Heur.Suspicious & Heur.Dual.Extensions


Would you explain about these two types of detection? What is the difference?


Heur.Suspicious means that file is found suspicious by Heuristics (more or less guessing on antivirus part)

Heur.Dual.Extensions probably means that file is found suspicious by heuristics and it has double extension, like

readme.txt.exe (by default user will see readme.txt and think it’s a text file, but it’s really a program)

actually heur.suspecious are signatures created in the cloud by CAMAS. Basically the file got run in the cloud by comodo and it did things that could be malicious so a signature was created.