Jump to content

Recommended Posts

1 hour ago, GT500 said:

It's confirmed as malicious. Detection had already been added by BitDefender before our analysts took a look at it.

BD was not detecting it earlier, only 17 out of 71 scan engins were detecting it on Virustotal. 

BD started detecting it only after 5-6 hours when I uploaded on virustotal. 

 

And does that mean, behaviour based detection, AI etc are all myth? finally signature based scaning is only affective way ?

Link to post
Share on other sites

Behaviour-based detection only happens if someone runs the malware /and/ EAM (or whatever anti-malware app someone uses) decides that what it is doing looks suspicious.  You said at the start that you thought this one was "very obvious malware".  What made you think that, other than the filename looking suspicious for an executable?  Was that before or after running it?  What did it do that made you sure it was malware?  (And, did you do that in a sandbox?) 

Heuristics are informed guesswork.  It means the anti-malware program is looking for code inside an executable that resembles other known-to-be-bad code. 

Link to post
Share on other sites
16 hours ago, TechSavvyy said:

And does that mean, behaviour based detection, AI etc are all myth? finally signature based scaning is only affective way ?

Did you actually execute it? Behavioral detection doesn't detect files that are just sitting on your hard drive doing nothing, nor does it detect files that are being downloaded. In order for behavioral detection to kick in, malicious code has to be executed, and perform some sort of action that the behavioral detection monitors for.

As for "AI", that's just a marketing buzzword.

Link to post
Share on other sites
12 minutes ago, GT500 said:

Did you actually execute it? Behavioral detection doesn't detect files that are just sitting on your hard drive doing nothing, nor does it detect files that are being downloaded. In order for behavioral detection to kick in, malicious code has to be executed, and perform some sort of action that the behavioral detection monitors for.

As for "AI", that's just a marketing buzzword.

yup, i executed the file. it was there in task manager too. After a minutes, i termintaed the task. 

Link to post
Share on other sites
4 minutes ago, TechSavvyy said:

yup, i executed the file. it was there in task manager too. After a minutes, i termintaed the task. 

That means it didn't have a chance to do anything that our Behavior Blocker monitors for. Sometimes malware doesn't do anything malicious right away, especially if it's trying to contact a Command and Control server that's no longer operational.

Link to post
Share on other sites
2 minutes ago, GT500 said:

That means it didn't have a chance to do anything that our Behavior Blocker monitors for. Sometimes malware doesn't do anything malicious right away, especially if it's trying to contact a Command and Control server that's no longer operational.

well, may be.

But File Reputation rating should come in to picture here. If emsisoft not yet using it; it must start. Containerize or at least flag the files / display notification with no reputation. 

 

 

 

Link to post
Share on other sites
23 hours ago, TechSavvyy said:

But File Reputation rating should come in to picture here.

It only comes in to play if a running process actually does something the Behavior Blocker monitors for. If a program isn't doing anything that appears malicious, then there's no need to verify whether or not it's safe, and doing it any other way would be a huge performance drain on your system.

  • Confused 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...