Jump to content

JokerTux1337

Members
  • Posts

    6
  • Joined

  • Last visited

Kudos

  1. Upvote
    JokerTux1337 gave kudos to j91321 in Low reputation LiveGrid file - rule.   
    The easiest way how to safely test executable being low popularity is to just take some known executable e.g. notepad.exe and append a random byte at the end of the file with hex editor. It should still remain a valid PE and usually have 0 popularity and low reputation.
  2. Upvote
    JokerTux1337 gave kudos to JamesR in Low reputation LiveGrid file - rule.   
    Your rule is targeting a Process which will have low LiveGrid reputation and popularity.
    How are you testing the rule?
    If you are testing by simply downloading an EXE to the system, this will not trigger and would require a more advanced rule (<operations> section).
×
×
  • Create New...