Cloud doubt about CIS


All unknown files checked by CIS Cloud your are verified using the services camas and valkyrie?

All detected as suspicious by these services files are parsed and added to the signatures of the CIS?
Mod edit: Spelling correction in the title, Captainsticks.

this is done already with CAMAS. All unknown files are being sent to the cloud where they undergo behaviour analysis. If found suspicious (e.g. suspicious+ or suspicious++) the signature is automatically created.

Although valkyrie is not used to analyze unknown files by CIS, we’ve been told that it is also used to create signatures.


Thanks, let me know if the valkyrie will be implemented in the analysis of CIS Could?

Valkyrie is composed of Static/Dynamic/AdHeuristic detectors.

AdHeuristics are already being used in backend system even before Valkyrie was introduced. StaticDetectors, I don’t know will ask Igor about that. Dynamic = CIMA + Antivirus database so already used.

CAMAS is buggy, the files sometimes remain undetected. Also, I often see the files are added automatically when there’s a detection from a known vendor at VT… (even without Suspicious+/Suspicious++ detection)

What makes you think that submitted files to CAMAS are only processed by CAMAS ? There are a number of automated systems, CAMAS is only a part of the filters…Many undetected files by CAMAS are by Advanced Heuristics engines.

I didn’t say that…

thanks, spywar and malware1!

You’re welcome