Hey all,
Long time no seen.
I have been playing with CCAV in the background and so far I like it but I am wondering how it determines files are safe/unsafe? This is how I would say it should work: use signed files first, check the signature and if it signed it should be allowed to run ( once signature if verified, and yes I know a signature can be faked but it few and far between), if the file is not signed it should calculate the hash and check it against a big list of known safe files held on comodo servers and see if it is there, if it is, let it run, and last if hash is unknown and not signed it should be run in sandbox and submitted to valkyrie, then once a verdict comes up it should be moved out of sand box, deleted ( malicious) or remain in sandbox until manual inspection of file is made and determined safe or bad. Just my humble opinion.