Avast 5 heuristic and disappearing virus defintions

[Gohoos81]

Hi,

I've tested and scanned a good number of newer malware samples using avast! 5 free (5.0.396) and have noticed no "heuristic" detections when scanning static samples, even with heuristics set to "high" and "code emulation" option checked (PUP checked as well).  Is this feature not implemented yet or are heuristic-based detections assessed as "malware-gen" and lumped into the same "malware-gen" category as signature-based detections?

Also, I noticed that the number of definitions sometimes decreases following a VPS update.  For example, several days ago, the number of definitions was >2,286,000 and now is only >2,285,000.  I assume this is because new detections are being added at the same time that generic detections are being consolidated, so the number of unique detections stays in flux even as new files are being detected/added.

Thanks for the help!

[yaslaw]

I (and others as well) asked about avast heuristic detection many times before , without any answer. Maybe this time somebody from ALWILL will look at this thread.
It's pity that ALWIL PR's are doing such bad job - instead of promoting new engine and its abilities, we have only laconic information about: behavioral shield (without single info about what it's have been doing except "Monitors activity on your computer using a number of sensors (file system, registry and network based) and reports/blocks any suspicious behavior"),  about heuristic is the same, Behavioral Honeypots (avast! sensors identify and monitor suspicious file activity on selected computers, automatically submitting files to the Virus Lab for additional analysis.) -< what does it mind "selected computers"
There is no information about change in rootkit module (it's still based on GMER )... etc etc.
Regards
yaslaw

P.S some piece of information we can find on avast blog - but still not many - and It will be good for AVASt - to combine  these  information with the main page -  simply because not many people will search through entire blog.

[superhacker]

not always the new samples detected by the heuristics,may be all your sample dont match the heuristics rules in avast heuristics
and the heuristics is really running and that what say the report come from av-comparatives.com
and alwil and avast are not rogue anti virus so what they say is what they do

[yaslaw]

not always the new samples detected by the heuristics,may be all your sample dont match the heuristics rules in avast heuristics
and the heuristics is really running and that what say the report come from av-comparatives.com
and alwil and avast are not rogue anti virus so what they say is what they do

sorry no offence but this is nonsense ;-)

regards
yaslaw

[superhacker]

a lot of things look like nonsense but you can wait the next tests and look to the reality

[Hermite15]

a lot of things look like nonsense but you can wait the next tests and look to the reality

use Google translate utility, thanks  

...also, if samples had to match heuristics rules, why not get in touch with the hackers and ask them to provide more info about the samples, you know, to adjust heuristics 

[yaslaw]

not always the new samples detected by the heuristics,may be all your sample dont match the heuristics rules in avast heuristics
and the heuristics is really running and that what say the report come from av-comparatives.com

According first statemant. We seen almost NONE detection by heuristic (there was one raport on forum about suspicious sys file - warning probably from antrootkit module) - its not only me but others users also never reported any heuristic detection. I sent to ALWIL about 5 new samples not detected and never seen any heuristic warning.

Second statement: As I understood these malware cought in these test were cought   by suberb generic detection, not by heuristic (you can check report from av comperatives ie. about reported fp) but maybe I'm wrong

regards..
yaslaw

[superhacker]

use virtual machine and debuggers and hex tools and system monitors and............to know the rules your self,thanks
may be you should adjust your thoughts about me too.
4 yaslaw:
may be the files detected by the heuristic module named under generic or any virus name

[yaslaw]

4 yaslaw:
may be the files detected by the heuristic module named under generic or any virus name

Gohoos81 asked

  Is this feature not implemented yet or are heuristic-based detections assessed as "malware-gen" and lumped into the same "malware-gen" category as signature-based detections? 

Do you see some similarity??? It's why we asking again and again, because we DON'T known, and we would like to hear some answers.. I guess that we expressed our questions quite clearly, and you as a man of pure 0 and 1 logic shouldn't have any problem with understanding it 

[superhacker]

ok ,vlk please answer us,plaese

[disPlay]

ok ,vlk please answer us,plaese

Please not Plaese 

[kubecj]

Regarding the disappearing definitions - yes, we occasionally do a cleanup. Sometimes even huge cleanup can happen - I have it prepared for next month, it will be a big difference in total numbers (which just proves that this number is a bit of nonsense).

Regarding heuristics: the engine is in there and is being tested. The detections for now are still done in the standard way. Code emulator works and is able to catch some modified samples.

[yaslaw]

Regarding heuristics: the engine is in there and is being tested. The detections for now are still done in the standard way

Thx for the answer..So we will wait to see when it will be done..

Regards
yaslaw

[coolsilver]

What do you want Vlk to answer?


I am having issues following what the issue or misunderstanding that needs addressed.

Not to mention a lot of pettiness.

[Gohoos81]

Regarding heuristics: the engine is in there and is being tested. The detections for now are still done in the standard way.

Thanks for your response kubecj,

Since it seems heuristics are not fully implemented per the statement above, when is the decided, or anticipated launch date for fully implementing this feature?  Am I correct to assume that the release of avast! 5.1 is the intended launch date of a fully-operational heuristics engine?