Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: RejZoR on September 12, 2010, 12:26:15 AM

Title: What does [Susp] tag stands for?
Post by: RejZoR on September 12, 2010, 12:26:15 AM

I've seen quite some detections with such tag, like Win32:FNFAV-C [Susp], INF:AutoRun [Susp], JS:ScrObfs-gen [Susp] etc...

Now i do know that [Heur] stands for a heuristic detection, but what is [Susp] then? I'm guessing suspicious, but wouldn't that fall under [Heur] as well? Just curious as usual :)

Title: Re: What does [Susp] tag stands for?
Post by: Gargamel360 on September 12, 2010, 12:35:23 AM

Methinks those are behavior shield detections.

edit:http://forum.avast.com/index.php?topic=59700.0 (http://forum.avast.com/index.php?topic=59700.0)

or not.

Title: Re: What does [Susp] tag stands for?
Post by: RejZoR on September 12, 2010, 12:47:21 AM

I don't think they are. Those have [Heur] tag. That's why i'm wondering. Unless they use [Heur] for behavior analysis heuristics and [Susp] for more "traditional" heuristics used to scan Autoruns, BAT's, scripts, HTML files and so on, stuff that usually doesn't run inside virtual emulators but can still be checked with heuristics.

Title: Re: What does [Susp] tag stands for?
Post by: igor on September 12, 2010, 12:55:19 AM

I believe they are basically equivalent - some virus analysts using [Heur] even though we originally agreed on [Susp] (or vice versa, I don't remember it myself  ;)).

Title: Re: What does [Susp] tag stands for?
Post by: Gargamel360 on September 12, 2010, 01:11:41 AM

Ok, thanks for clearing that up. :)