All detected as suspicious by these services files are parsed and added to the signatures of the CIS?
Mod edit: Spelling correction in the title, Captainsticks.
Hi,
this is done already with CAMAS. All unknown files are being sent to the cloud where they undergo behaviour analysis. If found suspicious (e.g. suspicious+ or suspicious++) the signature is automatically created.
Although valkyrie is not used to analyze unknown files by CIS, we’ve been told that it is also used to create signatures.
Valkyrie is composed of Static/Dynamic/AdHeuristic detectors.
AdHeuristics are already being used in backend system even before Valkyrie was introduced. StaticDetectors, I don’t know will ask Igor about that. Dynamic = CIMA + Antivirus database so already used.
CAMAS is buggy, the files sometimes remain undetected. Also, I often see the files are added automatically when there’s a detection from a known vendor at VT… (even without Suspicious+/Suspicious++ detection)
What makes you think that submitted files to CAMAS are only processed by CAMAS ? There are a number of automated systems, CAMAS is only a part of the filters…Many undetected files by CAMAS are by Advanced Heuristics engines.