a suggestion for next CAVS : option to add virus sig manually

hi, (:WAV)
maybe this is a silly suggestion.
see the attached screenshots?
that’s an Indonesian local AV.(thx aladinonl) called mawar AV.
a college boy created it. no update available for this AV coz the AVmaker lacks of resources to make an update server, so as a replacement he add an option to mark a suspected file as a virus and add the suspected file into virus sig database.

i think this is a good enhancement for an AV or HIPS, coz i think the function of HIPS is only block/allow the app, (not get rid of it).so if the virus has duplicated itself, then we’ll have many junk virus files, but if the app’s marked & added to virus sig database, we can do scanning and clean the virus.
so, any opinion?


edit : [ask] i’ve cleaned a virus with this function. and i’ve submitted the virus file using “submit files” option on “quarantine” tab on CAVS. i just submit the EXE file,not zip it. is it acceptable?

[attachment deleted by admin]


You can submit your idea here.
For your problem, maybe you can also use your own built-in Group Policy Editor where you can set up software restricition based on a hash value:

  1. start
  2. gpedit.msc
  3. navigate to Software restrictions policies and create a rule for the file, set it to disallow.


sorry for misplacing post. thx Arkangyal