Hello,
I'm just thinking "out loud" here.
A Behavior Blocker\Heuristics Malware Hub sub-forum might be interesting.
Another sub-forum... right?
Members do a great job of reporting detection tests. However, very rarely does anyone report on how the security software responds if there is no signature detection.
Not too sure if it would work, but the behavioral\heuristic components that we all rely upon could certainly use scrutiny.
I admit there are potential problems... but generally the AVs will clearly indicate any behavior blocker\heuristics actions either in a classification or logs. So reporting actions should not be an issue.
When I test Emsi, if there is no signature detection, I will report how its Behavior Blocker responded in the Hub. If it's a different vendor I will report any heuristic "blocks."
In any case, just some thoughts.
I'm just thinking "out loud" here.
A Behavior Blocker\Heuristics Malware Hub sub-forum might be interesting.
Another sub-forum... right?
Members do a great job of reporting detection tests. However, very rarely does anyone report on how the security software responds if there is no signature detection.
Not too sure if it would work, but the behavioral\heuristic components that we all rely upon could certainly use scrutiny.
I admit there are potential problems... but generally the AVs will clearly indicate any behavior blocker\heuristics actions either in a classification or logs. So reporting actions should not be an issue.
When I test Emsi, if there is no signature detection, I will report how its Behavior Blocker responded in the Hub. If it's a different vendor I will report any heuristic "blocks."
In any case, just some thoughts.
