Heuristic Naming Schemes

Hi, I am brand new to the forum. Before registering I tried a number of different searches in the hope that I would find some sort of library housing the numerous naming schemes for heuristic virus definitions.

So since it seems there is none available, here I am.

So here is what I am proposing. Since comodo already has excellent, and I really mean excellent help documentation built in. Why not go to the trouble of simply compiling a list of all the different heuristic names for their virus alerts. Somebody must’ve programmed the names in to match certain pattern definitions, so somebody must know what all the names mean.

I am troubled with the idea that each time a new heuristic name pops up I either must use my own judgment upon the executable in question, or fall back upon google to find out what that kind of virus is all about then make a decision. I think it would be much more user friendly to include in the help documentation a section dedicated to defining what those names are supposed to indicate about the program.

I don’t think this is unreasonable, surely it took longer to compile the code definitions than it will to compile the english definitions. Or am I being short sighted and unreasonable?
Perhaps this is already under way?


I will move this to the Wish board.

:-TU nice suggestion!

This one of the best ideas in ages! ;D

I appreciate the support on this, I was worried nobody would reply and this would end up forgotten. Also, thank you for moving the thread. I hadn’t any idea there was a wish list board.

Who knows if this gets enough replies they might actually include it in the next major update.


it’s the same thing with threats naming :

It can be found this CIS Malware Naming Rules for Potentially dangerous applications/RiskWare

but it would have been more convenient as a tooltip in the antivirus report or when clicking on What do these settings do ?

example : CIS report Packed.Win32.Packer.~GEN@101571662 Risk : High .
How to find out what sort is the risk (data loss, privacy compromised … ) . Reading “Packed” with no other definition, we may interpret it’s just an uncommon compression method ?


Those definitions were useful, but I have run into at least Packer alerts which I had no clue as to what they were.

I am fairly certain there is more than just Packer though which remains without a proper definition.

I would love for it to be a tooltip.

Agree with your opinion Sagenth.