Microsoft AntiMalware Engine更新到1.1.10802.0版本【两月前Behavior特征的大爆发】

驭龙

今天的新引擎也是常规的惯例更新，没有什么太大的变化。
不过，两个月前的一次普普通通的特征库更新version 1.173.2258.0，却蕴含着不小的变化，那就是整合调整MA特征库的行为特征，添加和调整各种Behavior 定义，包括威胁注入、远控、破坏系统、关闭安全功能、网络行为实时监控和网络检查系统行为定义、QQ粘虫、IE 插件、锁屏等等方面的Behavior 定义，有的Behavior之前也存在，但危险等级都不是高和严重，这次则都提升为严重危险等级，也就是检测到这些行为以后，会自动拦截这些恶意行为。
十几天前，我随随便便的一个小测试，真的见到Suspicious Behavior拦截，只是依然不删除威胁母体，只是终止威胁进程和行为，希望以后能拥有删除母体和滚回的功能。


原日志
Antimalware (Antivirus + Antispyware)                        

Name	Alert Level
Behavior:Win32/AinslotNIS	Severe
Behavior:Win32/AlureonNIS	Severe
Behavior:Win32/AppdataInjector	Severe
Behavior:Win32/Bafruz.A	Severe
Behavior:Win32/BcdeditTestSigning.A	Severe
Behavior:Win32/Beebone	Severe
Behavior:Win32/Beebone.B	Severe
Behavior:Win32/BeeboneNIS	Severe
Behavior:Win32/BeksnocNIS	Severe
Backdoor:Win32/Bezigate.B	Severe
Behavior:Win32/BifroseNIS	Severe
Behavior:Win32/BingAdClick	Severe
Backdoor:MSIL/Bladabindi	Severe
Backdoor:MSIL/Bladabindi.AJ	Severe
Behavior:Win32/Caphaw.A	Severe
Behavior:Win32/Caphaw.B	Severe
Behavior:Win32/Caphaw.gen	Severe
Behavior:Win32/CarberpNIS	Severe
Behavior:Win32/CleamanNIS	Severe
Behavior:Win32/Clodow	Severe
Behavior:Win32/CodtreeNIS	Severe
Behavior:Win32/CreateSuspiciousProgramName	Severe
Behavior:Win32/CreateSuspiciousRegName	Severe
Behavior:Win32/Cribit.A	Severe
Behavior:Win32/Cribit.B	Severe
Behavior:Win32/CridexNIS	Severe
Behavior:Win32/Crilock.A	Severe
Behavior:Win32/Crowti.B	Severe
Behavior:Win32/CutwailNIS	Severe
Behavior:Win32/CycbotNIS	Severe
Behavior:Win32/DefmidNIS	Severe
Behavior:Win32/Deminnix.A	Severe
Behavior:Win32/Deminnix.B	Severe
Behavior:Win32/DimegupNRI.A	Severe
Behavior:Win32/Dircrypt	Severe
Behavior:Win32/DisabledFirewall	Severe
Behavior:Win32/DisabledMsAV	Severe
Behavior:Win32/DisabledUAC	Severe
Behavior:Win32/DisabledWindowsUpdate	Severe
Behavior:Win32/DisableRestorePoint.A	Severe
Behavior:Win32/DllRunAppData	Severe
Behavior:Win32/DllRunProgFiles	Severe
Behavior:Win32/DocAptExcel	Severe
Behavior:Win32/DocAptPowerPoint	Severe
Behavior:Win32/DocAptWord	Severe
Behavior:Win32/DofoilNIS	Severe
Behavior:Win32/DorkbotNIS	Severe
Behavior:Win32/DorkbotNRI.A	Severe
Behavior:Win32/DropAddons	Severe
Behavior:Win32/DropASEP	Severe
Behavior:Win32/DropMSASEP	Severe
Behavior:Win32/DroppedKnownMalware	Severe
Behavior:Win32/DursgNIS	Severe
Trojan:Win32/Dynamer!ac	Severe
Behavior:Win32/EMSGen	Severe
