I just watched Malwarebytes Anti-Ransom test video and it made me wondering. Apparently, they make detection based on behavior analysis of the ransomware. Can Viruscope be utilized to do the same thing? Because that would be pretty cool. It’s already there, you just have to craft the right rules.
Sheepolina, thank you for that great question. Viruscope is developed for that exact purpose. As you mentioned, the behavior is also clear for cryptolockers or ransomware.
The good news is we have already developed a very good recognizer for detecting this behavior. It detects many different malware families, by tracking the behaviors via Viruscope. We’re about to release soon, when we’re sure it is ready in terms of TP and FP results.
A “Recognizer” is a Signature format that we use for Viruscope. You will see many Recognizers catching many baddies
Great! COMODO is heading towards a great way (Recognizer).
Good job! Eager to test.
Not only will it have containment (sandboxing) but it will also analyse the behaviour thanks to Recognizers!
I’ve switched it to mode where it analyzes all programs, even those outside of sandbox, just to be sure. I hope more recognizers will be released on regular basis. Would be nice if you guys would let us know when you release something significant in recognizers.
This is great news Fatih! Cant wait till VC gets more recognizer updates. its one of my fav techs in CCA/CIS