Author Topic: Software Analyzer questions  (Read 3638 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Software Analyzer questions
« on: January 05, 2017, 10:58:02 PM »
Since Software Analyzer is becoming a part of avast!, I have few questions regarding it. I've already tested it and I know first hand it's brutally effective. But I'm already thinking for the future...

- How flexible is Software Analyzer, can its rulesets be updated using streaming or VPS updates or only as program update?
- Is avast! team already planning on enhancing it further already with new "sensors" and expanded rules?
- Any plans to combine CyberCapture and Software Analyzer capabilities?
- Is Software Analyzer giving CyberCapture very much needed flexibility when it comes to other infection vectors other than web (like it is now)?

I just want to learn more about Software Analyzer because it's an amazing piece of technology with results I can already see today and I really don't want it to stagnate, I want it to become even more powerful than it already is.
Visit my webpage Angry Sheep Blog

Offline igor

  • Moderator
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Software Analyzer questions
« Reply #1 on: January 06, 2017, 04:07:27 PM »
The Software Analyzer rules are in the VPS. Streaming updates... well, some detections delivered via streaming updates already are used by Software Analyzer. Whether some other related stuff would be delivered via streaming updates in the future - definitely can happen, but hard to say anything specific right now.

Right now, we're still quite busy with the actual integration, but I'm quite sure enhancements will happen :-)

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Software Analyzer questions
« Reply #2 on: January 06, 2017, 04:10:43 PM »
Now that I'm thinking, it's really not necessary to deliver updates for it via streaming updates, regular VPS would be more than enough frequent. I mean, the whole point of Software Analyzer is to operate as efficiently as possible without any updates. But is nice if you guys can update it on the fly for emerging threats that might be hard to cover with signatures, but easy using behavior blocker.
Visit my webpage Angry Sheep Blog

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: Software Analyzer questions
« Reply #3 on: January 06, 2017, 04:14:42 PM »
The Software Analyzer rules are in the VPS. Streaming updates... well, some detections delivered via streaming updates already are used by Software Analyzer. Whether some other related stuff would be delivered via streaming updates in the future - definitely can happen, but hard to say anything specific right now.

Right now, we're still quite busy with the actual integration, but I'm quite sure enhancements will happen :-)

I really hope it will help in protection though, better than Avast NG or even DeepScreen which can be bypassed by just malware coded to run its malicious stuff after 20+ seconds
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Software Analyzer questions
« Reply #4 on: January 06, 2017, 05:38:01 PM »
Trust me, Software Analyzer is far more effective than anything I've seen from avast! so far.
Visit my webpage Angry Sheep Blog

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: Software Analyzer questions
« Reply #5 on: January 06, 2017, 06:51:24 PM »
I have watched rejz videos and did some private testing myself.I share my old friend rejzor's opinions here.Looking forward to positive results.

Thanks
TI