Melih,why it is so difficult to create heuristic for similar Brazilian trojans ?

Henrique_RJ · February 11, 2016, 7:25pm

Are thousands of similar Brazilian Trojans disseminated every day that Comodo Antivirus does not detect.

https://forums.comodo.com/news-announcements-feedback-cis/why-comodo-antivirus-does-not-detect-encrypted-installers-t114631.0.html

miloszcz · February 11, 2016, 9:04pm

Are they detected by valkyrie? Remember, detection is not a primary line of defense for Comodo.

Henrique_RJ · February 11, 2016, 9:16pm

Yes, Valkyrie detect.

Yes, I know it detection not a primary line of defense, but why no have a heuristic for the numerous similar brazilian trojans daily ?

Thanks

fatih.orhan · February 11, 2016, 10:43pm

I couldn’t find the samples in the other thread. Let me analyze them, and find out why they are not detected first.

Henrique_RJ · February 11, 2016, 10:50pm

I will send to you by MP

Done !

Henrique_RJ · February 12, 2016, 5:10pm

What the result the analyze ?

Henrique_RJ · February 13, 2016, 6:34pm

Melih ?

Somebody ?

Citizen_K · February 13, 2016, 7:35pm

It’s weekend now. I would expect an answer as early as Monday.

Henrique_RJ · February 13, 2016, 9:31pm

See that there are thousands of similar Trojans entire month being created to achieve a nation ( Brazil ) of 200 million people.

Citizen_K · February 14, 2016, 1:49am

I am not disputing the potential urgency of your observations. My concern is with the forum etiqutette. There is not much sense to urge outside the work hours. That doesnt’ mean I am not curious to learn about fatih’s findings.

Henrique_RJ · February 14, 2016, 7:32am

Melih should give the answer always given to that detection is only a first line of defense.

And we would go for that.

Dennis2 · February 14, 2016, 9:05am

From previous topic.

Henrique_RJ · February 14, 2016, 9:50am

Fatih asked me the files and did not give me any answer.

Melih · February 14, 2016, 2:17pm

Detection is not the first line of defense.
We put all unknowns into Sandbox/containment, thats your first line of defense!

Dennis2 · February 14, 2016, 2:18pm

Please note it may take some time.

Dennis

Henrique_RJ · February 14, 2016, 2:31pm

So why antivirus?

So why offer the antivirus to be tested in institutions such as the AV-Test ?

Detection is the first line yes, if not, not exist.

Thanks for your reply, Melih.

jebuchanan · February 14, 2016, 4:28pm

Every additional layer helps.
Besides. Occasionally you may allow a file to run, and it may be virus infected.
Nice to know you are always protected.

Henrique_RJ · February 14, 2016, 4:36pm

Why not create a heuristic line for these thousands of similar brazilian trojans daily?

Why not ? ? ?

It simple !!!

The single line of heuristic code.

Is it so difficult ?

Citizen_K · February 14, 2016, 10:41pm

Let’s hear what Fatih Orhan tells us after the weekend. We all know that Comodo is only slowly working on generic signatures. Although recently there have been observed some noticeable decreases in the size of the AV database.

Melih · February 14, 2016, 11:36pm

Why Antivirus: For usability. no point in putting a known malware into sandbox. thats why Antivirus.