Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: RejZoR on September 12, 2010, 12:26:15 AM
-
I've seen quite some detections with such tag, like Win32:FNFAV-C [Susp], INF:AutoRun [Susp], JS:ScrObfs-gen [Susp] etc...
Now i do know that [Heur] stands for a heuristic detection, but what is [Susp] then? I'm guessing suspicious, but wouldn't that fall under [Heur] as well? Just curious as usual :)
-
Methinks those are behavior shield detections.
edit:http://forum.avast.com/index.php?topic=59700.0 (http://forum.avast.com/index.php?topic=59700.0)
or not.
-
I don't think they are. Those have [Heur] tag. That's why i'm wondering. Unless they use [Heur] for behavior analysis heuristics and [Susp] for more "traditional" heuristics used to scan Autoruns, BAT's, scripts, HTML files and so on, stuff that usually doesn't run inside virtual emulators but can still be checked with heuristics.
-
I believe they are basically equivalent - some virus analysts using [Heur] even though we originally agreed on [Susp] (or vice versa, I don't remember it myself ;)).
-
Ok, thanks for clearing that up. :)