Jump to content

MAMUTU - CONFLICTING SETTINGS


bocl
 Share

Recommended Posts

Hi Claudiu,

How is that “conflicting”?

If you uncheck “Community based...” both settings for auto- are unavailable

Others are independent.

Can you please be more specific about want you found being not logical?

mamutualertsmysettings.th.png my current working settings

mamutualertsnocommunity.th.png

My regards

p.s. Please don't post huge <>.BMPs -compress images before attaching

Link to comment
Share on other sites

Hi Claudiu,

How is that “conflicting”?

If you uncheck “Community based...” both settings for auto- are unavailable

Others are independent.

Can you please be more specific about want you found being not logical?

Hi Lynx,

as you can see in my screenshot I was able to "tick" all af them at the same time:

Inteligent alert reduction

Comunity based alert reduction

Paranoid mode

So, my question is which setting will Mamutu follow as long as ALL of them are selected?

In my opinion these selection should exclude each other.

thanks,

Claudiu

Link to comment
Share on other sites

...my question is which setting will Mamutu follow as long as ALL of them are selected?
Well, that is obvious - it will follow all of them
...In my opinion these selection should exclude each other...
And my question remains the same:

Why do you think the exclusions should take place?

Where do you see any contradictions and what is not logical according to your opinion?

My regards

Link to comment
Share on other sites

Hi Lynx,

is not obvious at all that Mamutu will follow all of them AT THE SAME TIME....

As you can see:

Intelligent alert reduction - Mamutu performs a technical analysis of the program file for a reported program to determine if this is a benign program

Community-based alert reduction - Mamutu relies on the intelligence of the masses

Paranoid mode - Reports additional suspicious program starts and applications with a suspicious or Malware-similar file layout

So you are saying that with all selected, Mamutu Mamutu performs a technical analysis ,Mamutu relies on the intelligence of the masses and Reports additional suspicious program starts and applications with a suspicious or Malware-similar file layout AT THE SAME TIME????

Is like saying that at an intersection , if I can choose to go left , right or straight ahead and I choose ALL of them at the same time I will go in all direction at the same time :P

The only obvious thing is that these 3 settings should exclude each other; we should be able to select ONLY ONE , and any new selection should automatically "unselect" the existing one....

Thanks,

Claudiu

Link to comment
Share on other sites

Hi bocl,

Mamutu's (and Emsisoft Anti-Malware's) behavioral detection is not like choosing to go left, right or straight ahead.

The detection is based on a rating. Depending on your selection different aspects are included into the calculation.

Hi Hachi,

Intelligent alert reduction: enables an allert reduction...

Paranoid mode:display even more activities...

So, if I am able to select both of them at the same time, how can I reduce the number of allerts and display even more activities at the same time???

Thanks,

Claudiu

Link to comment
Share on other sites

Let's define some ficitonal lists of probably bad actions, could be bad actions and file properties:

Probably bad actions:

  • Bad Action A
  • Bad Action B
  • Bad Action C

Could be bad actions:

  • Could be bad action A
  • Could be bad action B
  • Could be bad action C

File properties:

  • File Property A
  • File Property B
  • File Property C

If you uncheck the alarm reduction and the paranoid mode, only the action on list one "Probably bad actions" are monitored. If you check paranoid mode, Mamutu monitors the action on list two "Could be bad action", additionally. If you enable the alarm reduction also, the Guard includes the aspects on list three "File properties" to calculate the rating of a process.

Link to comment
Share on other sites

Hi Hachi,

I tested in real life what are you saying and my results are quite different.

It seems like these 3 selection work on "OR" logic rather thand "AND" logic and the less restrictive selection will dominate and cancel the other two;

Exemple:ROXIO CREATOR

inteligent allert--->0 alerts

comunity based------>1 alert

paranoid------------>1 alert

Inteligent + comunity---->0 alerts (inteligent is stronger)

Inteligent+paranoid ------>0 alerts (inteligent is stronger)

Comunity +paranoid-------->1 alert (comunity is stronger)

inteligent+comunity+paranoid---->0 alerts (inteligent is stronger)

As you can see this demonstrates that these selection should exclude each other ; you do not gain anything selected all 3, for example, because only the less restrictive one will work.

Claudiu

Link to comment
Share on other sites

[...] It seems like these 3 selection work on "OR" logic rather thand "AND" [...]

It isn't an OR nor an AND logic. Therefore I used the term calculation, because I don't know the exact logic, only the developers will know.

[...] As you can see this demonstrates that these selection should exclude each other ; you do not gain anything selected all 3, for example, because only the less restrictive one will work. [...]

In this example, you are right.

But the different aspects which are included in the calculation are weighted.

For example: A digital signature is a very strong indicator for a harmless programm, creating a autorun-entry is a very low indicator for a bad programm. So Mamutu may will give no alert.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...