Do Not use heuristics on files signed by trusted venders

The title says it all, a way to make realtime, manual and scheduled not use herustics on files signed by trusted venders. ;D

This would cut down a lot of FP as the Trusted Venders list got the better!

:-TU :-TU


Microsoft products have never been infected? ;D

that is why i said heuristics, it will still scan trusted venders with signatures

But signatures are only effective if the malware is known and a signature has been created for it. That is the whole concept behind heuristics, to detect unknown malware.

I do see that point, but the heruistics on high do give a lot of FP there must be a sullution other then lowering the the level.

Are trusted vendors and safe apps always safe?

If suddenly a trusted vendor or a safe app act badly, what will save me?

+0 because some virus can infect executable file. including Microsoft operating system file.

I was infected by Win32.Virut last 2 years it’s infected system file and my Antivirus was automatic quarantine infected file.

After I reboot , I can’t see my desktop because my system file was gone. :frowning:

But the Signature by Microsoft would become fake if the file changed and D+ is there to prevent changes
AV already has detection for Virut so It would still catch the trojan

D+ would let it execute so yes you would most likely be screwed if the Signatures would not catch it or it was
not a virus, Just a bad bug

And I wish CAV engine can repair infected file in the future too.