The agent takes a snapshot of the suspicious system and automatically conducts an incident investigation. If the investigation process identifies suspicious files or URL links, it will automatically launch the built-in TXSandbox capabilities for a behavior analysis. It is also integrated with third-party engines and intelligence, to provide additional context on the detected objects.
In about 5 to 10 minutes, TXHunter provides a straight and clear answer as to whether the endpoint has been infected or hacked, the severity level of that particular attack and all supporting data. TXHunter’s intelligent engine learns from every new discovery found during threat investigation and can optionally be deployed as a lightweight passive agent on the endpoint systems with scheduled execution.