Comodo are now generating Generics Signatures... :) Check it out :-)

[Guest]

[3xist]

I talked to Umesh (Head of the AV Labs).

CIS 3.10 is now out. Comodo have now started generating very powerful generic signatures, which catch many many other malware (thousands).

You can tell these signatures look different from before, Because each signature now has Numbers or letters after it (Example: Before in Virus Section it was just Virus.Win32.Virut being added (Only added for one variant of Virut) Now you all see this...


(DB 1539)

Which represents Generic Signatures. You cannot differentiate however between Generic Signatures and Normal Signatures, But the AV Labs are generating as much Generic Signatures as possible now, Next week the database size will start going down, Because Comodo won't need so many signatures being added now and the format has obviously changed to suite this, and create a higher detection.

Cheers,
Josh

[Petit]

Nice.
But did it will increase download size ?

And also I wish Comodo can be Repair a file infection virus ASAP.
By not deleting file. 

[OmeletGuy]

Alright TrojWare is full of them.

Just a Question.

Generic? (yes or no)
TrojWare.Win32.Vapsup.INT (Yes)
TrojWare.Win32.TrojanDownloader.Tibs.31 (Yes)
TrojWare.Win32.TrojanDownloader.CodecPack.e (Maybe?)

Not Generic?
TrojWare.Win32.TrojanDownloader.Banload.~AB 

Note the ~ it used to be used in the database before 3.10 came out.

[devenroy]

Nice to see Generic Signatures are in use now with 3.10 which will result in better detection & lesser database size.
thanks 3xist for this thread.

[3xist]

Ive seen first detections using Generic Signatures today. Only one signature to catch all these variants of the Magania Family!

TrojWare.Win32.Magania.~awds[at]25568546 signature Caught 60 Variants (Limited in picture, and I only collected a handful of these variants so more would be detected)



Awesome!

Cheers,
Josh

[Kyle]

High 5

[Tags:]