Exam 312-50v10 topic 1 question 84 discussion

B. Code Emulation CEH V11 P.1044

i think code emulation is right http://computervirus.uw.hu/ch11lev1sec4.html#:~:text=Code%20emulation%20is%20an%20extremely,executed%20by%20the%20real%20processor.

Using code emulation, anti-virus software executes a virtual machine to mimic CPU and memory activities. Here virus code is executed on the virtual machine instead of the real processor. Code emulation deals efficiently with the encrypted and polymorphic virus. After running the emulator for a long time, the decrypted virus body eventually presents itself to a scanner for detection. It also detects metamorphic viruses (use single or multiple encryptions). A drawback of code emulation is that it is too slow if the decryption loop is very long

Code emulation is an extremely powerful virus detection technique. A virtual machine is implemented to simulate the CPU and memory management systems to mimic the code execution. Thus malicious code is simulated in the virtual machine of the scanner, and no actual virus code is executed by the real processor.

Most antivirus programs that utilize heuristic analysis perform this function by executing the programming commands of a questionable program or script within a specialized virtual machine, thereby allowing the anti-virus program to internally simulate what would happen if the suspicious file were to be executed while keeping the suspicious code isolated from the real-world machine. It then analyzes the commands as they are performed, monitoring for common viral activities such as replication, file overwrites, and attempts to hide the existence of the suspicious file. If one or more virus-like actions are detected, the suspicious file is flagged as a potential virus, and the user alert

The correct answer is A. Please correct.