Jump to content

Question about analysis result of EDTD


Go to solution Solved by Marcos,

Recommended Posts

Hello,

At 13:33 pm this Monday I had a suspicious file (Hash is FB0FD605C0B390F7F47B94F53380D206DCD971CC) automatically reported to cloud sandbox for analysis via EDTD, and the analysis result was clean.

However, I found that in evening the suspicious file was determined to be a malicious (MSIL/Filecoder.AIE). This confuses me. I would like to know why a file that was determined to be clean after analysis by EDTD was determined to be malicious some time later? Does this mean that the results of EDTD may not be correct?

Thank you.

Link to comment
Share on other sites

  • Administrators
  • Solution

In this particular case we've found a way how to improve EDTD detection. However, EDTD should be considered a magic box that will 100% distinguish new malware from benign files.

Link to comment
Share on other sites

3 hours ago, Marcos said:

In this particular case we've found a way how to improve EDTD detection. However, EDTD should be considered a magic box that will 100% distinguish new malware from benign files.

I get it. Thanks for the reply and for your hard work to make the product better.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...