Advanced heuristics update

Discussion in 'NOD32 version 2 Forum' started by mrtwolman, Jan 10, 2006.

Thread Status:
Not open for further replies.
  1. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Right now, my NOD32 shows AH module build 1.024 (20060108 ).
     
    Last edited by a moderator: Jan 10, 2006
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    NOD32 antivirus system information
    Virus signature database version: 1.1357 (20060109)
    Dated: Monday, January 09, 2006
    Virus signature database build: 6582

    Information on other scanner support parts
    Advanced heuristics module version: 1.024 (20060108 )
    Advanced heuristics module build: 1097
    Internet filter version: 1.002 (20040708 )
    Internet filter build: 1013
    Archive support module version: 1.040 (20051222)
    Archive support module build version: 1142
     
    Last edited by a moderator: Jan 10, 2006
  3. myluvnttl

    myluvnttl Registered Member

    Joined:
    Aug 23, 2004
    Posts:
    150
    NOD32 antivirus system information
    Virus signature database version: 1.1358 (20060110)
    Dated: Tuesday, January 10, 2006
    Virus signature database build: 6591

    Information on other scanner support parts
    Advanced heuristics module version: 1.024 (2006010:cool:
    Advanced heuristics module build: 1097
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.040 (20051222)
    Archive support module build version: 1142

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003/x64 - Administrative tools
    Version: 2.51.8
    NOD32 For Windows NT/2000/XP/2003/x64 - Base
    Version: 2.51.8
    NOD32 For Windows NT/2000/XP/2003/x64 - Internet support
    Version: 2.51.8
    NOD32 for Windows NT/2000/XP/2003/x64 - Standard component
    Version: 2.51.8

    Operating system information
    Platform: Windows 2003
    Version: 5.2.3790 Service Pack 1
    Version of common control components: 5.82.3790
    RAM: XXX MB
    Processor: Intel(R) XXXX(R) CPU X.XXGHz (XXXX MHz)
     
  4. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    ok, ok! No need to post the same thing! :p It's important to know what kind of updates are these?? For some new type of malwares, or what? :D If this is not a secret!
     
  5. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well, this program deletes some files from your system and perhaps that's the problem.
    But you can't know for sure if the file is detected due to the new AH. Perhaps it was detected before, also.

    Edited: Well, I've checked the file on www.virustotal.com and I think it's a FP. Only NOD32 detects it. And the program seems to be trustful. ;)
     
    Last edited: Jan 10, 2006
  7. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    Yes, I checked a while ago and only NOD detects it. But for sure this file was not detected before (I have it from May 2005 on my computer).
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yep, it seems to be a false positive and we'll remedy it shortly.
     
  9. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    A new method has been developed by Eset to offer proactive detection
    for rootkit threats.

    According to Eset´s chief software architect Richard Marko,
    the technology is very effective with a detection rate, in
    internal tests, of up to 90%.

    A rootkit is a special type of malware able to hide its
    presence in infected systems, and thus escape detection.

    Current rootkit protection methods work reactively - on the basis of
    signatures. Therefore it is necessary to keep anti-virus systems
    up-to-date. However, when releasing the detection signatures, usually
    a
    portion of users will have already been exposed to a new
    infiltration.

    In the case of rootkits an additional system scan with updated
    signatures may not reveal a hidden threat - rootkits are able to
    render themselves "invisible". Users of rootkit infected systems may
    thus have a false sense of security because their updated
    anti-virus system did not detect the presence of a rootkit.

    Under such circumstances it is obviously important to
    prevent a rootkit infiltration in the first place. Which is where
    proactive detection plays a vital role, allowing the detection
    of unknown rootkits with high probability.

    "Rootkit detection is based on the new generation of intelligent
    signatures, which is a part of the ThreatSense technology.
    This detection method is implemented in our technology in a
    revolutionary way," said Richard Marko.

    Proactive Rootkit detection is added automatically through a
    component update - so all NOD32 customers will benefit from
    this new technology immediately.
     
  10. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Thx, NOD32_user
     
  11. Abbes

    Abbes Guest

    New AH detected one false positive on my system. The file is Update.exe and is a part of Index.dat Suite:

    well this is real not good. nod32 already have some false positive in their signatures, now will they have also false positive on their Threat Sense Hive, oh this sucks!!!
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    o_O To expect the heuristics to 100% recognize only the real malware is nothing but utopia.
     
  13. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    too many unregistered guys here! And they state only useless things! o_O
     
  14. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    This seems like pretty useful information to me. He gives specific information about a particular file that is flagged as a false positive. How is that useless?

    Unregistered users are always welcome here, as long as they have something to say. :)
     
  15. Pain of Salvation

    Pain of Salvation Registered Member

    Joined:
    Apr 21, 2005
    Posts:
    398
    When will be this new proactive defence against rootkits avaliable for update?
     
  16. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
    There was another heuristic update...

    Information on other scanner support parts
    Advanced heuristics module version: 1.025 (20060110)
    Advanced heuristics module build: 1099
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.040 (20051222)
    Archive support module build version: 1142
     
  17. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Very nice update :thumb:
     
  18. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
    Is this the one with the new rootkit detection??
     
  19. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
  20. jg88swe

    jg88swe Registered Member

    Joined:
    Jul 1, 2004
    Posts:
    181
  21. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    It was not him giving information on FP but me.
     
Thread Status:
Not open for further replies.