Does Kaspersky use/have heuristics

Using the AV and there are settings for heuristic settings all the way to deep. But based on this, it shows nothing detected by heuristics. I am confused.

 

yes kaspersky has heuristics, although not the best. kaspersky is very signature based, but its proactive security module helps compensate for that.

 

Hello Jeff,
Kaspersky does have heuristics.
there are some improved heuristics in beta atm
they will be released by the end of this year.

with the current heristics it detected an email attachment as malware. i sent it to the labs to make sure wasnt fp. by then it had been detected by signiture. nice to see the heristics work.

 

Virusinfo uses virustotal to compile their data...which also means they are using an old v7 build...which means that the heuristics they are scanning with aren't the most up to date or complete.

They differ from the heuristics in v2009, which are much more "active" at making detections. Plus there is a new overhaul to the heuristics coming before the new year hopefully that will bring in some new features including a strong web exploit and script heuristic scanner.

 

Will the new heuristics also be limited only to users of version 2009, or is it an engine wide update such that every program using the KAV engine, including clones and old versions of KAV will also get the benefits?

 

I think that the script heuristic module and general improvements to the emulator will extend to v7 aswell, but I will have to check first.

 

Nope the Anti-Virus SDK still uses ''old'' technology. It's not without a reason why GData changed to BitDefender instead of Kaspersky. I won't be surprised to F-Secure making a move to another engine neither (or fully rely on Hydra in the near future).


Ps. Back in town, contact you soon mate.

 

Well the architecture update is here and now on public servers. Ladies and gents, please give a warm welcome to kjim (if not here yet then hes coming very soon ), the script heuristic module, new naming for heuristic detections and numerous updates to the PE emulator

 

Now that it's on public servers, you might know better whether the benefits extend to v7 and older versions too.....and the KAV workstation line. If you do, then please do inform me

 

So will we see even better than usual results from av-comparitives?

 

That will come anyway through the regular heuristic updates that come with signatures, but this was a bit special because they have included a new module for scripts/exploits which has proved to be very effective in my testing (I actually think this wasn't released yet, but the other impovements were) and made performance tweaks and other detection enhancements to the normal PE (execuatble) heuristics. Plus with the new naming arrangment they will be able to stuff in a lot more verdicts...aka they are working hard on the heuristic front and are probably going to be targetting many more malware families, as shown by the latest av-c test.

 

Agree, I think scripts/exploits are still beta

The new emulator released yesterday-ish has many detection improvements with trojans etc so would improve detection for on-demand tests like AVC (but detections wont be shown on any online scanners inc Virustotal or Virusinfo because of older scanning engine)

The (currently beta) emulator which is working on scripts and exploits is more veered to protect against driveby attacks rather than increasing on-demand detections (which AVC emphasizes more on), so wont improve AVCs results by much. The majority of the time, its detections will only be seen while surfing the internet to reduce the number of users getting infected by 0-days.

 

Wow finally Kaspersky came to the realization that their drive-by download detection is crappy. But wait, I thought they said they didn't need to detect exploits because all their users are fully protected because they are happily patching their machines after religiously running the cool new Security Analyzer feature. LOL.

Get with the program. Average users don't patch. You need exploit detection and blocking. Can't wait to test out the ADODB.Stream exploit with their new heuristics.

 

Its not going to detect 100% of exploits, only some, (also not sure what type of exploits). Anyway, with the vulnrability scanner (included in the Full PC scan), users would know if there is vulnrability and they should upgrade... if they dont, thats simply neglect.

Yes, AVs are there to protect users, but users should also use common sense and initiative to keep themselves protected and by doing that, they would be protected from many exploits. Kaspersky's Vulnrability Scanner is still a step in the right direction to inform the user of this and protect users.

 

Use please do.... that is one of the exploits types that has been targetted. I think that even the die hard opposition willl say it is a nice improvement.

*insert picture of orly owl here*
I beg to differ....we have seen the number of people start to patch rise dramatically since the introduction of the vulnerability scanner. If one person patches, that is a victory because that is one less vulnerability to exploit on their machines. Don't bash it till you've seen it in action.

 

How can I cross check whether the new heuristic engine is installed?


EDIT: Is it limited to web av module only?

 

No, works with fileAV too.


It still isn't on public servers...only beta server. Look for kjim component in your update report.

 

http://forum.kaspersky.com/index.php?showtopic=86632&view=findpost&p=815554

It says that its officially released. Is that officially correct?

I haven't got the kjim file in the update report!

 

The PE emulator update plus the new naming scheme. Kjim isn't out yet.