One of the first steps in our integration process includes a very intelligent understanding of what software is. Where is resides on the disk, what are the legit executables and libraries, and what are the sensitive locations (based on our Exposed APIs analysis).
Once you choose to patchless protect a software, vRx is wrapping the software legit executables in memory and limiting the access to the memory space of any Exposed API which we identified as sensitive. We are doing using a technology called Dynamic Binary Instrumentation, which was used until 2016 (the year Vicarius was established) only for debugging, we shifted its use to security.
You can either select to just Monitor, which will just inform about attack attempts,or Protect it, which will proactively block the attempts.