Bit9 ATIs monitor and examine many system facets, including files, registry, process and memory execution, to identify potential compromise or infection. Because Bit9 maintains a recorded history of every endpoint and server, it is uniquely able to apply time-based indicators that can ‘reach back in time’ to effectively identify more forms of advanced threats and malware than any other detection tools. In addition, you can also create your own custom ATIs specifically for your environment.
Some examples of the events that ATIs can detect are:
A process attempting to harvest cached passwords
A PDF file spawning an executable
Processes injecting into other processes
Processes executing out of suspicious locations, e.g., the recycle bin