Reply to thread

Message

<blockquote data-quote="Andy Ful" data-source="post: 916873" data-attributes="member: 32260">One does not exclude another. Every proactive detection has some space between &quot;probably malicious&quot; and &quot;probably safe&quot;. This space is usually the largest for scripting attacks (generally for non-PE executables).<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up&nbsp; &nbsp; (y)" loading="lazy" data-shortname="(y)" />For now, there does not exist a good detection method for such cases which could avoid many false positives.Anyway, the advanced user does not have to use the proposed feature - it will not be obligatory. Of course, it is not an ideal solution, too.Edit.One could consider such a feature as a kind of external sandbox. The unsafe file is not executed immediately in the system but delayed by one (or more days) for execution outside the system (computers of other people). In this time the malware is usually recognized by the AV (in the cloud) or classified on Virus Total.</blockquote>

[QUOTE="Andy Ful, post: 916873, member: 32260"] One does not exclude another. Every proactive detection has some space between "probably malicious" and "probably safe". This space is usually the largest for scripting attacks (generally for non-PE executables).(y) For now, there does not exist a good detection method for such cases which could avoid many false positives. Anyway, the advanced user does not have to use the proposed feature - it will not be obligatory. Of course, it is not an ideal solution, too. Edit. One could consider such a feature as a kind of external sandbox. The unsafe file is not executed immediately in the system but delayed by one (or more days) for execution outside the system (computers of other people). In this time the malware is usually recognized by the AV (in the cloud) or classified on Virus Total. [/QUOTE]

Verification