Anyone know anything about Kaspersky getting a new heuristic engine?

Discussion in 'other anti-virus software' started by colt45allstar, Jun 24, 2006.

Thread Status:
Not open for further replies.
  1. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Core behavior blocker does most of the job anyway (which is enabled by default weven for Basic mode). Advanced mode is imo a bit to intrusive with all the popups. But basic isn't at all.
     
  2. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Then I guess it might be of some interest if IBK's results would be about the same with just the Basic mode and without the Advance mode?
     
  3. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Probably not exactly the same but very close.
     
  4. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Well, that's what I was saying too. :rolleyes:
     
  5. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    They were done with the "Interactivemode" (which you guys call max/advanced), unlike RejZor i do not see a lot of popups.
     
  6. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yeah if you use just final versions of software. I use mainly beta stuff. WMP11 and IE7 are just few among these which generate unnecessary popups.
     
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    How do I adjust these settings? I do not see anything that I understand to do it. Is it part of the Proactive module?
    Thanks,
    Jerry
     
  8. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    You just choose between the two options (basic or interactive) during the install or enable all options in the settings under "Proactive defense", mind you the "Application Integrity control" can give CPU spikes for some, this has been fixed in the coming MP1 (juli/august) and already are in the beta's.
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Don,
    Thanks. I did note a spike when I changed it. CPU usage went to 54%, but went back down to normal, 0 to 6%.

    Jerry
     
  10. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    This can happen occasionally but IMO its nothing to worry about. :)
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I´m getting confused, AFAIK heuristics are able to identify malware that are not yet in the signatures database, but Pro active defense is basically the same as a HIPS right? I mean the enduser will have to respond to the alerts if malware tries to do potentially dangerous stuff right?

    I mean if I´m correct, I´ve read that Proactive Defense stops a lot of malware according to the latest tests by AV-Comparatives, but how exactly? I mean you still have to run files and respond to alerts, and then you still don´t know if it´s malware or not? Like I said I´m confused. :blink:

    http://www.kaspersky.com/news?id=188369257
     
    Last edited: Jun 30, 2006
  12. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Seems to me it would be better if the KAV Proactive Defense On-Execution behavior blocker could emulate the execution of an application in a type of sandbox like some AVs heuristic analyzers can do now. Looks like that would reduce the chances of a PC being effected in bad way before a warning. Also, that would appear to me to be a cleaner approach and reduce the chance of leaving malicious files on a PC even after something is blocked.

    Or is this just not possible with the type of KAV Proactive Defense On-Execution behavior blocker?
     
  13. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    No, you know very well what it is because you get the only dialog with Quarantine and Rollback buttons (you don't get this one for anything else).
    And it's not like you'll get these warnings for lots of programs. It's the opposite. I ahven't got a single one. It did however picked two files as Trojan.Generic upon execution (they were both correct detection).
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Oh OK, so when KAV thinks that a certain app is probably malware you will get to see only a certain (Quarantine + Rollback) alert. So no alerts about services/drivers/hooks etc.? Isn´t this heuristics then?
     
  15. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    I change quiet alot drivers on my sistem and i haven't got a single PDM warning about it (running Basic mode, otherwise you indeed do get warning sbut then you selected Interactive mode anyway). Also no unnecessary warnings from programs. Yes, PDM is exactly the same as all other heuristics, only thing that sets it apart from others is the way how it works. End results are the same.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.