Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Summary of the March edition of tests on virus samples from the Internet
Message
<blockquote data-quote="Andy Ful" data-source="post: 986250" data-attributes="member: 32260"><p>To be clear, this is what I propose:</p><p></p><p><strong>LEVEL A: pre-execution level</strong></p><p><em><strong>The malware has been detected before it could be executed.</strong></em></p><p></p><p>I would not use the term "browser level". Technically, this term is correct for the AVLab test because all samples are downloaded via a web browser. Anyway, many AVs can detect threats on Level 1 even if the malware was not downloaded via the web browser.</p><p></p><p><strong><s>LEVEL 2:</s></strong></p><p><s>The system level, i.e. a virus has been downloaded, but it hasn’t been allowed to run.</s></p><p></p><p>This level probably includes the events that start as Level 1 and end when the sample is moved to another location. The sample is not allowed to run because the analysis has been finished with a delay, and this is not related to the process of moving the sample to another location.</p><p>This level could have some value when the samples were downloaded to the network shares and next moved to the local disk. The Level 2 events are very rare in AVLab tests. I propose to join this level with level 1 to get LEVEL A.</p><p></p><p><strong>LEVEL B: on(post)-execution level</strong></p><p><em>The malware could be executed and has been detected/blocked "on-execution" or "post-execution".</em></p><p></p><p>I would not use the term "analysis level", because a similar analysis can be done in many cases on Level A, especially for the files downloaded from the Internet.</p><p></p><p>As I said, this is only a loose proposition.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 986250, member: 32260"] To be clear, this is what I propose: [B]LEVEL A: pre-execution level[/B] [I][B]The malware has been detected before it could be executed.[/B][/I] I would not use the term "browser level". Technically, this term is correct for the AVLab test because all samples are downloaded via a web browser. Anyway, many AVs can detect threats on Level 1 even if the malware was not downloaded via the web browser. [B][S]LEVEL 2:[/S][/B] [S]The system level, i.e. a virus has been downloaded, but it hasn’t been allowed to run.[/S] This level probably includes the events that start as Level 1 and end when the sample is moved to another location. The sample is not allowed to run because the analysis has been finished with a delay, and this is not related to the process of moving the sample to another location. This level could have some value when the samples were downloaded to the network shares and next moved to the local disk. The Level 2 events are very rare in AVLab tests. I propose to join this level with level 1 to get LEVEL A. [B]LEVEL B: on(post)-execution level[/B] [I]The malware could be executed and has been detected/blocked "on-execution" or "post-execution".[/I] I would not use the term "analysis level", because a similar analysis can be done in many cases on Level A, especially for the files downloaded from the Internet. As I said, this is only a loose proposition.(y) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