Behavior:Win32/ExpiroNIS	Severe
Behavior:Win32/ExploitDropFiles	Severe
Behavior:Win32/ExplorerInject.A	Severe
Behavior:Win32/EyeStye_Default_Startup	Severe
Behavior:Win32/EyeStye_Installation	Severe
Behavior:Win32/EyeStye_Installation2	Severe
Behavior:Win32/EyeStyeNIS	Severe
Behavior:Win32/FakePAV	Severe
Behavior:Win32/FakePAVNIS	Severe
Behavior:Win32/FakeScantiNIS	Severe
Behavior:Win32/FakeSysdef.A	Severe
Behavior:Win32/FakeSysdef.B	Severe
Behavior:Win32/FakeSysdefNIS	Severe
Behavior:Win32/FakeVimesNIS	Severe
Behavior:Win32/FakeXpaAntivirus.A	Severe
Behavior:Win32/FakeXpaAntivirus.B	Severe
Behavior:Win32/FakeYak	Severe
Behavior:Win32/Febipos.A	Severe
Behavior:Win32/Febipos.B	Severe
Behavior:Win32/FifesockNIS	Severe
Backdoor:Win32/Fynloski.A	Severe
Behavior:Win32/FynloskiNIS	Severe
Behavior:Win32/GamarueNIS	Severe
Behavior:Win32/GamevanceNIS	Severe
Behavior:Win32/Gatak	Severe
Behavior:Win32/Gepys.A	Severe
Behavior:Win32/Gepys.B	Severe
Behavior:Win32/GrozlexNIS	Severe
Behavior:Win32/HarnigNIS	Severe
Behavior:Win32/Heligoland	Severe
Behavior:Win32/HilotiNIS	Severe
Behavior:Win32/HotbarNIS	Severe
Behavior:Win32/IEPluginBypass1	Severe
Behavior:Win32/IEPluginBypass2	Severe
Behavior:Win32/IEUserAgentModify	Severe
Behavior:Win32/InjectedRemoteThreadCmd	Severe
Behavior:Win32/InjectedRemoteThreadCsrss	Severe
Behavior:Win32/InjectedRemoteThreadExplorer	Severe
Behavior:Win32/InjectedRemoteThreadIexplorer	Severe
Behavior:Win32/InjectedRemoteThreadMpscan	Severe
Behavior:Win32/InjectedRemoteThreadMrt	Severe
Behavior:Win32/InjectedRemoteThreadMsmpeng	Severe
Behavior:Win32/InjectedRemoteThreadServices	Severe
Behavior:Win32/InjectedRemoteThreadSmss	Severe
Behavior:Win32/InjectedRemoteThreadSvchost	Severe
Behavior:Win32/InjectedRemoteThreadWinlogon	Severe
Behavior:Win32/InjectedRemoteThreadWuauclt	Severe
Behavior:Win32/InjectRemoteThreadInMSAV	Severe
Behavior:Win32/IrcbruteNIS	Severe
Behavior:Win32/JavaExploit.A	Severe
Behavior:Win32/JavaExploit.B	Severe
Behavior:Win32/Jenxcus.A	Severe
Behavior:Win32/Jenxcus.B	Severe
Behavior:Win32/KaraganyNIS	Severe
Behavior:Win32/KelihosNIS	Severe
TrojanDownloader:Win32/Kuluoz.D	Severe
Behavior:Win32/KuluozNIS	Severe
Behavior:Win32/LockScreenNIS	Severe
Behavior:Win32/Loktrom	Severe
Behavior:Win32/Lollipop	Severe
Behavior:Win32/LolydaNIS	Severe
Behavior:Win32/ModifiedAutoRunInf	Severe
Behavior:Win32/ModifiedBootRecord	Severe
Behavior:Win32/ModifiedHosts	Severe
