3 Likes
A possible pandora’s box.
Very good, now what I think is that it takes a long time for CIS to update its database after Valkyrie detects it.
Why this delay? I’ve been realizing this for a while now.
for the cloud it takes 1-5 minutes to be added to the database but for signatures it can take longer
1 Like
VirusScope detected the ransomware with Static Analysis.
The verdict is Highly Suspicious and there are 2 malicious indicators
2 Likes
Now I understand, due to the delay, I think it must take more than 24 hours to be placed in the subscription, because I believe that the CIS generates a new subscription every 24 hours, because there was a time when my av was updated more than 19 hours later .
1 Like
Comodo protects you even without a signature. That’s how Containment default-deny perfect zero-day protection works. See on VT all the other vendors are allowing that malware to run because they don’t have a signature for it whereas Comodo/Xcitium is protecting you while all the others aren’t for that how ever many of hours or days.
I find the Xcitium Threatmap https://threatmap.xcitium.com/ a interesting tool but end of the day each AV engine and it’s vendor have their own threat labs to analyze malware so VT isn’t always thego to in checking who has signature for what as that relies on static av scanning rather than full features of those security products.
Even Comodo Firewall without the AV element still protect you from this using the same containment technology. Comodo protected you from Magniber ransomeware before anyone else did. You can run another AV along side CF but I don’t see the point.
Here we are 21 hours later and even with fresh analysis still only 8 vendors detect it.
Virus total page: VT Verdict
3 Likes
Hello, Seeing in detail the creation of this virus was on the following dates.
History
Creation Time
2015-02-15 08:00:31 UTC
First Submission
2016-10-04 14:10:30 UTC
Last Submission
2016-10-04 14:10:30 UTC
Last Analysis
2024-05-22 20:41:44 UTC
It should have been detected a long time ago, strange to only detect it now.
Could someone tell me the link so I can download these files and test them here on my virtual machine?
No! This has now been packaged into a clean looking new unsigned file.
looks like SecureAge is a good thing to use, as long as you pay for it.
But Static Analysis and Signatures detected it.VirusScope detected the file with Static Analysis
AI is getting more powerfull now days
Signatures can detect 99% of the time but the 1% can slipp in and infect the machine.
That is why Xcitium has changed and fixed the problem with Containment.
2 Likes
SecureAge and those other AI-scanners are almost always the first to detect new malware.
then avast/avg and microsoft will usually be the first to identify it for what it is specifically
It’s benign file. Human analysis is correct: False positive file analysis with Hydra Dragon Antivirus (youtube.com)
Because we detect “EVEVERY UNKNOWN” (no other company does that), we will always find stuff others miss!
5 Likes