1.These malware will NOT get sandboxed because they are signed by a trusted vendor right?If virus signature detection doesnt catch them we are completly open?
2.How can we protect against these type of malware using cis.
Does anyone know the way they sign the malware as legit apps.Or suggest me some reading about this?I mean an application from microsoft could only be singed by microsoft right?If someone else signed it should come out as false.How they bypass that
So let me see if I got this straight, if for example Opera gets (as they recently did) their signing thingy stolen and then someone signs malware with Opera’s signature, then even if the malware is in the AV databse it will not be detected because the malware is signed by a trusted vendor? So Opera signature must be removed from TVL for the malware to be detected?
Is this also the case if you change AV from stateful to on-access?
I voted but seeing how long ago the wishes were made and that nothing has been done so far, it makes one lose faith.
Being able to turn on CAV for trusted files is something that must be implemented in my opinion.
Open the Advanced Settings. Then, under File Rating there is an option to “Tryst applications signed by trusted vendors”. If you uncheck this the TVL will be disabled.
I think that would be unrelated to whether the installer is signed or not. It just decides whether files spawned by the installer, assuming the installer was already trusted, would be automatically allowed or not.