One of the current realities of cyber security is that malware detection and prevention of infection is not always possible, especially with new and targeted malware threats. Consequently, remediation of malware infections has become increasingly important. Unfortunately, most conventional AV tools and utilities are not capable of removing every trace of a detected malware instance. Thus, even if the explicitly malicious portions of an infection are cleaned from a system (which is not always the case), the remaining pieces may lead to false positives in future scans, potentially resulting in a misallocation of remediation resources. Even worse, an incomplete remediation could render the system unstable, as well as prone to future infection.
MAEC provides a means for communicating the exact artifacts and low-level attributes associated with a malware instance, permitting greatly improved remediation of malware infections. Using MAEC, administrators can perform manual remediation based on the data contained in a MAEC Bundle or Package, or they can verify the remediation performed by another tool by checking for the existence of artifacts captured in a MAEC Bundle or Package.