Xcitium Verdict Cloud(Valkyrie)

Nikola Milanovic

Nikola Milanovic

Level 6
Thread author
Verified
Oct 17, 2023
285
440
477
unknown.png
Unknown (4).jpg

1699428763621.png

Based on the sections entropy check! file is possibly packed
Anti-vm present
 
  • Like
Reactions: [correlate]
@Nikola Milanovic fwiw, I downloaded what I think is a well known file, windows firewall control, logged into Valkyrie, I submitted sha256 and it said not a valid hash format (paraphrase) then I uploaded the file and Valkyrie computed the sha1 correctly but reported File Not Found. I do not have Xcitium installed (yet) but I understood that Valkyrie would run its analysis for would-be user of Valkyrie.
1702284565207.png
1702284565207.png
 
Last edited by a moderator:
  • Like
Reactions: Trident, [correlate], Nevi and 1 other person
simmerskool said:
@Nikola Milanovic fwiw, I downloaded what I think is a well known file, windows firewall control, logged into Valkyrie, I submitted sha256 and it said not a valid hash format (paraphrase) then I uploaded the file and Valkyrie computed the sha1 correctly but reported File Not Found. I do not have Xcitium installed (yet) but I understood that Valkyrie would run its analysis for would-be user of Valkyrie.
View attachment 280177View attachment 280177
Click to expand...
you need to upload it here Comodo Valkyrie Customer Login | Advanced File Analysis System or at Xcitium verdict cloud
 
  • Thanks
  • Like
Reactions: simmerskool and [correlate]
  • Like
Reactions: Trident
simmerskool said:
ok, yeah but, so I login on this page and I get "Invalid login credentials" :unsure: Unclear (to me) why I would need to create a second account, or want to have two (2) Valkyrie accounts...
Not trying to sound intentionally negative here, but this is progressing toward more trouble that it is probably worth. :unsure::unsure:
Click to expand...
It is definitely more trouble than it’s worth. And I am not sure why static analysis needs to be performed in the cloud, I don’t see any data being displayed that is worth computing in the cloud. It could be performed locally as well. Where is the dynamic analysis?
 
  • Like
  • +Reputation
Reactions: roger_m and simmerskool
simmerskool said:
ok, yeah but, so I login on this page and I get "Invalid login credentials" :unsure: Unclear (to me) why I would need to create a second account, or want to have two (2) Valkyrie accounts...
Not trying to sound intentionally negative here, but this is progressing toward more trouble that it is probably worth. :unsure::unsure:
Click to expand...
you need to create the second account because your other Valkyrie is Valkyrie verdict and the one i sent you its just Valkyrie

Trident said:
It is definitely more trouble than it’s worth. And I am not sure why static analysis needs to be performed in the cloud, I don’t see any data being displayed that is worth computing in the cloud. It could be performed locally as well. Where is the dynamic analysis?
Click to expand...
Because VirusScope uses Static and Dynamic Analysis thats why
 
  • Sad
Reactions: simmerskool
Trident said:
Wasn’t VirusScope behavioural blocking or does it perform pre-execution analysis as well. And if VirusScope performs pre-execution analysis then what’s the point of Valkyrie which seems to be mainly static analysis as well?
Click to expand...
Containment is sandbox so in the sandbox VirusScope does Static and Dynamic Behavioral Analysis and delivers the verdict to Valkyrie and to the user
 
Trident said:
It is definitely more trouble than it’s worth. And I am not sure why static analysis needs to be performed in the cloud, I don’t see any data being displayed that is worth computing in the cloud. It could be performed locally as well. Where is the dynamic analysis?
Click to expand...
and to mention that Valkyrie also has Dynamic Analysis
1702320538221.png
 
  • Like
Reactions: Trident
Nikola Milanovic said:
Containment is sandbox so in the sandbox VirusScope does Static and Dynamic Behavioral Analysis and delivers the verdict to Valkyrie and to the user
Click to expand...
How does it fair with sandbox aware malware, and malware coded to jailbreak sandboxes. How does it handle out bound connection to C&C servers as it performed dynamic analysis. What is the criteria of dynamic analysis based on, which aspects does it analyze. How efficient/effective is this analysis is everything being addressed by the automation. What is the ratio of false positives and false negatives, these automated tools are only as good as the rules they are written with compared to manual dynamic analysis and reverse engineering of the malware.
 
  • Like
Reactions: Sunshine-boy, roger_m, simmerskool and 1 other person
Ultimate Vision said:
How does it fair with sandbox aware malware, and malware coded to jailbreak sandboxes. How does it handle out bound connection to C&C servers as it performed dynamic analysis. What is the criteria of dynamic analysis based on, which aspects does it analyze. How efficient/effective is this analysis is everything being addressed by the automation. What is the ratio of false positives and false negatives, these automated tools are only as good as the rules they are written with compared to manual dynamic analysis and reverse engineering of the malware.
Click to expand...
When locally sandboxed you won't need to worry about damage. You may also make rules to Deny traffic for contained items. Their cloud sandbox is prone to the save evasions as all others. From personal experience... I've submitted samples that tricked the comodo cloud sandbox. Check out some of my malware analysis post's for examples.
 
  • Like
Reactions: simmerskool
Xeno1234 said:
would Xcitium by compatible with another anti-malware product? Also, are sandboxes items unable to work properly?
Click to expand...
Sandboxed items by Xcitium are analyzed by VirusScope(Static and Dynamic Analysis) but some applications dont work in the sandbox and just die because Xcitium doesnt allow an app to connect to the internet so there is no internet connection in the sandbox and yes its compatible
 
  • Like
Reactions: simmerskool

You may also like...