Melih,why it is so difficult to create heuristic for similar Brazilian trojans ?

Are thousands of similar Brazilian Trojans disseminated every day that Comodo Antivirus does not detect.

Are they detected by valkyrie? Remember, detection is not a primary line of defense for Comodo.

Yes, Valkyrie detect.

Yes, I know it detection not a primary line of defense, but why no have a heuristic for the numerous similar brazilian trojans daily ?


I couldn’t find the samples in the other thread. Let me analyze them, and find out why they are not detected first.

I will send to you by MP

Done !

What the result the analyze ?

Melih ?

Somebody ?

It’s weekend now. I would expect an answer as early as Monday.

See that there are thousands of similar Trojans entire month being created to achieve a nation ( Brazil ) of 200 million people.

I am not disputing the potential urgency of your observations. My concern is with the forum etiqutette. There is not much sense to urge outside the work hours. That doesnt’ mean I am not curious to learn about fatih’s findings.

Melih should give the answer always given to that detection is only a first line of defense.

And we would go for that.

From previous topic.

Fatih asked me the files and did not give me any answer.

Detection is not the first line of defense.
We put all unknowns into Sandbox/containment, thats your first line of defense!

Please note it may take some time.


So why antivirus?

So why offer the antivirus to be tested in institutions such as the AV-Test ?

Detection is the first line yes, if not, not exist.

Thanks for your reply, Melih.

Every additional layer helps.
Besides. Occasionally you may allow a file to run, and it may be virus infected.
Nice to know you are always protected.

Why not create a heuristic line for these thousands of similar brazilian trojans daily?

Why not ? ? ?

It simple !!!

The single line of heuristic code.

Is it so difficult ?

Let’s hear what Fatih Orhan tells us after the weekend. We all know that Comodo is only slowly working on generic signatures. Although recently there have been observed some noticeable decreases in the size of the AV database.

Why Antivirus: For usability. no point in putting a known malware into sandbox. thats why Antivirus.