try to put the pieces back together after an attack – we stop the attack up front on Day 0, Minute 1 in milliseconds, not minutes, hours or days.
What makes Harpoon Security so special?
Harpoon operates at the lowest level of the Windows operating system, analyzing blocks of memory for malicious behavior. Our patent pending method identifies the good and the bad, allowing the good to pass through unimpeded, while trapping and blocking the bad before it can act. Harpoon Security is a Microsoft Certified software application that adheres to and supports Microsoft;s best practices around software updates, patching and maintenance. Harpoon does not block or delay these update activities whatsoever.
What do you mean when you say that Harpoon blocks ‘Zero Day’ memory injection attacks?
A Zero Day attack happens once a flaw or software / hardware vulnerability is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability. These attacks are launched in to the ‘wild’ in mass, in an attempt to to breach as many targets as possible before the malware can be analyzed and remediated by a patch or fix released by Microsoft or other software vendor. These attacks, once identified, are assigned a signature so that anti-virus software can update their databases to monitor for this new attack (signature). Conversely, Harpoon invokes our patent pending method to identify and block these unknown attacks, before they launch their malicious payload. The action of identify, block, alert and updates executes and completes in just milliseconds. Many zero day attacks ‘hide’ their payloads somewhere inside the target Windows computer, only to ‘reveal and attack’ at a later date, sometimes weeks or months later. Harpoon will catch these attacks at any time, as we are not hunting them based on some published list or service; we are monitoring memory in real time so that we can catch them at any point in time, without assistance. Old or new, once they make a move, Harpoon blocks them.
How is Harpoon different from traditional PC and server anti-virus software like McAfee and BitDefender?
Harpoon does not rely on heuristics, whitelists, blacklists or any other service or database to ensure we successfully block malware attacks on Windows. Anti-virus solutions must use these methods and many more to monitor a Windows system for new attacks. Harpoon is focused exclusively on specific memory injection behavior that occurs at the lowest level of the operating system. With so many Windows devices (1.5 billion in 2020) being used today, anti-virus software must rely on locating, analyzing, mapping, naming and updating their software with thousands of new signatures (and their derivatives) every day. There is simply no way for this approach to continue with any measurable degree of success, given the number of new exploits that are being created with off the shelf toos and launched around the globe.
How do I know Harpoon is working properly and stopping the bad guys?
When Harpoon blocks something bad, an event is created and an alert appears on the user’s computer screen. These alerts are written to a log file and can be harvested by the Microsoft Event Viewer (standard package included w/ Windows). The log file can also be viewed via other log aggregation platforms like SPLUNK, Logstash and others. The Harpoon User Manual outlines how to install and view Harpoon running in the services stack.
Is Harpoon easy to install and does it impact my PC’s performance?
Harpoon is less than 5MB in size, installs via normal Microsoft Windows application install process and it is typically up and running within 30 to 60 seconds. We’ve tested Harpoon on Windows XP, Windows 7 and Windows 10 and have not measured any noticeable impact to CPU performance. Harpoon simply operates in the background monitoring memory for any bad behavior.
Does Harpoon stop ransomware?
Harpoon will stop memory injection ransomware on Windows.
Harpoon stops reflective DLL injection attacks – what is this?
In computer programming, DLL injection is a technique used for running code withing the address space of another process by forcing it to load a dynamic link library. DLL injection is often used by external programs to influence the behavior of another program in a way its’ author did not anticipate or intend. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) file loader.
Does Harpoon require a connection to an external server or other service?
Harpoon is a stand-alone software solution – no external connection from the installed Windows device.
Can Harpoon run in parallel with my existing anti-virus software, or do I have to uninstall it?
Harpoon compliments anti-virus software by reducing the attack surface that they monitor for the user. By monitoring and blocking malware before it attacks, Harpoon enables anti-virus software to more efficiently focus on updating known attack signatures and leave the Zero Day attacks to Harpoon.
If you’d like more information or would like to setup a call to find out how Harpoon Security can help put your mind at ease, please CONTACT US HERE.