Author Topic: Valkyrie Clean Verdict  (Read 3129 times)

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5124
Valkyrie Clean Verdict
« on: February 14, 2016, 09:28:48 PM »
On what basis Valkyrie gives "Clean" verdict?

https://www.virustotal.com/en/file/ecd7a56d340c2d1148f6da3efd8f137ff424418d7a2168477fdd2b182c936845/analysis/1454177487/

Above is Nitro PDF crack. As per VT its not malicious.

Valkyrie gives verdict clean.

I understand the verdict "No Threat Found", this is better verdict, But "Clean" verdict for a "Crack"?
;)Its hard to find the right ones when the wrong ones are so sexy;)

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 153
Re: Valkyrie Clean Verdict
« Reply #1 on: February 14, 2016, 11:05:39 PM »
On what basis Valkyrie gives "Clean" verdict?

https://www.virustotal.com/en/file/ecd7a56d340c2d1148f6da3efd8f137ff424418d7a2168477fdd2b182c936845/analysis/1454177487/

Above is Nitro PDF crack. As per VT its not malicious.

Valkyrie gives verdict clean.

I understand the verdict "No Threat Found", this is better verdict, But "Clean" verdict for a "Crack"?

Verdict is corrected in Valkyrie.

thank you for reporting.

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5124
Re: Valkyrie Clean Verdict
« Reply #2 on: February 14, 2016, 11:22:21 PM »
Plzz tell us on what basis a file is determined as clean by valkyrie?
;)Its hard to find the right ones when the wrong ones are so sexy;)

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 153
Re: Valkyrie Clean Verdict
« Reply #3 on: February 14, 2016, 11:54:13 PM »
Plzz tell us on what basis a file is determined as clean by valkyrie?
There are different criterias. These can be many different things such as certificate checks, trusted publisher, safe signatures or previously analyzed results.

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5124
Re: Valkyrie Clean Verdict
« Reply #4 on: February 15, 2016, 12:44:50 AM »
There are different criterias. These can be many different things such as certificate checks, trusted publisher, safe signatures or previously analyzed results.
If there are certificates & trusted publisher checks how can a crack get clean verdict?
;)Its hard to find the right ones when the wrong ones are so sexy;)

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 153
Re: Valkyrie Clean Verdict
« Reply #5 on: February 15, 2016, 12:50:09 AM »
If there are certificates & trusted publisher checks how can a crack get clean verdict?
this sample didn't get clean verdict because of certificate or trusted publisher, but by other checks. You could see certificate info if that would be the case.

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5124
Re: Valkyrie Clean Verdict
« Reply #6 on: February 15, 2016, 02:15:52 AM »
this sample didn't get clean verdict because of certificate or trusted publisher, but by other checks. You could see certificate info if that would be the case.
I meant a crack will certainly not have valid certificates & trusted publisher, right? Instead certificates in crack will be invalid...isn't this a better check or preferential check or a check above all the analyze/scans, etc...?
;)Its hard to find the right ones when the wrong ones are so sexy;)

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 153
Re: Valkyrie Clean Verdict
« Reply #7 on: February 15, 2016, 08:22:19 AM »
I meant a crack will certainly not have valid certificates & trusted publisher, right? Instead certificates in crack will be invalid...isn't this a better check or preferential check or a check above all the analyze/scans, etc...?
I didn't get the point. If the certificate is invalid, and we understand that the file is crack, which verdict, do you think, should be given?

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5124
Re: Valkyrie Clean Verdict
« Reply #8 on: February 15, 2016, 08:46:15 AM »
I didn't get the point. If the certificate is invalid, and we understand that the file is crack, which verdict, do you think, should be given?

If the certificate is invalid & you understand the file is crack & scanners didn't find anything malicious, the correct verdict in my opinion should be "No Threat Detected" instead of "Clean".

You mentioned the verdict is corrected now.

