I wonder what the Heuristics warnning will be like with CIMA
Here are some examples i though of (lol a bit to many and some how i think this is a small list of what CIMA will detect when it comes into the AV) ;D ;D
over 85% of all the current malware is packed. Some are packed with custom packers. This behaviour is an important feature to analyse and does help many AV vendors with their high detection rate like Avira.
A simple check of double packing for example, or checking if a file is packed using a custom packer or even seeing if a packer which is a favourite packer for malware authors are all good ways to detect malware. Of course this should be supplemented with a whitelist and rules to reduce FPs. I don’t think any AV can ignore the importance of packers tbh.
True thing. Though the Pck detections in 3.8 caused too many false-positives, this seems way better under control since 3.9. I only hope you can crank up the Heur detections since still too many packed samples slip through at the moment (wich get catched by Avira’s and Norman’s Pck signatures). Also a clear detection difference between low-medium-high can’t be noticed. Still happy to see the progress tough!
I’ve noticed a Heur.Pck.Upack as wel I remember (really Upack not Unpack :P0l).
Well, malware is packed and so are legit programs. Why i complain so much? Because packer detection is , a bad practice and an awful feature if it’s not controlable (on/off). Only packer detection that i tolerate is the one that is in 99,9% used by malware and as such basically a malware packer. No harm in detecting that.
But Armadillo, PESpin, UPack, EXECryptor and so on don’t fall into that category.
I’m also complaining over stuff because i’m not a stupid fanboy who’s ok with every ■■■■ devs serve to me. Free or not, i don’t really care.
I do understand your opinion and it’s definitely constructive feedback. Although personally I think if Comodo works the Pck signatures some more it could be a valuable addition like it currently is for Avira and Norman for example.
Not a fanboy here, however I’m interested in it’s developments and posting some thoughts now and then. Since it’s now also available in my native language it might become an nice free option for friends and relatives. Any feedback will only benefit us users I think :-TU
I’ll try to explain this in the most easy way possible
As you said the name is : “heur.pck.fsg” this means “heur” that it’s detected by the heuristics. ‘pck’ that it’s a packer detection and “fsg” is the extension of the packer I think.
So it’s a packer detection, to avoid detection, most virii makers simply repack their malware so that it isn’t detected by the antivirusses. As it is difficult for an AV to have all teh packers included they simply are going to say that everything in such package is a virus.
This makes me believe that it is a False Positive. to make sure of that, I sujest you look at the path were the virus is (it’s normally in the antivirus pop-up) and you submit it to :