Classfication and Detection "Singularity" ?!

hey guys , i have latenight (for me) discussion with “Futuretech” about this topic !!! :wink:

Trust applications signed by trusted vendors file rating setting : ON

COMODO VT Verdict : Application.RiskTool.AnyDesk.~
Human Expert Analysis : CLEAN
Valkyrie signature detection : CLEAN
CAV : NO Detection

COMODO VT Verdict : ApplicUnwnt.UnclassifiedMalware
Human Expert Analysis : PUA
Valkyrie signature detection : MALWARE
CAV : NO Detection

Trust applications signed by trusted vendors file rating setting : OFF

COMODO VT Verdict : Application.RiskTool.AnyDesk.~
Human Expert Analysis : CLEAN
Valkyrie signature detection : CLEAN
CAV : Posivitv Detection as Application.RiskTool.AnyDesk.~

COMODO VT Verdict : ApplicUnwnt.UnclassifiedMalware
Human Expert Analysis : PUA
Valkyrie signature detection : MALWARE
CAV : Posivitv Detection as ApplicUnwnt.UnclassifiedMalware

I think it is not a good idea that a "trusted vendor"classification seems to be “stronger argument” then a positiv signatur detection ! what do you think about that fact ?

thx in advance !

Hi Pio

That’s really tricky cases, and a double-edge sword. The first sample you analyzed is a remote desktop application. We cannot conclude it has a malware behavior, but may lead it some circumstances. So human expert verdict is SAFE. The second one is already “ApplicUnwnt.UnclassifiedMalware” in VT, same as PUA definition. And our experts marked as such, probably because there is an additional adware component installed with the software.

We may get the details from experts if you want. But in any case, the vendor classification helps much to reduce false classifications, rather than the inverse.

Hi Fatih ,

thanks for your quik and detailed reply !!! :-TU

I have changed my Post a bit ! I would like to say more , but I’ll give you a longer answer later, because i need sleep ! Now ! Sorry … :a0

Let´s try it with a small riddle and with regard to the headline of my threat . I hope this is not too cryptic ?! :wink:

Question : Whats wrong ? Several answers are possible !!! Futuretech do you wanna say something ? :smiley:

User won’t get PUA CAV detection unless trust applications signed by trusted vendors is disabled in CIS file rating settings.

almost right … :wink:

Trust applications signed by trusted vendors file rating setting : ON

COMODO VT Verdict : Application.RiskTool.AnyDesk.~
Human Expert Analysis : CLEAN
Valkyrie signature detection : CLEAN
CAV : NO Detection

Further questions follow … :wink: