I can’t recall ever getting a FP <—I have Heuristics set to “high” and running statefull
It must be the new computer with a bunch of programs that come with the computer, other then that, I just can’t see how certian people get FP’s ???
Even keygens and patches generally don’t get flagged. (although infected and/or backdoored keygens will get flagged regularly )
As I have said, I have only had 3 confirmed FP’s since starting with V3.8. I leave Heuristics on low. Every FP has been for a file that was not flagged by a previous CAV database and they all were fixed speedily. No FP’s so far with 3.12.
I don’t think this is a good thing to tell people. It’s a well known fact that a strict signature based solution isn’t useful against zero day threats. Heuristics are necessary for this.
Now granted, in theory, D+ should be catching any baddies before the AV needs to deal with them, but we know that nothing can detect 100% of the threats out there. Therefore heuristics is a necessity for a useful AV.
If the answer to the problem is to tell people to turn off heuristics instead of fixing the root of the problem (heuristics algorithms) then this is concerning to me.
Heuristics is an algorithm! 88) They can be nothing but an algorithm! You feed it several parameters, and if any (maybe a percentage?) of them are met, it flags a detection. This is an algorithm! If it isn’t an algorithm, it is a signature…
Agreed. I’m not disputing that. I’m simply saying that by turning of heuristics, your zero day protection has decreased markedly as far as the AV is concerned.
Looking forward to it! So you said it comes out tomorrow, right?
You’re saying the developers can’t change their own code? ??? (Assuming of course, it is their own code. I’m not so sure after the debut of SecureDNS and Time Machine)
You’re sure all the heuristics are determining is whether or not a file is packed? If so, then that is very disappointing. There is much more to determining infected/suspicious files than merely being packed…
There are definitely a lot of infected packed files out there, but I’m willing to bet the majority are still legitimate.
This would be a bit like a policeman pulling over every driver of a Camaro because drug runners have been caught in this make of car. 88)
They can add packers for detection… v4 will probably change the Heuristics Engine from Packer Detection to BA.
No not all heuritics work like that… the Current CIS (client side) heuritics detects packed files only (and maybe files with Dual extentions (not sure)). The Server side works diffrently… how i dont know…
Thats very much how Heuritics that arent Behavior Analysis (CIMA like) work.