Jump to content

Question about analysis result of EDTD

Guest

By Guest
in ESET Endpoint Products

 Share
Go to solution Solved by Marcos,

Recommended Posts

Guest

Guest

Posted
Posted

Hello,

At 13:33 pm this Monday I had a suspicious file (Hash is FB0FD605C0B390F7F47B94F53380D206DCD971CC) automatically reported to cloud sandbox for analysis via EDTD, and the analysis result was clean.

However, I found that in evening the suspicious file was determined to be a malicious (MSIL/Filecoder.AIE). This confuses me. I would like to know why a file that was determined to be clean after analysis by EDTD was determined to be malicious some time later? Does this mean that the results of EDTD may not be correct?

Thank you.

Link to comment
Share on other sites
  • Administrators
  • Solution
Marcos

Marcos 5,070

Posted
  • Administrators
  • Solution
Posted

In this particular case we've found a way how to improve EDTD detection. However, EDTD should be considered a magic box that will 100% distinguish new malware from benign files.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
3 hours ago, Marcos said:

In this particular case we've found a way how to improve EDTD detection. However, EDTD should be considered a magic box that will 100% distinguish new malware from benign files.

I get it. Thanks for the reply and for your hard work to make the product better.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...