Defense+ Heuristics in Training Mode

I’m wondering if “Defense+ Heuristics” part is still triggered even if Defense+ is set to Training Mode?
I think i’ve seen this popup once when i had D+ set to Training mode. Can someone from the staff confirm this? I could test this but i’ll have to find a sample that triggers this alert and that may take long to find…

Hello!

For me, Defense+ doesn’t give any alerts in Training Mode, for files that are flagged as possible malware. For you to verify this, I’ll attach a packed version of cmd.exe. It’s not malicious, it’s the same cmd.exe that comes with Windows, except that it’s packed, so that it’ll be picked up by the heuristic detection. :slight_smile:

EDIT: You can run it from anywhere, do not replace your current cmd.exe in the system32 directory.

[attachment deleted by admin]

Well, i’m talking about Defense+ Heuristics here (yellow D+ popups), not file heuristics cause by on-access scanner.

Also this cmd.exe explains exactly why i don’t like packer based detection. File is harmless, but antivirus jumps on it just because it’s packed. But this is another topic…

I was also talking about the Defense+ Heuristics, although my alerts are shown in red color.

http://i44.tinypic.com/azdncz.png

In clean PC mode it differentiates between file in safe list or not. File in my safe files are like comodo safe list. My pending files makes no difference to message colour.