In this section

• Home
• Security
• HIPS runtime behavior

• Analyses
• SophosLabs
• Spyware and adware
• Hoaxes
• Technical papers
• Email notification
• Best practice
• White papers
• Web seminars
• Podcasts
• Hot topics

Sophos blogs

• SophosLabs blog
• Graham Cluley's blog
• Paul Ducklin's blog
• Chet's blog

• 

HIPS runtime behavior analysis

These analyses describe two behaviors that Sophos Anti-Virus, version 7.0's runtime behavior analysis detects. These two behaviors could each be indicative of active malware. They are:

1. buffer overflow
2. suspicious behavior (which take the prefix 'HIPS/')

Buffer overflow

Find out more about buffer overflow.

Suspicious behavior

• HIPS/FileMod-001
• HIPS/FileMod-002
• HIPS/FileMod-003
• HIPS/ProcMod-001
• HIPS/ProcMod-002
• HIPS/ProcMod-003
• HIPS/RegMod-001
• HIPS/RegMod-002
• HIPS/RegMod-003
• HIPS/RegMod-004
• HIPS/RegMod-005
• HIPS/RegMod-006
• HIPS/RegMod-007
• HIPS/RegMod-008
• HIPS/RegMod-009
• HIPS/RegMod-010
• HIPS/RegMod-011
• HIPS/RegMod-012