Sign in to follow this  
julevine

missing defintions of detected threats

Recommended Posts

ive noticed after sig clean up  now alot of  threats that were detected  before have been removed and now undetected

 

 seems  the  lab is removing  good signatures

 

 please check  with  lab  about this

 

thanks

Share this post


Link to post
Share on other sites

sorry  i changed  topics and post 

 

i just  did a test with older signatures with  new engine and   the older threats were detected by engine A  so i Realized it a signature issue

 

please read first  post 

Share this post


Link to post
Share on other sites

We aren't removing good signatures either. We are removing signatures that are unnecessary. There is no point in keeping a signature once BitDefender added detection as well.

Share this post


Link to post
Share on other sites

More likely is that such a detection was a false positive. But we can easily verify that. Just name the hash of a file that:

  1. Isn't a false positive but undeniably malware.
  2. Was detected by the Emsisoft engine in the past.
  3. Is no longer detected by either the Emsisoft engine or the included BitDefender scan engine.

Looking forward to your examples.

Share this post


Link to post
Share on other sites

md5: ec8e7c1f8d68ad33339f71db4d1ec38f detected before as Trojan-Downloader.Win32.Delf.bayp (A)


md5: 2d4c963bd0635a969bf098c7e6e172dc  Packed.Win32.FlyStudio.AMN (A)


md5: 958e37451fee36f50d40ceb7389a5073 Packed.Win32.FlyStudio.AMN (A)


md5:   ba32453dab3761746957d30de329a418 Worm.Win32.Qvod.AMN (A)

             
md5: 0e4f6fd1bc7059c4af41e733da35ff59  Packed.Win32.FlyStudio.AMN (A)


md5: 428d2210e14f0f59e1ca71b0f15c5331 Trojan.MSIL.DownVision.AMN (A)

Share this post


Link to post
Share on other sites

0E4F6FD1BC7059C4AF41E733DA35FF59 - False Positive

2D4C963BD0635A969BF098C7E6E172DC - False Positive

428D2210E14F0F59E1CA71B0F15C5331 - False Positive

958E37451FEE36F50D40CEB7389A5073 - False Positive

BA32453DAB3761746957D30DE329A418 - False Positive

EC8E7C1F8D68AD33339F71DB4D1EC38F - This could have been malicious in the past. It's essentially a download wrapper and whether or not it's malicious primarily depends on what file was downloaded in the past. It no longer downloads anything because everything is down which is why we removed the detection.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.