Author Topic: Weird FP  (Read 3779 times)

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3940
Weird FP
« on: April 22, 2012, 12:53:29 AM »
Hey all I am testing a new AV and got some weird FP on some files. It also looks like CCE is now able to scan registry keys, since when?  This is new to me.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Online morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2641
    • Suspicious file?
Re: Weird FP
« Reply #1 on: April 22, 2012, 05:59:06 AM »
What's new in CCE 2.4.225190.192?


NEW!Add more system/process information to KillSwitch, including disk IO, network IO, GPU, .Net Assembly, etc.
NEW!Scan for abnormal system settings in CCE
IMPROVED!Detect and clean tdss boot partitions
IMPROVED!Enhanced Windows system file repair
IMPROVED!Clean remnants of viruses and rootkits from certain registry locations as well
IMPROVED!Added detection for files signed with weak Authenticode signatures.
IMPROVED! Defense CCE applications against global hook.
FIXED!Autorun Analyzer crashes under certain circumstance.

Changelog of the latest version.

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3940
Re: Weird FP
« Reply #2 on: April 22, 2012, 10:32:25 AM »
well it never seemed to work before, but it now looks like it does. Cool.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Online morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2641
    • Suspicious file?
Re: Weird FP
« Reply #3 on: April 22, 2012, 10:50:46 AM »
It worked.

It works in that way: when malicious file is found CCE looks up in the registry for keys connected with that file. CCE doesn't have signatures of malicious registry keys, it just marks these keys that are connected with infected file. (mostly autorun keys)

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek