Author Topic: Valkyrie Clean Verdict  (Read 3493 times)

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 157
Re: Valkyrie Clean Verdict
« Reply #15 on: February 23, 2016, 11:41:57 AM »
https://www.virustotal.com/en/file/aa84169d2ab8e248e6fda3a174638885e384c7a3466066f1e5d1b77f122f7ae6/analysis/1455897159/

This is Internet Download Manager crack.

Valkyrie gives verdict "Clean".

This was my query previously too.

I meant crack & likewise software if found nothing malicious should get verdict "No Threat Detected" instead of Clean. And if found malicious should get verdict accordingly.

Why it shouldn't get Clean verdict?

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5147
Re: Valkyrie Clean Verdict
« Reply #16 on: February 23, 2016, 12:53:04 PM »
Why it shouldn't get Clean verdict?

First of all tell me what Valkyrie means verdict "Clean" & "No Threat Detected"? These 2 verdict seems same.

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 157
Re: Valkyrie Clean Verdict
« Reply #17 on: February 23, 2016, 01:22:18 PM »
First of all tell me what Valkyrie means verdict "Clean" & "No Threat Detected"? These 2 verdict seems same.

Clean means that the file is analyzed and found safe to be run. No Threat Detected means the file analyzed and no malicious activity could be identified, based on the analysis performed. It is not necessarily safe.

When a human expert analysis is performed, we identify either as safe, malware or potentially unwanted application.

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5147
Re: Valkyrie Clean Verdict
« Reply #18 on: February 24, 2016, 10:57:01 AM »
Clean means that the file is analyzed and found safe to be run. No Threat Detected means the file analyzed and no malicious activity could be identified, based on the analysis performed. It is not necessarily safe.

When a human expert analysis is performed, we identify either as safe, malware or potentially unwanted application.
"Clean" means found safe to be run, And "No Threat Detected" means not necessarily safe.

IMO for "Cracks" & likes - not necessarily safe is better verdict than safe to be run.

"Clean" reflects good so legal/good software should get verdict "Clean".

"Cracks" & likes may be clean i.e not malicious but are illegal/grey so "No Threat Detected" is better verdict than "Clean" IMO.

Offline John Buchanan

  • "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the outcome of the vote." ~ Benjamin Franklin
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6587
  • Personal Dragons can be defeated. Improve yourself
Re: Valkyrie Clean Verdict
« Reply #19 on: February 24, 2016, 12:08:15 PM »
[at]yessnooo

Symantics.
Let it go!
Please follow Comodo Forum Policy

Bah! Ban 'em all! The only good member is a banned member
And a member is just a policy violator who hasn't been caught yet. >:-D

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 157
Re: Valkyrie Clean Verdict
« Reply #20 on: February 24, 2016, 12:54:47 PM »
"Clean" means found safe to be run, And "No Threat Detected" means not necessarily safe.

IMO for "Cracks" & likes - not necessarily safe is better verdict than safe to be run.

"Clean" reflects good so legal/good software should get verdict "Clean".

"Cracks" & likes may be clean i.e not malicious but are illegal/grey so "No Threat Detected" is better verdict than "Clean" IMO.
No Threat Detected is a verdict of an automated analysis result. Clean is a verdict of a proof, like valid certificate, or manual analysis. So if a file is manually analyzed, and found no threat, then it is clean. We don't have to leave it in No Threat Detected.

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5147
Re: Valkyrie Clean Verdict
« Reply #21 on: February 24, 2016, 09:18:10 PM »
No Threat Detected is a verdict of an automated analysis result. Clean is a verdict of a proof, like valid certificate, or manual analysis. So if a file is manually analyzed, and found no threat, then it is clean. We don't have to leave it in No Threat Detected.
You menton "Clean" is a verdict of a proof, like valid certificate.
I have mentioned 2 cracks in this thread & both have invalid certs & got "Clean" verdict.
So seems a bug with Valkyrie?

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 157
Re: Valkyrie Clean Verdict
« Reply #22 on: February 24, 2016, 09:53:04 PM »
You menton "Clean" is a verdict of a proof, like valid certificate.
I have mentioned 2 cracks in this thread & both have invalid certs & got "Clean" verdict.
So seems a bug with Valkyrie?

Not exactly. These are disjoint validation methods. It is enough to have one of them. Of course, human expert analysis has precedences over the other, when there is a conflicting case.

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 23807
Re: Valkyrie Clean Verdict
« Reply #23 on: February 24, 2016, 10:50:14 PM »
Is it safe to assume that in practice the machine judgment will be there first and that the human expert analysis will follow later?

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 157
Re: Valkyrie Clean Verdict
« Reply #24 on: February 24, 2016, 10:56:34 PM »
Is it safe to assume that in practice the machine judgment will be there first and that the human expert analysis will follow later?
Yes, as soon as the file is uploaded, the machine judgement is done, before it can reach to any human expert analysis. So it is definitely that way.

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5147
Re: Valkyrie Clean Verdict
« Reply #25 on: February 25, 2016, 01:16:49 AM »
Not exactly. These are disjoint validation methods. It is enough to have one of them. Of course, human expert analysis has precedences over the other, when there is a conflicting case.
I uploaded latest Internet Download Manager crack & Valkyrie gave verdict "No Threat Detected".
Previous Internet Download Manager crack Valkyrie gave verdict "Clean".
The crack is from same person & the crack is same only version difference (if I compare both the cracks Valkyrie analysis).
So I am little confused if both the cracks are same with only version difference why/how Valkyrie gave different verdict to one as "Clean" & other as "No Threat Detected"?
Anyway its fine & no further queries on this.

1 query
For original IDMan.exe Valkyrie shows behavior analysis.
For crack IDMan.exe Valkyrie mention behavior analysis not available, why?

Offline fatih.orhan

  • Global Moderator
  • Comodo Loves me
  • *****
  • Posts: 157
Re: Valkyrie Clean Verdict
« Reply #26 on: February 25, 2016, 11:35:18 AM »
1 query
For original IDMan.exe Valkyrie shows behavior analysis.
For crack IDMan.exe Valkyrie mention behavior analysis not available, why?
The crack one may contain some methods to evade behavior analysis.

Offline Ya5h Kh4n

  • Comodo's Hero
  • *****
  • Posts: 5147
Re: Valkyrie Clean Verdict
« Reply #27 on: February 26, 2016, 11:54:40 AM »
The crack one may contain some methods to evade behavior analysis.
Ok, got it.
Thank You

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek