Difference between IPS and Anti Malware

mustanserrehman · ‎08-22-2016

Can any body help me in understanding deeply about the difference between Anti-Malware and IPS.

Also i was thinking that once a Malware is detected by Anti Malware and it is no longer zero day or Unknown, will the IPS be capable of having the pattern/signature of that malware and block it in future if it comes again?

zdesignstudio · ‎08-22-2016

An IPS scans packets whereas a malware scanner scans files. With the Cisco IPS, you can configure in either promiscuous or inline modes. In inline mode, the IPS can identify and drop malicious packets before they're unleashed on the network. In promiscuous mode, a copy of each packet is sent to the IPS and malicious packets are identified after they arrive at their destination. This means viruses, malware, etc. can potentially be activated on the network.

A network malware scanner scans for already installed malware. For instance, if a new flavor of malware is sent as an attachment to an email address on your network, the IPS will not pick it up since it doesn't have a signature for it. If the attachment is opened, it's unleashed. If you have periodic scans done with your network malware scanner, this is something it'll pick up.

https://supportforums.cisco.com/discussion/12216461/network-malware-scanner-vs-ips

Please rate useful posts and mark answers as correct if applicable.

mustanserrehman · ‎08-22-2016

What about the question I asked ....

"Also i was thinking that once a Malware is detected by Anti Malware and it is no longer zero day or Unknown, will the IPS be capable of having the pattern/signature of that malware and block it in future if it comes again?"

zdesignstudio · ‎08-22-2016

What platform are you using?

Please rate useful posts and mark answers as correct if applicable.