Advice Request Symantec started to use AI?

[TheMalwareMaster]

Good morning everyone... Is Symantec using artificial intelligence in their products? Look at this VirusTotal scan
Antivirus scan for f62dd2dd7c2d1b0011264318d27d7a7a01ca1277b766b4d0815981f65ecbd2f5 at 2017-04-18 08:37:19 UTC - VirusTotal

ML.Attribute.HighConfidence

Is this detction name related to AI?
Thanks for the help

 

[SHvFl]

Don't see that detection.

 

[Ink]

Symantec: Suspicious.Cloud.2.A

Suspicious.Cloud.2.A is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.

 

[TheMalwareMaster]

Strange. The detection name changed. I was sure it was that one

 

[frogboy]

Strange. The detection name changed. I was sure it was that one

It did change, I saw both also. So you are not going mad after all.

 

[ZeroDay]

I've seen a few Symantec detections on VT stating Malicious confidence = X. And I'm pretty sure that they are indeed using AI.

 

[TheMalwareMaster]

Found a new one. Look here (Symantec). This time I made a screenshot

 

[SHvFl]

Strange. The detection name changed. I was sure it was that one

It did change, I saw both also. So you are not going mad after all.

I've seen a few Symantec detections on VT stating Malicious confidence = X. And I'm pretty sure that they are indeed using AI.

If i was evil i would say they are stealing detection signatures but everyone knows this is something no antivirus company does. /s

 

[ZeroDay]

If i was evil i would say they are stealing detection signatures but everyone knows this is something no antivirus company does. /s

Ha ha. Good reply I like it.

 

[Ink]

Symantec: ML.Attribute.HighConfidence
Was not able to find their definition meaning, but I am going to guess it's similar to their Heur.AdvML.C

Heur.AdvML.C is a heuristic detection designed to generically detect malicious files using advanced machine learning technology. A file detected by this detection name is deemed by Symantec to pose a risk to users and is therefore blocked from accessing the computer.

ML = Machine Learning aka AI

 

[Wingman]

This is a new feature introduced with sep 14.x endpoint (advance Machine Learning).Previous sep version (12.x) do not have that functionality but might still detect the samples based on sonar/insight technologies

Consumer products (aka norton) benefit from the Heur.advML signature

 

[brod56]

Glad to see Norton improving its detection rates, competetion makes products better for us, consumers.

 

[XhenEd]

The answer to the question depends on one's perspective. If one considers Machine Learning to be Artificial Intelligence, then the answer is yes. But if not, then the answer is no.

Kaspersky uses ML, but does not consider it AI (Eugene Kaspersky has blog posts about this).

Besides, I think Symantec has been using ML ages ago. I doubt they were manually classifying files in their headquarters until now. Probably they developed, or further developed, their ML to act as immediate cloud detector.

 

[Deleted member 178]

Ai is just a fancy name for the good old advanced heuristic... since some devs saw Cylance getting huge funds with their so-called "Ai" , they all change or start making one...

 

[Winter Soldier]

Symantec is using new machine learning techniques, but it is necessary to say that the artificial intelligence is just like an empty box.
Now all the big AV vendors are speaking of AI for their products, but the real effectiveness is in the collected data, where AI algorithms are performed.
It is necessary to have a huge number of information to process, getting the patterns to predict new malware, Symantec seems to have nearly 200 million computers in the world that use their products collecting tons and tons of analyzable data.

 

[Emanuel.]

 

[TheMalwareMaster]

View attachment 147451

Seems nice... Only in endpoint protection products, or Symantec is using it also in Norton Security?

 

[Deleted member 178]

Seems nice... Only in endpoint protection products, or Symantec is using it also in Norton Security?

Seems only on SEP at the moment.