Test:NOD 32 AMON

hj5abc

在"access"状态下,nod32的查杀范围只在已知,XX.Gen和脚本类的病毒..

yurius

amon的高启发只在on create的时候生效

Advanced heuristics (on create only) - Is a state-of-the-art code emulator developed by ESET that significantly extends heuristic capabilities of NOD32, enabling it to detect new threats without the need to update. Since emulation takes time, Advanced heuristics is used by AMON only on creation of new files, or modification of existing files.

hj5abc

Advanced heuristics is used by AMON only on creation of new files, or modification of existing files.

貌似ess没有这个限制了..

xffsfy

LZ确定这个注册机没往临时文件夹释放文件？是不是和这个有关系...

曲中求

当然确定。这个是个正常的注册机，现在NOD已经修正了误报了。。。。。。

xffsfy

原帖由 曲中求 于 2007-7-23 23:58 发表
当然确定。这个是个正常的注册机，现在NOD已经修正了误报了。。。。。。

如果升级病毒库的效率有这个高就好了....
PS： 他们是不是硬盘紧张啊....

曲中求

他们的升级效率其实也很高，只是原则不同，处理病库一定是客户优先，对于上报的病毒，除非是特别重要的，才会很快更新，比如viking之类的，还有类似于worm的木马，这个更新非常快。其实他们这样做，也有一定的优点，处理问题按轻重缓急的原则，也不能说更新没有效率。

关于上报不能得到即时更新，官方论坛的两位达人如是说：

Always bear in mind that signatures are picked up on a per-need basis and samples from collectors are treated with lower priority (unless they are of a higher importance), first we need to serve our clients and not deal with obscure samples from vx sites, etc.

Viruses, trojans and other malware are added on a priority basis, and it has to be this way or you would have the analysts breaking their back over the odd single sample sent to them, instead of keeping focus on the spreading samples and adding the rest as they go...

This is what Anton Zajac head of Eset had to say on the matter.

