Norman Sandbox efficiency

Hi Gents

I'm searching for heuristic efficiency tests.
I know BD Hive and NOD32 have the best engine but how about Norman's Sandbox ?
If you have clues, don't hesitate to share your opinions
Thanks for your support !

M.J.

 

Norman Sandbox is ok, though it's way slower than HiVE or ThreatSense AH.
It's somehow also a bit less effective than those two from competition.

 

What I like about Normans Sandbox is the way it tells you what a nasty is trying to do. Other AV's just block the threat, while Norman actually tells you what it was supposed to do.

> Open c:\WINDOWS\notepad.exe
> Type "bla bla bla"
> Close c:\WINDOWS\notepad.exe

Something like that I like.

But how good it is I don't know, never tried it. Can't find any tests either.

 

I hope NOD32 v3.0 will show this information, too

 

Check this..

https://www.wilderssecurity.com/showthread.php?t=97806

But, it is stupid sandbox, believe me.

 

Look how good is SandBox.

 

izi,

No offense - but are you sure concerning Norman?

 

I think that is the generic detection but not Norman Sandbox detection

 

No offense but lets not start another jotti contest here. It’s pointless...I just turned to jotti.org and look what I got...Hubba...hubba.


tD

 

Plus, Linux editions may show way lower rates here at Jotti (avast! and partially NOD32 are just two of such).

 

...and next fact is that a sandbox system is designed ON PURPOSE not to detect all kind of malwares.

 

OK,
It appears the SandBox Technology is not that strong I thought.
Is the message "W32/Suspicious_M.gen " really a generic detection ?

If so, I guess heuristic detection is a uncommun way for Norman to detect malwares..."suspicious" files detection is often seen in Jotti

 

I did some observations....I found that most of the files which are packed by MEW,Norman Virus Control will detect them as W32/Suspicious_M.gen.
so I think W32/Suspicious_M.gen is a generic signature to detect any suspicious files which are packed by MEW.

 

Sandbox environments can be also used as emulators (thats why NOD32 is so effective in polymorphic and exotic/modified packers).
So you can use Sandbox help to detect malware which uses some tricky methods or something.