BOUNCER is a whitelist-based anti-malware tool that protects endpoints by only allowing known clean applications to execute. Deployed as a client application directly to the kernel level of the endpoint machines, the product is able to examine an executable for authenticity prior to allowing it to execute; an examination that includes an application's fingerprint data including name, size, and other "vital characteristics." Thus, an application is only allowed to run if it is both recognized and has been unaltered from its originally fingerprinted condition.

The BOUNCER platform consists of three primary components: The BOUNCER Client, which resides on the endpoint and provides the executable enforcement layer; the BOUNCER Manager, a hardened device that is used to centrally configure, deploy, and manage BOUNCER Clients (all software required to license and configure the clients is pre-loaded on the BOUNCER Manager), and the BOUNCER Console, which serves as the administration layer to the BOUNCER platform. The vendor notes that the individual components auto-discover each other, and that all communications between the components are encrypted (with embedded digital certificates providing an authentication layer between components). The BOUNCER Client will continue to operate even if disconnected from the BOUNCER Manager. Access to the BOUNCER Console is protected via two-factor electronic token-based authentication, with two administration levels (full and limited) available.

The initial whitelist for a client is typically created when the client component is deployed, and based on an auto-generated listing of all executable files discovered on the endpoint itself. Whitelist management is then handled by the customer; whitelist updates are not pushed from the vendor.

In addition to its whitelist-based protections, the product also protects against buffer overflow exploits via its ability to examine where an application is running from; i.e., if code is executing from the heap, stack, or data segments BOUNCER checks its origin as coming from a validated module, denying its execution unless it's in the approved list (I.E., in addition to the code being launched by an approved app it must also be running from an expected location).

Other features include:

- Downloadable updates from the vendor

- Pre-loaded (for common threats), customizable, and auto-generated policies

- Audit logging

- Client installation and policy updates do not require reboots

New to the BOUNCER platform is the vendor's introduction of "Trusted Change" technology, wherein administrators can pre-define trusted sources of application changes, allowing these sources to change applications on the endpoint directly without requiring the creation of a new policy with each change. Such trusted sources can be specific paths/network shares (i.e., apps located/run from a specific location), specific applications themselves (such as patch management utilities or application updaters), or specific users.

BOUNCER is available now with pricing starting at $50/desktop. Volume pricing is available.

Visit the CoreTrace Web site for further information.