Home/How it Works/Detection

Detect attacks against users – whether known, unknown or zero-day – without depending on signature updates…

Unlike other solutions, Invincea FreeSpace™ does not rely on malware signatures for detection. Instead, it automatically identifies malicious activity based on behaviors and actions inside the secure virtual container. As a result, Invincea can detect all forms of malware – whether known, unknown or zero-day – in real-time and thwart those attacks with ease. See proof points here!

An Innovative Approach to Malware Detection

Invincea flips malware detection on its head by observing the states of processes, file system, and network in the secure virtual container. Invincea FreeSpace™ starts the virtual container in a pristine state then monitors these states via introspection to determine if the container is compromised (i.e. no longer clean). We look for a set of triggers that represent malicious activity inside the container and once we see those triggers we record all activities of the offending process and forward on to the Invincea Management Server.


We monitor for:

  • New code: forked processes or threads in memory/launched from disk
  • Injected threads: intra-container or attempted OS compromise
  • Process creation: un-allowed program launches
  • Changes to the file system: e.g. writes to System32 directories and portions of registry


Watch a Quick Video about our Innovative Approach: