Hi. I have a question about Viruscope. According to COMODO,
in settings, it states that it “dynamically analyzes the behaviour of
running processes and keeps a record of their activities.”
But is this more like a local Heuristic/HIPS engine, or is the behaviour
analyzed in the cloud?
Thanks in advance for your feedback.
It’s done, as far as I know, on the local machine and it works by using recognizers that contain data about malicious activities and if an executable is found to do something that one or more recognizer founds malicious then it’ll be blocked and you’ll get an alert from viruscope.
At least that is how I understand it and I think that Comodo found it harder than they thought to create these recognizers without triggering false positives hence the development may or may not be somewhat slow.