Discussion in 'other anti-virus software' started by yanzilme, Apr 5, 2008.
Can anyone clarify the heuristics capabilities for F-PORT ?
What technology uses？(gen?emu?)
Search engine is your friend
Thank you for you
But in this discuss,i don`t see any about emulator/heuristics with F-PORT.
Try a Google or a Yahoo search on . . .
Be inventive and let us know what you find.
i dont even understand the question lol
I want to know that f-port does have looks like nod32 the simulator engine.
Seriously, what does it matter?
All I know is that F-PROT's heuristics don't produce that infuriating 100% CPU lock when scanning heavily packed/obfuscated files. That, and they seem quite effective against some polymorphic packed variants like Swizzor, while NOD32 fails against every sample I've run across.
Maybe F-PROT has an emulator, maybe not. It doesn't matter. Just take a look at Avira's emulator and see what it's good for, for instance.
That's why I haven't replied then
Fridrik did the static (non polymorphic) DLL's with Eldorado Generic and i wrote the swizzor maximus detection for the polymorphic droppers. Both together scoring quite good in all kinds of variants and they are lightning fast.
All heuristic (and ofc normal signatur scanning) is using emulation for unpacking purposes besides other information gathering.
The thing about NOD32's heuristics is their varying effectiveness against different strains. They can have flawless heuristic detections for almost every single variant in a family, and almost completely miss in another. And of course, there's the ever-present 100% CPU lock problem which has gone unfixed for ages. F-PROT has a steadier performance in this regard, I suppose - not that I've experimented extensively with it.
A representative on Avira's forum mentioned once that their emulator isn't used for unpacking. And as far as their heuristics go, I think it's safe to say that emulator technology is almost, of not entirely, uninvolved, since what they seem to do is include packed variants in their sig database due to poor unpacking ability, detection for custom hand-modified packers, and static analysis.
Maybe Stefan can comment on this.
Separate names with a comma.