再来看下2415的更新，基本上全是木马。。。。

NOD32 - v.2415 (20070723)
Virus signature database updates:
BAT/DelAll.AT, HTML/TrojanDownloader.Agent.CD, HTML/TrojanDownloader.Agent.CG, HTML/TrojanDownloader.Agent.E (2), HTML/TrojanDownloader.Banload.A (2), Java/TrojanDownloader.OpenConnection.G, Java/TrojanDownloader.OpenConnection.N, Java/TrojanDownloader.OpenConnection.S, Java/TrojanDownloader.OpenConnection.W, Java/TrojanDownloader.OpenStream.AA (2), Java/TrojanDownloader.OpenStream.AB, Java/TrojanDownloader.OpenStream.C, Java/TrojanDownloader.OpenStream.D (4), VBS/Exploit.Phel.Q, Win32/Adware.BHO.CL (3), Win32/Adware.BHO.NBE (4), Win32/Adware.Cinmus (2), Win32/Adware.NewWeb (2), Win32/Adware.VirusProtectPro, Win32/Agent.AIR, Win32/Agent.NAS, Win32/Agent.NBO (4), Win32/Agent.NEF (2), Win32/Agent.NIP (2), Win32/Agent.NIY (2), Win32/Agent.NLC, Win32/Delf.NFF (2), Win32/Delf.NGC (2), Win32/Flooder.Delf.NAB (2), Win32/HackTool.HackingTools.F (3), Win32/Hoax.Renos.NCB (3), Win32/IEAutoCompleteViewer, Win32/IRCBot.NAE (2), Win32/IRCBot.TO, Win32/IRCBot.XX, Win32/KeyLogger.Ardamax.NAG (2), Win32/Nuwar, Win32/Optix.12, Win32/PSW.Agent.NDL, Win32/PSW.Agent.NDT, Win32/PSW.Agent.NEC, Win32/PSW.Agent.NEU (2), Win32/PSW.Delf.NHM, Win32/PSW.Delf.NHX, Win32/PSW.Delf.NIC (2), Win32/PSW.Delf.NIK (3), Win32/PSW.LdPinch.BOB, Win32/PSW.LdPinch.BPH (2), Win32/PSW.LdPinch.BTA (2), Win32/PSW.LdPinch.BTZ (2), Win32/PSW.LdPinch.BWI (2), Win32/PSW.LdPinch.BXC (2), Win32/PSW.LdPinch.NCB (5), Win32/PSW.LdPinch.NDA, Win32/PSW.LdPinch.NFA (3), Win32/PSW.LdPinch.RG, Win32/PSW.Lineage.ACN, Win32/PSW.Lineage.NFY, Win32/PSW.Lineage.RR, Win32/PSW.WOW.EC (10), Win32/Qhost.NBC (2), Win32/Rbot, Win32/Rootkit.Agent.NBT, Win32/Rootkit.Agent.NBU, Win32/Rootkit.Agent.NBV, Win32/Rootkit.Agent.NBW, Win32/Rootkit.Agent.NBX, Win32/Rootkit.Agent.NBY, Win32/Rootkit.Agent.NBZ, Win32/Rootkit.Agent.NCA, Win32/Rootkit.Agent.NCB, Win32/Rootkit.Agent.NCC, Win32/Rootkit.Agent.NCD, Win32/Rootkit.Agent.NCE, Win32/Rootkit.Agent.NCF, Win32/Rootkit.Agent.NCG, Win32/Rootkit.Agent.NCH, Win32/Rootkit.Agent.NCI, Win32/Rootkit.Agent.NCJ, Win32/Rootkit.Agent.NCK, Win32/Rootkit.Agent.NCL, Win32/Rootkit.Agent.NCM, Win32/Rootkit.Agent.NCN, Win32/Rootkit.Agent.NCO, Win32/Rootkit.Agent.NCP, Win32/Rootkit.Agent.NCQ, Win32/Rootkit.Vanti, Win32/ShipUp.NAD (2), Win32/Small.KK (8), Win32/Small.NBZ (2), Win32/Spy.Agent.JU (2), Win32/Spy.Agent.NDF (3), Win32/Spy.Agent.NDG (2), Win32/Spy.Banker.OEB (2), Win32/Spy.BZub.NEW, Win32/Spy.KeyLogger.NBD (4), Win32/Spy.KeyLogger.NBF, Win32/Spyboter.FD (3), Win32/TrojanClicker.Delf.NAP, Win32/TrojanDownloader.Agent.AEF, Win32/TrojanDownloader.Agent.BBB, Win32/TrojanDownloader.Agent.NMO, Win32/TrojanDownloader.Agent.NNP (2), Win32/TrojanDownloader.Banload.AOO, Win32/TrojanDownloader.Banload.NSH (2), Win32/TrojanDownloader.ConHook.AH (3), Win32/TrojanDownloader.Delf.BDM, Win32/TrojanDownloader.Delf.NVN (2), Win32/TrojanDownloader.Delf.NXQ (4), Win32/TrojanDownloader.QQHelper, Win32/TrojanDownloader.Small.CZL, Win32/TrojanDownloader.Small.NPT, Win32/TrojanDownloader.Small.NVP (3), Win32/TrojanDownloader.VB.NLE, Win32/TrojanDownloader.Zlob.AZX (11), Win32/TrojanDropper.Agent.ALV (2), Win32/TrojanDropper.Agent.AYS (2), Win32/TrojanDropper.Agent.BDQ (2), Win32/TrojanDropper.Agent.BFQ, Win32/TrojanDropper.Agent.BFS, Win32/TrojanDropper.Agent.BFW (2), Win32/TrojanDropper.Agent.BFX (2), Win32/TrojanDropper.Agent.BGB, Win32/TrojanDropper.Agent.BGM (2), Win32/TrojanDropper.Agent.BGN, Win32/TrojanDropper.Agent.BGO, Win32/TrojanDropper.Agent.BGS, Win32/TrojanDropper.Agent.BGT, Win32/TrojanDropper.Agent.BHB, Win32/TrojanDropper.Agent.CX, Win32/TrojanDropper.Agent.NCJ, Win32/TrojanDropper.Agent.NCW, Win32/TrojanDropper.Agent.NET (3), Win32/TrojanDropper.Agent.NEV (2), Win32/TrojanDropper.Agent.NEW, Win32/TrojanDropper.Agent.NEX, Win32/TrojanDropper.Agent.NEY (2), Win32/TrojanDropper.Agent.NEZ (2), Win32/TrojanDropper.Agent.NFA (2), Win32/TrojanDropper.Delf.AAH, Win32/TrojanDropper.Delf.ABA (2), Win32/TrojanDropper.Delf.ADR (2), Win32/TrojanDropper.Delf.ADT, Win32/TrojanDropper.Delf.MF (2), Win32/TrojanDropper.Delf.NEJ (2), Win32/TrojanDropper.Delf.NEK (2), Win32/TrojanDropper.Delf.NEL, Win32/TrojanDropper.Delf.NEN (2), Win32/TrojanDropper.Delf.NEO, Win32/TrojanDropper.Delf.NEQ (2), Win32/TrojanDropper.Delf.NER, Win32/TrojanDropper.Delf.NET, Win32/TrojanDropper.Delf.OP, Win32/TrojanDropper.Delf.TK (2), Win32/TrojanDropper.Joiner.AJ, Win32/TrojanDropper.Juntador, Win32/TrojanDropper.Microjoin.C (5), Win32/TrojanDropper.Microjoin.CZ, Win32/TrojanDropper.Microjoin.DB (2), Win32/TrojanDropper.Microjoin.DE (2), Win32/TrojanDropper.Mudrop.BT (2), Win32/TrojanDropper.Mudrop.DI, Win32/TrojanDropper.Small.ANF (2), Win32/TrojanDropper.Small.ANM, Win32/TrojanDropper.Small.APG (2), Win32/TrojanDropper.Small.APR (15), Win32/TrojanDropper.Small.AWW, Win32/TrojanDropper.Small.AWY, Win32/TrojanDropper.Small.AXB, Win32/TrojanDropper.Small.AXE (2), Win32/TrojanDropper.Small.NFK, Win32/TrojanDropper.Small.NFL, Win32/TrojanDropper.Small.NFO, Win32/TrojanDropper.Small.NFQ (2), Win32/TrojanDropper.Small.NFR, Win32/TrojanDropper.Small.NFV, Win32/TrojanDropper.Small.NFW, Win32/TrojanDropper.Small.NFX, Win32/TrojanDropper.Small.NFY, Win32/TrojanDropper.Small.NFZ, Win32/TrojanDropper.Small.NGA, Win32/TrojanDropper.Small.NGB (2), Win32/TrojanDropper.VB.NBO, Win32/VB.NIC (2), Win32/VB.NIQ (4), Win32/WinterLove.BD (4)

[ 本帖最后由 曲中求 于 2007-7-24 08:56 编辑 ]