But my query was if certificates & trusted publisher check is done how can a crack get clean verdict? Coz these are critical checks & a crack will fail these checks so shouldn't Valkyrie give importance/preference to these checks & dont give such files a clean verdict?
;)Its hard to find the right ones when the wrong ones are so sexy;)

Offline John Buchanan

  • "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the outcome of the vote." ~ Benjamin Franklin
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6573
  • Personal Dragons can be defeated. Improve yourself
Re: Valkyrie Clean Verdict
« Reply #9 on: February 15, 2016, 04:59:38 PM »
It will be "clean" from any virus infection.  But malicious behavior is something else (that is why we have HIPS, sandbox, and a behavior blocker).
Please follow Comodo Forum Policy

Bah! Ban 'em all! The only good member is a banned member
And a member is just a policy violator who hasn't been caught yet. >:-D

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23710
Re: Valkyrie Clean Verdict
« Reply #10 on: February 15, 2016, 07:27:16 PM »
Do I see a discussion lurking at the horizon whether PUA's and PUP's should be detected or not similar to the various discussions we had with antivirus programs?

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5124
Re: Valkyrie Clean Verdict
« Reply #11 on: February 16, 2016, 01:01:23 PM »
Do I see a discussion lurking at the horizon whether PUA's and PUP's should be detected or not similar to the various discussions we had with antivirus programs?
No. I think PUP/PUA should be detected, I belong to the group of users who think PUP/PUA should be detected.

Now I noticed in my Valkyrie dashboard the crack in question is detected as "PUP" now. Previously the verdict was "Clean" (Not detected).

My original query was -
Valkyrie gives verdict as "Clean", "Malware" & "No Threat Detected".

I just meant that "Clean" & "No Threat Found" gives kinda same impression but "Clean" sounds better compared to "No Threat Found", "Clean" is kinda with the effect of "safe", And "No Threat Found" carries the effect "malicious code not found".

So my point was for files like "Cracks", etc... if detected I am fine with PUP/PUA verdict, but if not detected IMO "No Threat Found" is better verdict compared to "Clean" for files like "Cracks", etc...

;)Its hard to find the right ones when the wrong ones are so sexy;)

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 153
Re: Valkyrie Clean Verdict
« Reply #12 on: February 16, 2016, 01:36:44 PM »
No. I think PUP/PUA should be detected, I belong to the group of users who think PUP/PUA should be detected.

Now I noticed in my Valkyrie dashboard the crack in question is detected as "PUP" now. Previously the verdict was "Clean" (Not detected).

My original query was -
Valkyrie gives verdict as "Clean", "Malware" & "No Threat Detected".

I just meant that "Clean" & "No Threat Found" gives kinda same impression but "Clean" sounds better compared to "No Threat Found", "Clean" is kinda with the effect of "safe", And "No Threat Found" carries the effect "malicious code not found".

So my point was for files like "Cracks", etc... if detected I am fine with PUP/PUA verdict, but if not detected IMO "No Threat Found" is better verdict compared to "Clean" for files like "Cracks", etc...

You're right, and the overall verdicting logic is as you described. For that file, we had a PUP sample which was detected as clean initially but then this wrong verdict is fixed.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23710
Re: Valkyrie Clean Verdict
« Reply #13 on: February 16, 2016, 03:21:18 PM »
No. I think PUP/PUA should be detected, I belong to the group of users who think PUP/PUA should be detected.
Yes you mean; you just started that discussion.. ;)

You're right, and the overall verdicting logic is as you described. For that file, we had a PUP sample which was detected as clean initially but then this wrong verdict is fixed.
How does the verdict process work? Who or what decides the final verdict? Valkyrie or a human analyst? Or will Valkyrie make a judgment without the human analyst's judgment? What happens when the human analysts judgment is there? What procedures are being followed?

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5124
Re: Valkyrie Clean Verdict
« Reply #14 on: February 23, 2016, 11:30:41 AM »
https://www.virustotal.com/en/file/aa84169d2ab8e248e6fda3a174638885e384c7a3466066f1e5d1b77f122f7ae6/analysis/1455897159/

This is Internet Download Manager crack.

Valkyrie gives verdict "Clean".

This was my query previously too.

I meant crack & likewise software if found nothing malicious should get verdict "No Threat Detected" instead of Clean. And if found malicious should get verdict accordingly.
;)Its hard to find the right ones when the wrong ones are so sexy;)

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek