CAVS taxonomy (detected categories) aware customizable behaviors

To my understanding there are few applications that are potentially unsafe(Applicationunsafe, Riskware) and thus are added to CAVS signature DB but they could be nevertheless needed by users.

Understanding CAVS taxonomy (detected families and sub families) and the nature of detected codes (malware, unsafe, riskware) would likely improve the overall end-user compliace.

Some AV classes pertains potential unwanted apps or exploitable components (Riskware, Appunsafe, etc.) and it is not uncommon some users report these detections as False Positive even if CAVS correctly detected the samples.

A small description (eg linking a description of the help file) could provide enough info to have the user acknowledge the nature of detected code and possibly provide enough infos for an educated guess.

On a related account a possible way to modify CAVS default behavior on a per family/subfamily basis (eg only log Riskware, jokeware or appunsafe but provide alerts for more blatant threats) will likely increase CAVS enduser friendliness.

With those info it could be also possible to modify default behaviour(providing additional options) when a particular category is found.

eg: Only log Joke apps but quarantine Trojan apps.

Yeah, there should be an option to enable or disable global detection of certain types of applications that may not be malicious, but can represent a potential security risk. Some just don’t want those to be detected while others want them. They can be enabled by default but if we can control that, thats great.

Yes. This will be very usefull feature.

Agreed. Users should have the ability to choose the default action for the different types of threats.


Different handling of different threats would be very nice. Please have a look at my wishes from December.
There I’m also describing a different handling of threats (complete ignore, hint without interaction, alert, automatically remove)