Using known behaviors of malware, infected endpoints can be discovered. Examples include malware searching files or trying to connect to other network services, or known signatures allocated on executable files or libraries, e.g.programs that crash in small period of time (milliseconds) where potentially malware is looking to exploit known vulnerabilities (browsers, word processing tools, etc.).