fingers

Signature Updates

Recommended Posts

Hey Emsisoft forum helpers,

 

i got a question concerning the signature updates.

 

I've been using Emsisoft as the trial version since 10 days now and so far i really like it.

 

But there's one thing that's bothering me. The number of signatures used after every update is lower than before.

 

Why is that? I think when i started to use Emsisoft the number of signatures were about 12.4 million, now it's already gone down steadily each day to 12.29 million.

 

Is there a specific reason? Shouldn't the number get higher after each update?

 

Thanks for your answers,

 

fingers :)

Share this post


Link to post
Share on other sites

We try to reduce the number of signatures on a constant basis. We do this mostly using two techniques:

  1. Since we do have two engines, the Bitdefender as well as our own engine, we are constantly disabling signatures in our own engine as soon as Bitdefender adds detection for the same sample. There is simply no point in keeping 2 signatures for the same file around.
  2. We regularly make passes on all detections with the goal to combine as many of them as possible. In this process we usually identify commonalities between many malware samples of the same malware family and target those commonalities specifically. This often allows us to replace hundreds and thousands of signatures that each detect a single sample each with one signature that covers all those samples that were previously covered as well as future versions belonging to the same malware family.

The reason we try to keep the number of signatures as low as possible is to reduce memory usage and overall system impact on our users' systems. So what you are seeing is completely normal and just reflects our daily commitment to offering the best protection for your system while keeping resource usage to a minimum.

Share this post


Link to post
Share on other sites

Thanks a lot for the fast and helpful answer.

 

That just makes so much sense and i really think that is probably one of the most thoughful uses of Updates i've known so far concerning signatures.

 

Overall EAM seems so convincing and handy that i'll probably buy it soon.

 

Again thanks a lot and have a nice day,

 

fingers :)

Share this post


Link to post
Share on other sites

Fabian, what about next scenario....

 

One day you abandon BD engine and go with another vendor.

That vendor does not detect all the files your engine did.

But you already removed Emsi signatures thus making those files undetected again.

 

I know we have a BB, but shouldn't you keep signatures stored somewhere....just in case......

Share this post


Link to post
Share on other sites

Just because a signature has been removed from the publicly available signature database does not mean it is gone from our internal databases as well.

Good to know that.

Thanks! :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.