I’d like to have the option to choose the sample type (1. Malware (Viruses, Trojans…), 2. Spyware, Adware, Riskware and 3. False positive) like in https://analysis.f-secure.com/
Better noticing of keyloggers.
Usually slips by…
That’s for submitting samples only, it won’t generate a report
The same problem as with most rogues. Those are the installers and as they won’t do anything harmfull, nothing will be said …
Xan
I’d like submit samples (with a report), but also submit false-positives, as F-Secure (without report) does.
So I assume that you want this :
please choose from
- Create a CIMA Report
- Send malware to the developers
- Report a False Positive
Good idea, I asked for that before, but … (:m*)
Xan
Yes, that’s it!
Be able to download files created my only wish 
I would like to see CIMA integrated into CIS. That way, users can analyze a file’s behavior without having to block requests one by one. When D+ presents an alert, the following options should be available:
- Allow this request
- Block this request
- Treat as …
- Perform CIMA
Performing CIMA within CIS will allow users to study the file’s behavior at their own convenience. Going through dozens of D+ alerts to block requests can be tiring and inconvenient.
Version 3.9 will bring CIMA like heuristics :-))
To Ronny No it wont. sorry 
I tested a cuple of known trojans and 2 of them were rated suspicious.
The problem i see is that one made OVER 3000 http Queries and that was not suspicious??? it should be!
And the other deleted more then 150 values in this folder (LM\System\CurrentControlSet\Control[b]SafeBoot[/b]) if i understand that the right, thats SafeMode Values that should also be suspicious!
Sorry Ronny. Egemen has already stated 3.9 will not have the CIMA-like heuristics. Maybe version 4.
This topic was kicked back to life after two months… two months ago that was the expectation indeed… !ot!
I didn’t read the date on Ronny’s post. My error.
I would like to be able to upload many files… Like a whole RAR file with maby 30 executables or files… and they would all get unpacked and analysed separately… =) and hopefully sent to comodo if suspicious! =)
Not something I badly sees as something needed… But it’s always nice to analyse files faster! =)
That would take a lot of server ressources. Imagine I uploaded 30.000 samples. It takes 5-7 minutes to analyze every file usually, if the file still runs, to see which TCP/IP connections it tries to do.
I worry! :-[
Umm…about what? 88)
I am new to CIMA. Let’s see if I understand how to detect a key-logger…
- Submit the installer to CIMA.
- If CIMA doesn’t detect anything suspicious, install on my PC.
- Submit all the installed executables to CIMA.
- If CIMA doesn’t detect anything suspicious, I then trust the installed executables.
There would be less risk to my PC, and the process would go faster, if CIMA provided the option to analyze the installed executables directly. The option could be offered after CIMA analyzes the installer.
Here are my wishes: :-TU :-TU
-
Have CIMA detect Buffer Overflow attacks :-TU :-TU :-TU
-
Rate applications that create processes with windows names but are not signed by MS rated suspicions.
-
Rate application that call out to the web more than 150 times suspicious. :-TU :-TU :-TU
i hope at least 1 of these ideas get added to CIMA ;D
Ok i have thought of a bunch more stuff CIMA should detect. (it might already)
Malware that prevents you from running programs.
Malware that truns TaskManager Off
Malware that adds proxys
Malware that changes MAC address
Malware that Pops ups all the time
Malware that puts a screen over your screen (fake BSODs)
Malware that truns system restore off
Malware that truns DEP off
I wish to see this plus the other wishes i posted, be put into CIMA before CIS v4.