Hi All,
Thank you for testing recognizers in previous release of v1.6.0, where we released recognizers finally in test mode to verify performance and false-positive.
We have evaluated false-positive and plan to release updated recognizer as v1.6.2.15 in non-test mode (i.e. when detection is made, you will be informed).
This version replaces previous v1.4.0.0 as well so after you have updated, you will see 1.6.2.15 and won’t see v1.4.0.0.
Please see enclosed snap as should be the case after update.
But before we do that, we would like some feedback about product stability with new recognizer version.
We have made recognizer version live on test server and you can use following steps to receive this new recognizer:
Here are the steps:
Step - 1: Make sure you have latest CCAV version installed.
Step - 2: Have following hosts entries:
91.209.196.83 download.comodo.com
91.209.196.83 www.download.comodo.com
Step - 3: Unfortunately like CIS, we don’t have manual updater in CCAV at the moment, it is being worked upon in on going sprint and will be released in Jul-2017 release. CCAV checks for program updates once a day, so you will have to change date to next day and re-start system or wait for next day.
Step - 4: Wait around 5-10 min after system restart and then you could check from CCAV’s about box recognizer version showing 1.6.2.15 as shown in enclosed snap and alternately you can also verify actual file in following location:
%Programdata%/Comodo/CCAV/evc/recognizers/proto_v9/recognizerCryptolocker.dll
with following sha-1:
SHA-1: a4eab2f8928f338318b6f0f8527bf747bb9570ad
Objectives:
Looking for CCAV stability and any abnormal CPU / RAM usage.
Here is the full list of malware, mostly different ransomware families, which are watched out by recognizer and based on behavior pattern, detection is made:
Backdoor (2)
Backdoor.MSIL.Bladabindi
Darkcomet
Fileless Trojan (3)
Gootkit/Xswkit
Kovter
Poweliks
Password Stealer Trojan (1)
Primarypass
Ransomware (52)
7ev3n
AdamLocker
BleedGreen
Cancer
Censer
Critroni
Crowti
CRY LOCKER
Cryakl
Crypmod or ZeroCrypt
Cryptolocker
CRYPTOMIX
Cryptorium
CryptoWall
CryptXXX
Crysis
DeriaLock
DMALocker
EnkripsiPC
Falock
FireCrypt
Genasom
Globe Imposter
GOG
Haperlock
HiddenTears
Hollycrypt
HydraCrypt
JigsawLocker
Kelnoc
Locky
Manifestus
Philadelphia or Stampado
Ransom.NoobCrypt
Razy
Roga
Sag2.0
Sage
SageCrypt or Milicry
Sarento
Satan
Shieldcrypt
TeslaCrypt
ToCrypt
TorrentLocker
Trojware.Win32.Filecoder.Ishtar.B
UltraLocker
Wallet/Dharma
WannaCry
Xorist
XRatLocker
YourRansom
Trojan (21)
Carberp
DarkKomet
Lethic
Necrus
Ropest
Sopinar
TrojWare.MSIL.Injector.~QWE
TrojWare.MSIL.Kryptik.IAS
TrojWare.MSIL.NanoCore.E
TrojWare.Win32.Agent.ZAQ
TrojWare.Win32.Fynloski.B
TrojWare.Win32.Injector.~DLDO
Trojware.Win32.Matsnu
Trojware.Win32.Phase.A
Trojware.Win32.PSW.Fareit.A
TrojWare.Win32.Ramnit.qg
TrojWare.Win32.Spy.Recam.zkg
Trojware.Win32.Spy.Weecnaw.H
Trojware.Win32.TrojanDownloader.Small.PRQ
Trustezeb
Ranbyus
Virus (1)
Grenam
Few names have been dropped since last release as detection was false-positive prone.
Note: Considering recognizer work based on behavior, we have tried to detect typical ransomware activities so even though a malware family may not be in above list, it may still be detected.
Please try to run applications inside Sandbox as in CCAV only sandboxed applications activities are checked.
We would like CCAV users to give it a try and share if they see any abnormal CPU or RAM usage.
Looking forward for some results using CCAV.
Thank you
-umesh