Guest Posted May 5, 2021 Share Posted May 5, 2021 Hello, At 13:33 pm this Monday I had a suspicious file (Hash is FB0FD605C0B390F7F47B94F53380D206DCD971CC) automatically reported to cloud sandbox for analysis via EDTD, and the analysis result was clean. However, I found that in evening the suspicious file was determined to be a malicious (MSIL/Filecoder.AIE). This confuses me. I would like to know why a file that was determined to be clean after analysis by EDTD was determined to be malicious some time later? Does this mean that the results of EDTD may not be correct? Thank you. Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,241 Posted May 5, 2021 Administrators Solution Share Posted May 5, 2021 In this particular case we've found a way how to improve EDTD detection. However, EDTD should be considered a magic box that will 100% distinguish new malware from benign files. Link to comment Share on other sites More sharing options...
Guest Posted May 5, 2021 Share Posted May 5, 2021 3 hours ago, Marcos said: In this particular case we've found a way how to improve EDTD detection. However, EDTD should be considered a magic box that will 100% distinguish new malware from benign files. I get it. Thanks for the reply and for your hard work to make the product better. Link to comment Share on other sites More sharing options...
Recommended Posts