Thank you for testing recognizers in previous release of v1.6.0, where we released recognizers finally in test mode to verify performance and false-positive.
We have evaluated false-positive and plan to release updated recognizer as v22.214.171.124 in non-test mode (i.e. when detection is made, you will be informed).
This version replaces previous v126.96.36.199 as well so after you have updated, you will see 188.8.131.52 and won’t see v184.108.40.206.
Please see enclosed snap as should be the case after update.
But before we do that, we would like some feedback about product stability with new recognizer version.
We have made recognizer version live on test server and you can use following steps to receive this new recognizer:
Here are the steps:
Step - 1: Make sure you have latest CCAV version installed.
Step - 3: Unfortunately like CIS, we don’t have manual updater in CCAV at the moment, it is being worked upon in on going sprint and will be released in Jul-2017 release. CCAV checks for program updates once a day, so you will have to change date to next day and re-start system or wait for next day.
Step - 4: Wait around 5-10 min after system restart and then you could check from CCAV’s about box recognizer version showing 220.127.116.11 as shown in enclosed snap and alternately you can also verify actual file in following location:
with following sha-1:
Looking for CCAV stability and any abnormal CPU / RAM usage.
Here is the full list of malware, mostly different ransomware families, which are watched out by recognizer and based on behavior pattern, detection is made:
Fileless Trojan (3)
Password Stealer Trojan (1)
Crypmod or ZeroCrypt
Philadelphia or Stampado
SageCrypt or Milicry
Few names have been dropped since last release as detection was false-positive prone.
Note: Considering recognizer work based on behavior, we have tried to detect typical ransomware activities so even though a malware family may not be in above list, it may still be detected.
Please try to run applications inside Sandbox as in CCAV only sandboxed applications activities are checked.
We would like CCAV users to give it a try and share if they see any abnormal CPU or RAM usage.
Looking forward for some results using CCAV.