Behavior:Win32/ModifiedSecurityCenter	Severe
Behavior:Win32/ModifiedTitan	Severe
Behavior:Win32/ModifiedVolumeBootRecord	Severe
Behavior:Win32/Modify_BrowserDLL	Severe
Behavior:Win32/Morto.A	Severe
Behavior:Win32/MpDropper	Severe
Behavior:Win32/MpTamperEx.A	Severe
Behavior:Win32/MpTamperEx.B	Severe
Behavior:Win32/MpTamperImgDeb.A	Severe
Behavior:Win32/MpTamperMrtGuid.A	Severe
Behavior:Win32/MpTamperMsi.A	Severe
Behavior:Win32/MpTamperRt.A	Severe
Behavior:Win32/MpTamperRt.B	Severe
Behavior:Win32/MpTamperSrp.A	Severe
Behavior:Win32/MpTamperSrv.A	Severe
Behavior:Win32/MpTamperSrv.B	Severe
Behavior:Win32/MpTamperSrv.C	Severe
Behavior:Win32/MpTamperSrv.D	Severe
Behavior:Win32/MpTamperSrv.E	Severe
Behavior:Win32/MpTamperSrv.G	Severe
Behavior:Win32/MpTamperSrv.H	Severe
Behavior:Win32/MpTest	Severe
Behavior:Win32/MultiInjector	Severe
Behavior:Win32/MultiInjector2	Severe
Behavior:Win32/MyFwusNIS	Severe
Behavior:Win32/Napolar.A	Severe
Behavior:Win32/Napolar.B	Severe
Behavior:Win32/Necurs	Severe
Behavior:Win32/Necurs.A	Severe
Behavior:Win32/NedsymNIS	Severe
Behavior:Win32/Nemim	Severe
Behavior:Win32/Neurevt.A	Severe
Behavior:Win32/Nivdort.A	Severe
Behavior:Win32/ObvMalPath.A	Severe
Behavior:Win32/OficlaNIS	Severe
PWS:Win32/OnLineGames.AH	Severe
Behavior:Win32/PamesegNIS	Severe
Behavior:Win32/PassTheHash	Severe
Behavior:Win32/PdfexploitDropper.A	Severe
Behavior:Win32/PeExtBmp.A	Severe
Behavior:Win32/PeExtDat.A	Severe
Behavior:Win32/PeExtGif.A	Severe
Behavior:Win32/PeExtJpg.A	Severe
Behavior:Win32/Picpe.A	Severe
Behavior:Win32/PirpiMod	Severe
Backdoor:Win32/Plugx.A	Severe
Behavior:Win32/Plugx.gen!B	Severe
Behavior:Win32/PoisonNIS	Severe
Behavior:Win32/PushbotNIS	Severe
Behavior:Win32/QQpassNIS	Severe
Behavior:Win32/Ramdo.A	Severe
Behavior:Win32/Ramdo.B	Severe
Behavior:Win32/RamnitNIS	Severe
Behavior:Win32/RamnitNRI.A	Severe
Behavior:Win32/RansomwareMyt.A	Severe
Behavior:Win32/RbotNIS	Severe
Worm:Win32/Rebhip	Severe
Behavior:Win32/RedOctNIS	Severe
Behavior:Win32/RemoteAccessDropper	Severe
Behavior:Win32/Renos217	Severe
Behavior:Win32/RenosLogo	Severe
Behavior:Win32/RenosNIS	Severe
Behavior:Win32/RenosPaper	Severe
Behavior:Win32/RenosQwerce	Severe
Behavior:Win32/Reveton	Severe
Behavior:Win32/Reveton.B	Severe
Behavior:Win32/RevetonNIS	Severe
Behavior:Win32/RevetonNRI.A	Severe
Behavior:Win32/RunsBcdedit	Severe
Behavior:Win32/Scarpnex.A	Severe
