Sorry, I don't really get it... ??? Is there more than one file in this archive? If yes, why? You are supposed to test only the real Klez...
This would only make sense, if some of your samples are extremely new (probably not more than one day old), because F-Secure usually gets the...
@Firefighter They did some usual ITW testing (mostly worms and some virii, as you know) and a backdoor/trojan test. In the backdoor/trojan...
It isn't that easy. Remember that heuristics are updated, too... ;)
@Andreas1 Yes, I think he is right about that. AFAIK the DCS-guys don't deny that, promising improvement with TDS-4. :)
@nameless Yes, you're of course right, a memory scanner doesn't really have to "deal" with packers/crypters, as they scan the running processes...
@Andreas1 Can you tell, which packers are supported by TDS-3 "out-of-the-box"? I wonder because according to some tests, even the most commen...
@INFINITY Nautilus is not working on A2, if you mean that... :o @nameless Someone (Nautilus) points out a flaw in current AT's mem...
@tweakie Yes, as I already assumed above, both Nod32's AH and Norman's sandbox apparantly fail to emulate 'through' files, which are protected by...
Unfortunately, Norman doesn't use its Sandbox as a "generic unpacking engine", as you suggest; i.e. it apparently doesn't scan the unpacked...
I suppose, that confirms my findings, right? :)
illukka, have you tested it already? At least with my Armadillo-packed samples (various Armadillo versions), it doesn't seem to work, as KAV only...
Which is no big surprise, as NODs so-called memory scanner is no "real" memory scanner... right? ;) Flux seems to be quite powerful, imho....
@Technodrome I see, we think quite the same about Norman's sandbox and Nod's AH (and afair, we already discussed Norman's papers about their...
So, what are the main differences between "sandboxing" (Norman) and "emulation" (Nod's AH)? I haven't really been able to figure that out yet....
Hm, up to version 5.41 you can start an update via the systray symbol or the update-tab in the "main program". There is also an update reminder...
It's worth a try... ;) From my experience, it works with both mentioned AVs (although AVK displayed a warning about wrong checksum or...
No, Nod32 has (few) more static unpackers, plus(!) some kind of generic unpacking due to its "Advanced Heuristics". :)
If you have installed Backweb in the beginning, you can just uninstall it, and the Backweb process will be away (of course, only if you don't want...
That doesn't say much, because the zip package doesn't contain any "final" polymorphic server (dropper)... ::) You'll have to create some...
GuruGuy, from what I read at DSL-Reports, this is 'just' a dialer. So no surprise, that NOD32 doesn't detect it (even with AH), because those...
Imho you can be really happy with your birthday present... :) Yes, F-Secure is a bit 'unusual', but it is surely one of the best AVs you can...
According to gkweb's test results, at least Outpost 2 and Look'n'Stop are able to do so in their "highest settings." This does _not_ mean, that...
Well, not all leaktest rely on patching/modifying/injecting into/... running processes, so it's quite understandable, that Process Guard (PG)...
@illukka What do you mean with "passed when ie set to ask"? Does it mean, that there is no allow-rule set for IE (or another browser)? Then,...
Separate names with a comma.