This is a hard problem because fundamentally I understand that fileless malware is when an application is attacked and it causes unintended behavior. But how do we define unintended? How is a piece of software supposed to figure out that another is doing something it’s not designed to do? Heuristically, and that means things will fall through the cracks. There will always be problems when the attacker straddles the line between normal behavior of the application and doing malicious activity.
And that’s why you should practice defense in depth, for example, by ensuring users do not have excessive privileges, or access to files they don’t need.
This is a hard problem because fundamentally I understand that fileless malware is when an application is attacked and it causes unintended behavior. But how do we define unintended? How is a piece of software supposed to figure out that another is doing something it’s not designed to do? Heuristically, and that means things will fall through the cracks. There will always be problems when the attacker straddles the line between normal behavior of the application and doing malicious activity.
And that’s why you should practice defense in depth, for example, by ensuring users do not have excessive privileges, or access to files they don’t need.