Behavior:Win32/SefnitDropper.A	Severe
Behavior:Win32/SefnitNIS	Severe
Behavior:Win32/ShadowCopyDelete.A	Severe
Behavior:Win32/Simda	Severe
Behavior:Win32/SimdaNIS	Severe
Behavior:Win32/SinowalNIS	Severe
Behavior:Win32/Sirefef	Severe
Behavior:Win32/SirefefNIS	Severe
Behavior:Win32/SisbotNRI.A	Severe
Trojan:Win32/Sisron	Severe
Behavior:Win32/SlenfbotNIS	Severe
Behavior:Win32/SpoolDropper	Severe
Behavior:Win32/SpoolsvDropper	Severe
Behavior:Win32/Stegvob.A	Severe
Behavior:Win32/StegvobNIS	Severe
Behavior:Win32/SvchostInject.A	Severe
Behavior:Win32/SwizzorNIS	Severe
Behavior:Win32/SystemInjector	Severe
Behavior:Win32/TamperedModernApp	Severe
Behavior:Win32/TamperSafeboot.A	Severe
Behavior:Win32/TamperSmartScreen.A	Severe
Behavior:Win32/TamperSmartScreen.B	Severe
Behavior:Win32/TamperTpm.A	Severe
Behavior:Win32/TamperTpm.B	Severe
Behavior:Win32/TaterfNIS	Severe
Behavior:Win32/TedrooNIS	Severe
Behavior:Win32/TerminateMsAVUI	Severe
Behavior:Win32/TeschNRI.A	Severe
Behavior:Win32/TestSig	Severe
Behavior:Win32/UACBypassExploit	Severe
Behavior:Win32/UACScript.A	Severe
Behavior:Win32/Upatre.A	Severe
Behavior:Win32/Upatre.B	Severe
Behavior:Win32/Vawtrak.A	Severe
Behavior:Win32/Vawtrak.gen!D	Severe
Behavior:Win32/VobfusNIS	Severe
Behavior:Win32/VundoNIS	Severe
TrojanDownloader:Win32/Waledac	Severe
Behavior:Win32/WaledacNIS	Severe
Behavior:Win32/WinwebsecNIS	Severe
Behavior:Win32/WuCallNIS	Severe
Backdoor:Win32/Xtrat.A	Severe
Behavior:Win32/XtratNIS	Severe
PWS:Win32/Zbot	Severe
Behavior:Win32/Zbot_Installation	Severe
Behavior:Win32/Zbot_Installation.B	Severe
Behavior:Win32/Zbot_Installation.C	Severe
Behavior:Win32/Zbot_Installation.D	Severe
Behavior:Win32/Zbot_Startup	Severe
Behavior:Win32/ZbotNecurs_Installation.A	Severe
Behavior:Win32/ZbotNIS	Severe
Behavior:Win32/ZegostNIS	Severe
Behavior:Win32/ZwangiNIS	Severe
Behavior:MSIL/Bariori.A	Moderate
Behavior:MSIL/BladabindiNRI.A	Moderate

殇逝

亲，你的怎么是4.6啊，我的还是4.5.。。ps:原来是预发行版本，是吗？

驭龙

殇逝 发表于 2014-7-15 08:24
亲，你的怎么是4.6啊，我的还是4.5.。。ps:原来是预发行版本，是吗？

是预发行版本的破解版4.6，没意思，跟之前的SCEP 4.5一样有自保BUG

maomao110

新引擎也是常规的惯例更新

猫猫就知道会有这句话

saky20008

驭龙 发表于 2014-7-15 08:45
是预发行版本的破解版4.6，没意思，跟之前的SCEP 4.5一样有自保BUG

为了避免BUG上次特意装SCEP 4.4结果还是升到4.5，郁闷，这么久了SCEP 还没搞定

驭龙

saky20008 发表于 2014-7-15 11:29
为了避免BUG上次特意装SCEP 4.4结果还是升到4.5，郁闷，这么久了SCEP 还没搞定

唉，似乎SCEP在Windows 8.X下比WD的自保弱，哈

特斯拉

MSE区楼主的帖子每次都让我受益不少

黑沙子

其实没什么特殊嗜好的话，用MA还是挺好的，简单 省心，相信将来也会越来越好

imim234

标题好长