heuristic and signature based detection

Hello everyone,

one month ago, i started to use antivir pe and it got a false positive warning, Heuristic/Trojan.Downloader. Then I sent the file to antivir. next day antivir updated its VDF(virus definition file) and the problem solved. It is not the end of the story. Today, i update the VDF as usual and antivir again got another false positive warning to the same file, Heuristic/Trojan.Downloader.

How could it be? since the Heuristic dection doesn't rely on the virus definition, why could the false positive disappear and show up again by changing the VDF? Any comments or ideas?

shek

 

shek,

The program could be responding to a distinctly different segment of code or a result of a follow-up refinement of their module. In either case, I'd resend the file in question.

Blue

 

i did resend the file. my question is why with the update of VDF, the false positive detected by heuristic, not by signature, shows up again. I assume the heuristic code analyzer should be modified at the first time i sent the file and the VDF has nothing to do with the heuristic code.

 

Exclusions are signature driven,thats why. They probably just mixed up some files probably. Got the same problem while ago with ArcaVir. They fixed FP,but it was back after 1 month. Human error factor