EricJH, I am puzzled by your statement above. My references to heuristics are not limited to the AV only. My understanding of the way CIS works is that a program is automatically sandboxed if it doesn’t match an AV signature and isn’t in either the whitelist or the blacklist databases. CIS then uses advanced heuristics (such as behavior analysis) to decide whether the sandboxed program is malware or not. Improving the detection rate will reduce the number of programs being sandboxed. Improving heuristics will make diagnosis of sandboxed programs more accurate.
Definitely agree on this, but very difficult to achieve. As far as I know all current sandbox implementations cause problems with some software.
2 things will reduce the no of apps that go into Sandbox
1)improving whitelist
2)improving blaclisting
as you will appreciate a user on average handle a lot more whitefiles than malware…which means improving the whitelist is much much more important in terms of usability than improving malware detection (within the context of what is sandboxed and reducing the no of files that gets sandboxed).
My understanding of the way CIS works is that a program is automatically sandboxed if it doesn’t match an AV signature and isn’t in either the whitelist or the blacklist databases.
That’s correct.
CIS then uses advanced heuristics (such as behavior analysis) to decide whether the sandboxed program is malware or not.
That is done in the cloud.
Improving the detection rate will reduce the number of programs being sandboxed. Improving heuristics will make diagnosis of sandboxed programs more accurate.
Definitely agree on this, but very difficult to achieve. As far as I know all current sandbox implementations cause problems with some software.
Currently there is a lot of work going on on the cloud side under the name Valkyrie using
heuristics, file look-up and real-time behavior analysis
and
We are so proud that our “Valkyrie” file verdict service is the first opening public online service that adopts various kinds of AI techniques
In short, that is some pretty exciting stuff being worked on. Users can upload files to Valkyrie for analysis and verdict.
Yes I have tried Valkyrie. It is a brilliant concept, but needs a huge improvement in useability, reliability, and accuracy before it can be considered a serious malware detection tool. It is effectively an AI version of Virus Total, but the Valkyrie Uploader is primitive, the site has too many performance problems, and its results are wrong too often to be considered accurate.
What analysis is performed “in the cloud” on sandboxed programs? I assume that cloud analysis is different to the behavior analysis performed by D+. Does it include analysis by Valkyrie?
valkyrie as far as i know is still getting major back end improvements. improvements to CIMA are still coming and a new product is coming eventually (comodo cloud av) which will be using Valkyrie
What analysis is performed "in the cloud" on sandboxed programs? I assume that cloud analysis is different to the behavior analysis performed by D+. Does it include analysis by Valkyrie?
The process of cloud scanning is described in [url=http://help.comodo.com/topic-72-1-206-2040-Unknown-Files---The-Sand-boxing-and-Scanning-Processes.html]Unknown Files: The Sand-boxing and Scanning Processes[/url]. Valkyrie is not part of the cloud look up as described. It will in due time.