Most Valued Members Nightowl 206 Posted February 25, 2020 Most Valued Members Posted February 25, 2020 I don't know if someone suggested this before , but this could help a little bit , and also even help the engine maybe as more submissions will come as for now VirusTotal checks only the signature database It will be nice to see the AI in work Just a suggestion , can be ignored if you'd like
itman 1,807 Posted February 25, 2020 Posted February 25, 2020 If you open Eset GUI Advanced Setup, you will observe that Augur; i.e. Advanced Machine Learning, is part of the real-time detection engine. As such, there would be a Augur detection, shown as ML/......., if applicable. Also since Augur is embedded in the detection engine, I don't see how it can be segregated to show detection's specific to it as done at VT for example, by BitDefender.
Most Valued Members Nightowl 206 Posted February 25, 2020 Author Most Valued Members Posted February 25, 2020 9 minutes ago, itman said: If you open Eset GUI Advanced Setup, you will observe that Augur; i.e. Advanced Machine Learning, is part of the real-time detection engine. As such, there would be a Augur detection, shown as ML/......., if applicable. Also since Augur is embedded in the detection engine, I don't see how it can be segregated to show detection's specific to it as done at VT for example, by BitDefender. No I meant like to be used in VirusTotal , Hybrid Analyze , App any run , not the application itself , maybe some page from ESET so people can upload to them and check for AI results
itman 1,807 Posted February 25, 2020 Posted February 25, 2020 48 minutes ago, Nightowl said: No I meant like to be used in VirusTotal , Hybrid Analyze , App any run , not the application itself , maybe some page from ESET so people can upload to them and check for AI results It already exists. Its called; Quote ESET Dynamic Threat Defense is a paid service provided by ESET. Its purpose is to add a layer of protection specifically designed to mitigate threats that are new in the wild. https://help.eset.com/edtd/en-US/overview.html Only available to corp. customers running EMC.
Most Valued Members Nightowl 206 Posted February 25, 2020 Author Most Valued Members Posted February 25, 2020 (edited) 21 minutes ago, itman said: It already exists. Its called; https://help.eset.com/edtd/en-US/overview.html Only available to corp. customers running EMC. Yeah I know this product , I am just talking about adding the AI to VirusTotal or making a dedicated page for that purpose , it's just a suggestion , I am not looking for EDTD Enabling the AI Engine to be tested by too much people more than what is connected to LiveGrid through ESET , will surely test the engine and make it more powerful because so much more additions will be sent to it. I tried to remove the format , but it's typing like this , I don't know why.. Sometimes you upload something to VirusTotal , most of them gives you a clean result , only those who work with AI and machine learning , can give you the suspicious marking It helps a lot , and signature based is so old school at these times , this can help the user and the company , if the company is interested for sure. Edited February 25, 2020 by Nightowl
Administrators Marcos 5,468 Posted February 25, 2020 Administrators Posted February 25, 2020 2 hours ago, Nightowl said: Enabling the AI Engine to be tested by too much people more than what is connected to LiveGrid through ESET , will surely test the engine and make it more powerful because so much more additions will be sent to it. I disagree with this statement. The result would be less effective detection since VirusTotal is also used by crooks to test malware before it's released. We get samples from users who have the LiveGrid Feedback system enabled. While we get also certain samples from VirusTotal as well, the number of new samples pales in comparison with the number of new malware we receive from our users. I'd encourage everybody to keep the ESET LiveGrid Feedback enabled since it has several advantages: - Contributes to better protection for all ESET users - Should you get infected with new malware we can react quickly fully automatically and improve detection and cleaning - Safeguards you from possible issues caused by specific protection features when using custom applications by distinguishing your unpopular application from new malware.
itman 1,807 Posted February 25, 2020 Posted February 25, 2020 2 hours ago, Marcos said: The result would be less effective detection since VirusTotal is also used by crooks to test malware before it's released. Very astute statement. 👍 On the other hand, any malware developer "worth his salt" will have all the major AV players software installed and use that to test against. As frequently commented upon, only AV engine components are installed on VT. As such, a product's full protection capability can never be known from a VT scan.
Most Valued Members Nightowl 206 Posted February 26, 2020 Author Most Valued Members Posted February 26, 2020 14 hours ago, Marcos said: I disagree with this statement. The result would be less effective detection since VirusTotal is also used by crooks to test malware before it's released. We get samples from users who have the LiveGrid Feedback system enabled. While we get also certain samples from VirusTotal as well, the number of new samples pales in comparison with the number of new malware we receive from our users. I'd encourage everybody to keep the ESET LiveGrid Feedback enabled since it has several advantages: - Contributes to better protection for all ESET users - Should you get infected with new malware we can react quickly fully automatically and improve detection and cleaning - Safeguards you from possible issues caused by specific protection features when using custom applications by distinguishing your unpopular application from new malware. I understand the differences , and I can understand how LiveGrid is better while it's enabled on product , but I was talking about something else , about having Augur on VirusTotal And about malware developers and if they test their things on VirusTotal or something , but one they won't upload their 0-day malicious data to make it detected , so all the evasion or hidding that he has done is gone Even though I believe they do test their malware against AVs before they publish , so they know they can bypass/evade
Recommended Posts