F-secure using Norman sigs as well as KAV?

Discussion in 'other anti-virus software' started by jlo, Feb 20, 2007.

Thread Status:
Not open for further replies.
  1. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi All,

    I have noticed this a few times when submitting stuff on VirusTotal that F-secure seem to be using Norman signitures as well as KAV although in this screenshot it could be Norman heuristics which I know some of the technology is carried over in to F-Secure although I have seen it with signitures as well?

    Cheers

    Jlo


    F-Secure 6.70.13030.0 02.20.2007 W32/NetworkWorm.MT
    Ikarus T3.1.0.31 02.20.2007 BehavesLikeWin32.AV-Killer
    Kaspersky 4.0.2.24 02.20.2007 no virus found
    McAfee 4967 02.20.2007 no virus found
    Microsoft 1.2204 02.20.2007 no virus found
    NOD32v2 2072 02.20.2007 probably unknown NewHeur_PE virus
    Norman 5.80.02 02.20.2007 W32/NetworkWorm.MT
    Panda 9.0.0.4 02.20.2007 Suspicious file
     
    jlo, Feb 20, 2007
    #1
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I know they use the Norman firewall which is right now a problem for me. If it were not for my updating issues I would say they cant be touched as the best suite out there. But I dont see how that integrates into AV detection.
     
    trjam, Feb 20, 2007
    #2
  3. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,886
    Location:
    Innsbruck (Austria)
    it is the pegasus (norman) av scan engine in f-secure.
     
    IBK, Feb 20, 2007
    #3
  4. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Thanks for the clarification IBK.

    Kind Regards

    Jlo
     
    jlo, Feb 20, 2007
    #4
  5. Tweakie

    Tweakie Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    90
    Location:
    E.U.
    - W32/Malware, W32/NetworkWorm, W32/Dialer, W32/FileInfector, W32/Backdoor and W32/Downloader (and probably others) are heuristic detections performed by the sandbox, based on "wide" behavioral patterns.

    - [whatever].dropper is a signature detection performed on a file that has been created inside the sandbox by the scanned sample.

    - [whatever].Gen can be either generic detections of the regular scanning engine or generic detections of variants of widespread families (e.g. spybot.gen) performed through the Sandbox. For me, it is not clear whether the latter are based on the actual behavior (i.e. how it alters the sandbox) of the malware, if the sandbox is mainly used as a "generic unpacker" (unlikely), or if it is something else.

    - There are now new kind of detections, named W32/[sandboxdetectionname].PostFix that appear in the list of newly added signatures. The detection you mentionned belongs to this category. Apparently, they are produced by the sandbox. I wonder if this means that they decided to automate the use of spybot.gen-like signatures to less widespread families. And we'll have to wait until next av-comparatives retrospective test to know if it brings any significant improvement...
     
    Tweakie, Feb 20, 2007
    #5
  6. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Their firewall is a bit of a strange one as discussed here.
     
    TonyW, Feb 21, 2007
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...