Advanced Heuristics Engine

I think Comodo AV should contain an advanced heuristic engine that is something like the one that ESET’s NOD32 uses, so that it has the ability to detect more “in the wild” malware.

This is what i think it should contain:

The engine should be an engine that uses mulitple methods per file to determine that said file is clean.

For example:
Engine should first use signatures.
Engine should then scan the code in the file.
Engine should then create a virtual system, execute the file, and watch for malicious intent/activity.
If the file fails one of the previous tests, then it is flagged as malware.

The engine should contain a method to scan the ADS, or alternate data streams for NTFS partitions to check for rootkits.
The engine should contain a method to scan the Boot Sectors of a disk to be certain that it isnt infected.
The engine should also contain a way to reduce the heuristics used if the user wishes to do so.

What i’d like to see:

A file hash method.
Something that computes multiple hashes for a clean file, then stores them in a table. When the scanner scans a file, it could first compute the hashes for the file, and compare them against the values in the table. If the hashes that were computed match the hashes found in the table, then the file is clean. If it doesnt match, then the file is scanned like normal. The hash method needs to use multiple algorithms, and it needs to compute more than just the file size or last access date, to be certain that the file isnt modified.

The next update will include CIMA-like heuristics. This should satisfy your wish.
You can read it at this link

Nice BEEF! This will be nice to see integrated into the system.

This will be a great inprovement

I hope the V3.9 will release this month 88)

Last I heard, late April seemed accurate, but nothings set :wink:

so any updates when this heuristic is going to be added? ;D

As far i remember we will first get this in V 4.0

that be very helpful indeed … waiting for 3.9 final version :a0 and ofcourse 4.0 :smiley: :-TU

Retracted.