Stop unknown threats before they execute
Sophos Anti-Virus delivers the benefits of a Host Intrusion Prevention System (HIPS). Behavioral Genotype® Protection guards against unknown threats by analyzing behavior before code executes, without a false positive problem, and without deploying separate software.

What is HIPS?
The increase in speed of creation and distribution of malware, and the trend towards more targeted criminal attacks leaves a potential vulnerability in traditional anti-virus software before a specific detection update can be rolled out. A Host Intrusion Prevention System (HIPS) seeks to close this gap by monitoring the behavior of code. Many HIPS solutions monitor code when it runs and intervene if the code is deemed to be suspicious or malicious.

Behavioral Genotype Protection: pre-execution detection
Sophos's HIPS technology uses the existing anti-virus engine to identify programs that will behave maliciously, before they execute. The advantages over runtime HIPS are:

• Malicious code is prevented from executing at all, whereas runtime HIPS can only interrupt code that has already partly executed.
• Behavioral Genotype Protection identifies malicious code at the gateway or on file servers and deletes it before it ever reaches endpoint computers.
• SophosLabs rapidly validates our rule sets against terabytes of legitimate code, eliminating false positives. By comparison, identifying false positives with runtime HIPS in running programs is a huge and practically impossible task.
• Scanning is performed within Sophos's anti-virus engine, without the need to purchase, install, run or manage any additional software.

All Sophos products include Behavioral Genotype Protection
Behavioral Genotype Protection is now an integral part of all versions of Sophos Anti-Virus, PureMessage on all platforms and the Sophos Email and Web Security Appliances. Existing customers will be automatically updated.