Advanced Malware Protection
Host Integrity Technology (HDF) 
The Challenge

What is Abatis Host Integrity Technology (HDF)?


Abatis Host Integrity Technology (HDF) is an advanced technology that enforces system integrity and proactively protects against infection of computer systems by viruses, worms, key-loggers, root-kits, Trojan-horses and all manner of other malware.


This non signature-based technology defeats zero day and targeted attacks and uses a revolutionary new, patent protected method which does not use signature file updates, white-listing, heuristic analysis or sandboxing and therefore offers excellent zero day defence, very low maintenance overhead and no false positive or false negative results.


When deployed on supported Windows or Red Hat Linux platforms, Abatis HDF blocks malware infection in a simple but effective way. The same Abatis HDF technology has been proven to protect web servers against many hackers’ attacks. Denying any unauthorised modifications to the system, hackers are prevented from achieving their goals, such as web defacement and malware insertion thus effectively neutralizing any hacking activity

How Abatis HDF Works

Abatis HDF is a host based software only solution that is implemented as a kernel driver on Windows platforms.


It intercepts and mediates file write access to the computer’s permanent storage e.g. local hard disk, network shares and removable storage devices such as USB stick and external disk. It is designed to help enforce system and file integrity without complex management overheads.

It achieves this security objective by exercising robust access control over the writing of executable files and user-defined files (protected files) to a computer.

It protects against unauthorised modification and denies unauthorised write operations. While HDF blocks unwanted executables by default, the HDF system administration can define files for integrity protection according to the computer’s roles.

Abatis assumes that all systems it is about to be installed on are already infected. Once installed Abatis will identify any attempts by malware, morphing into a new variant (to avoid detection by old-fashioned signature-based AV) and will prevent this from happening. Abatis blocks the morphing attempt, alerts the CMC and records the activity in the local log and centrally.

ADS File Injection Demo

For most corporate environments, Abatis HDF is rolled out in stages and there may be extant undetected infections on systems – often referred to as Advanced Persistent Threats (APTs). Abatis HDF’s unique operation and extensive audit log allows the malware to be identified. Abatis HDF can also reveal rootkit infections and facilitates the subsequent removal of such programs.

Abatis HDF is deployed on end point workstations and servers to enforce corporate security policy and provides detailed analysis and audit information. Abatis HDF stops malware infection and defends against hacker attacks.

Defeats zero-day malware, rootkits, Trojans, APTs and viruses/worms
Protects legacy and new operating systems from Windows NT4 to to the latest 32 and 64 bit Windows Operating Systems in REAL, VIRTUAL and EMBEDDED forms
Has a tiny software footprint (less than 100KB) (Core Module) that requires no ongoing updates
Prevents exploitation of Alternate Data Streams (ADS)
Is a non-signature-based protection for Windows and Linux
Is extremely fast in operation
Protects all permanent storage on the device, thereby ensuring no threats can penetrate
Provides anti-malware and anti-hacker protection


SDBOT with HDF turned OFF 
(part 1)

An attempt to infect a Windows System with a virus called SDBOT with HDF turned OFF


SDBOT with HDF turned ON (part 2)

An attempt to infect a windows system with a virus called SDBOT with HDF turned ON 

Abatis (UK) Ltd. 

The Woodstock

12 Kestrel Close

Ewshot, Farnham

Surrey GU10 5TW 


Co. No: 05555919