nosirrah Report post Posted January 11, 2007 I have loads of microsoft files created on 3/31/04 at 7:00 AM on my test system . No matter how many times I reload this machine these dates always stay the same . I have found that certain malware also spoof their creation date and time to match this . Other trends that I have seen are .sys files outside of the drivers folder and files with hidden and system attributes but no version tab under properties . Does the protective feature of SAS Pro heuristicly detect any of these tricks ? Share this post Link to post Share on other sites
SUPERAntiSpy Report post Posted January 11, 2007 I have loads of microsoft files created on 3/31/04 at 7:00 AM on my test system . No matter how many times I reload this machine these dates always stay the same . I have found that certain malware also spoof their creation date and time to match this .Other trends that I have seen are .sys files outside of the drivers folder and files with hidden and system attributes but no version tab under properties . Does the protective feature of SAS Pro heuristicly detect any of these tricks ? We many variations of heuristic definitions in our database. We don't base anything on simply date/time created, or .sys files without version information, as you would be surprised how many legitimate files are created this way by regular application developers Share this post Link to post Share on other sites
nosirrah Report post Posted January 11, 2007 What about an adjustable heuristics scale ? My guess is that heuristics generates some kind of a score and if the score is high enough a potential positive hit is registered . I would like to be able to adjust the sensitivity of this scale or add things that heuristics looks for . Some kind of heuristics control panel would be nice . Just an idea . Share this post Link to post Share on other sites
SUPERAntiSpy Report post Posted January 11, 2007 What about an adjustable heuristics scale ? My guess is that heuristics generates some kind of a score and if the score is high enough a potential positive hit is registered . I would like to be able to adjust the sensitivity of this scale or add things that heuristics looks for . Some kind of heuristics control panel would be nice .Just an idea . Thanks for the suggestions Our hueristics operate differently than most other products - we are very geared to avoid false positives and the heuristics are per definition, so they are not really adjustable on a global scale - in our testing and field testing we have found this way to be safer for the user and allow us more control "under the hood". I will of course keep your suggestion on our list of items for possible inclusion on a future release! Share this post Link to post Share on other sites
