« Reply #15 on: April 04, 2011, 08:05:51 PM »
These more paranoid and generic settings should be available as part of antivirus settings but disabled by default.
For example:
- double extensions (example.jpg.scr or example.pdf.exe)
- large whitespace sequnces (example.jpg .exe)
- large whitespace sequences in combination with suspicious double extensions
In theory this could be easily done using Behavior Shield with pretty high accuracy. Throw in whitespace sequences check and with positions of extensions and fake extensions in the name and i don't think you'd ever get any false positive even with this feature enabled at all times. They'd just have to check non english and for example islamic (is this right) sequences since they write and read from right to left and that might work different for this detection).
Yes I meaned that like you.
Just when you will want to open file with dangerous double extension the behavior shield will pop-up
Logged
Real-time protection and Firewall: COMODO Internet Security 12.0.0.6810 -- Additional Protection: Web Of Trust, Ublock, NoScript, Malwarebytes Premium, Avast! Online Security, Hitman Pro -- OS: Windows 10
Poll