Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
ESET
Eset 13.0.22.0 Final
Message
<blockquote data-quote="MacDefender" data-source="post: 841986" data-attributes="member: 83059"><p>This is a really good point. Heuristic analysis is still a great way to protect against zero days. Note that some AV's like Norton's engine do also invest in heuristics (see their Heur.AdvML.x detections, <a href="https://www.symantec.com/security-center/writeup/2016-051811-2400-99" target="_blank">Heur.AdvML.B | Symantec</a>). And F-Secure's DeepGuard also contains some set of heuristic signatures (ironically often times when I execute zero days I find, it is DeepGuard that catches it before the payload even gets to executing, indicating it's static analysis and not runtime behavior blocking based)</p><p></p><p>The nice thing about static analysis heuristics and generics is that you don't risk the payload executing at all, which substantially lowers the risk of advanced malware learning how to counteract the way that behavior blockers inject themselves into the running binary.</p><p></p><p>The downside I'd be concerned about is FP's. Like I won't say whose engine it is, but I can compile a C program with some string constants defined like "vmware-vmx.exe" and "vmtools" and if I include 2 or 3 of those terms in the binary it will flag it as generic malware VM detection. How's the FP rate for ESET?</p></blockquote><p></p>
[QUOTE="MacDefender, post: 841986, member: 83059"] This is a really good point. Heuristic analysis is still a great way to protect against zero days. Note that some AV's like Norton's engine do also invest in heuristics (see their Heur.AdvML.x detections, [URL="https://www.symantec.com/security-center/writeup/2016-051811-2400-99"]Heur.AdvML.B | Symantec[/URL]). And F-Secure's DeepGuard also contains some set of heuristic signatures (ironically often times when I execute zero days I find, it is DeepGuard that catches it before the payload even gets to executing, indicating it's static analysis and not runtime behavior blocking based) The nice thing about static analysis heuristics and generics is that you don't risk the payload executing at all, which substantially lowers the risk of advanced malware learning how to counteract the way that behavior blockers inject themselves into the running binary. The downside I'd be concerned about is FP's. Like I won't say whose engine it is, but I can compile a C program with some string constants defined like "vmware-vmx.exe" and "vmtools" and if I include 2 or 3 of those terms in the binary it will flag it as generic malware VM detection. How's the FP rate for ESET? [/QUOTE]
Insert quotes…
Verification
Post reply
Top
