Ability to enable or disable packers detection

New version of CIS will have heuristic detection based on packers type. For me this is a no-go and as such i’d like to have some form of control over this in a way like AVIRA AntiVir offers now under extended detection categories.
If you want you can have files detected just because they are packed by UPack or Armadillo, however if you don’t want that, i’d like to have an option to disable this without also disabling actual true heuristics or lowering heuristics sensitivity. It can be enabled by default but i want an option to control this feature by myself, because it’s just not reliable and generates lots of false positives just because author selected wrong packer to protect his program.

It should be a new checkbox right below Heuristics dropdown menu with description “Packer based detection” or something like that.

You really hate this packer detection thing…
Just by curiosity, are there any particular bigger (legitimate) programs that packs itself with UPack and/or Armadillo?


EDIT:: I totally support your suggestion.

This was just an example. Detecting something just because it’s packed by some specific packer is a very VERY bad practice and i really don’t want to see it in Comodo if i’ll ever want to use it.
Unless they just love to fix trilions of idiotic false positives and have their customers constantly annoyed by the FP’s.
QuickHeal went that way and no one liked that thing. Same McAfee and i know there were loads of problems with it even in a project where i participated.
Actual heuristics, YES anytime, packer detection, NO thanks.

I’m bumping this in hope that when CIMA heuristics are implemented, this checkbox will be added as option to disable packer detection.

While i am not aware of the specifics of the packer apps but in my limited understanding these are apps that create installers. That fact that an installer has been created by any of the mentioned packers should by itself not be the reason for a genuine AV to trigger alerts (even if the 50% of such installers are malware). The heuristic engine should be able to dig deeper and scan / evaluate the contained files.

I think, this is totally useful.

I use Matlab, and about 370 files are flagged as heur.Packed. It sucks, when the AV alerts me all the time.THis action doesn’t increase my feeling of being secure.
AV detects restore-points as heur.packed also. And that this is normally not a virus, is clear.

I’m not really against an option to control packer detection but I’ve still to find a topic that focus on what packer detection attempt to address: circumventing signature detection by simply changing encryption or packers.

Although detecting a packed executable specifically and not by packer could be useful this actually imply that a repack/encryption would make the previous signature useless.

Even creating derivate signatures of the same unpacked executable for any know packer will not be as much effective although demanding relevant efforts.