It’s malware. 1/46 means nothing. look at prout.exe it was a 0/46 … valkyrie was actively detecting it. Now, most of the vendors detect this worm.
That’s true, but what about the one siketa says is NOT malware, to be more accurate they say is a false positive, we need an analyst to confirm one way or another as one person saying ‘malware’ and another saying a ‘false positive’ doesn’t help us to judge Valkyrie’s effectiveness
As good as these tests are the results can be confusing or unclear when two or more people start a tug-of-war with the results or over the results, I hope we can get clear cut answers to clear up the confusion
siketa is wrong
Note: This sample is now detected by CAV as “UnclassifiedMalware”.
6 / 47
That’s just an usual zeroday threat that starts its life as “unknown”.
Ty for the update, I’m sure most of us presumed this was the case, or at least hoped it was ;D
It’s nice to see how effective Valkyrie is and the awesomeness of the Comodo dev’s at work, I really cant wait for Valkyrie to work its magic in the cloud for CIS, should improve the detection and protection greatly :-TU
I assigned both files for analysis.
Are we witnessing the automatic creation of signatures by valkyre already? Is that special day already here? ???
:BNC :BNC :BNC
What do you mean? That Valkyrie said one thing and analysts said the opposite (normal)?
Valkyrie has :
Static Detectors : I am waiting for Igor’s response to see if they are now using to generate signatures I don’t have any official reply for it.
Dynamic detection : CIMA already used for unknown files submitted by community.
AdHeur Already used to generate signs (even before valkyrie website was introduced).
Yeah…it happens…
what means PE FILE??
portable executable
Thanks
Valkyrie results for netpeeker.sys:
eMing Software is a trusted vendor.
Virustotal.com shows that all the virus programs listed trust this file. Because of this concept of a “false detection”, I don’t trust the opinions of virus companies as to what programs can be trusted.
I’m not going to say that this is a false detection because I don’t know what AI_Detector 5 & 11 is finding, so my question is simply this:
Is the malware malicious?
I have no reason to think so, but I am open to a possibility that security on my system may be compromized (System folder protection reduced to allow writing to the folder).