Advanced heuristic

Discussion in 'NOD32 version 2 Forum' started by mrtwolman, Oct 31, 2003.

Thread Status:
Not open for further replies.
  1. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    I did a test on my collection with Advanced Heuristic. It detected 1547 various worms of about 3000 in my collection...
    imho quit impressive....
    List of worms detected by AH available upon request.
     
  2. Barney

    Barney Registered Member

    Joined:
    Jun 17, 2003
    Posts:
    119
    How is that impressive, that's only a 51.6% detection rate. Run KAV or DRWEB, you'll get a 99.9%....I GUARANTEE it.
     
  3. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    Why you send the worm not detected to ESET?
    samples@eset.com
    Regards
     
  4. dos

    dos Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    43
    Are you scanning using the definitions and heuristic's engine, or just the heuristic's engine?

    If its the former I'd be very surprised NOD32 didn't pick up more, if its the latter then I'm very surprised at how good the engine is!
     
  5. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Scanstring were off, i used heuristic engine only...
     
  6. majstro

    majstro Guest

    You havent true. When will you scanning only by heuristics, not with signatures, you never get better results than with heuristics of NOD32 2.0.
     
  7. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Very impressive, then! NOD32 might be the best worm scanner out there.
     
  8. JPM

    JPM Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    76
    Location:
    Las Vegas, NV
    I have read though that to activate the advanced heuristic feature within NOD32 you have to use an undocumented switch. If this is true, and it was used during this test, then the results are maybe not the same as with the standard heuristic setting. Though I am not sure of what I read about the advanced heuristic feature.
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    From what little I've read, Advance Hueristic's can cause a lot of false positives...

    My 2 cents worth :D

    Cheers :D
     
  10. reply

    reply Guest

    I was under the impression that Advanced Heuristics was a new feature for IMON in v2.
     
  11. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    I use /ah only for an suspicious stuff which I scan manually.
    Even normal Heuritics cause trouble, like today I was installing Norton System Works 2004 and I got an warnning that one of the .dll's was an unknown crypto Virus. Where all it is, a dll required to encrypt the info in symantecs web password manager. THUS IF YOU ARE INSTALLING NORTON SYSTEM WORKS 2004 AND HAVE NOD32 SET ON HEURITICS BE WARNED THAT YOUR PASSWORD KEEPER WILL NOT BE SAFE SINCE NOD32 WILL REMOVE THE DLL REQUIRED TO ENCRYPT YOUR PASSWORDS. The info has been sent to NOD32 hopefully they will fix it soon or they will be a lot of customers unhappy with that (well takeing into consideration that those customers go with Nod32 and not Norton).
     
  12. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Reply, it is. It's also available for the on demand NOD scanner if one runs it using /ah from the command line. Also, NOD Italy has a shell add on which provides the ability to scan an individual file using AH fom the explorer (right click) context menu.
     
  13. reply

    reply Guest

    sig, thanks for the info! I didn't know about the commandline for other modules.
     
  14. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    The last I looked the official documentation for version 2 doesn't discuss Advanced Heuristics, so knowledge of this new feature for the on demand scanner has been propagated by "word of mouth" from other users or readers of this forum.
     
Thread Status:
Not open for further replies.