查看: 2190|回复: 8
收起左侧

[交流探讨] uds危险图案 是不是断网也能触发呢?

[复制链接]
kxmp
发表于 2017-8-7 19:24:16 | 显示全部楼层 |阅读模式
本帖最后由 kxmp 于 2017-8-7 19:38 编辑

有没有人来试试....

我好久没用杀软了.

我看官网说
什么bss行为流特征码
然后主动防御有个特征码可以升级. 这个主动防御有个虚拟环境. 他会自动分析程序行为.
发现可疑行为 会发到ksn里面....


About System Watcher
The System Watcher component collects data about the application activity on the computer and provides the collected data to other components to optimize and enhance their work.

Dangerous activity patterns (BSS - Behaviour Stream Signatures) contain action sequences that are identified by Kaspersky Endpoint Security 8 for Windows as malicious actions.

If the application activity is similar to these activity patterns, Kaspersky Endpoint Security 8 for Windows performs actions set by administrators.

Information By default, if the application activity is similar to dangerous activity patterns, System Watcher quarantines the executable file of the application.

System Watcher provides proactive protection of the computer.

According to the collected data, after disinfection the application can roll back malicious actions performed in the system.

Action rollback can be initiated by proactive defense, File Anti-Virus or during the computer scan.

Information Action rollback does not influence the work of the OS work and the integrity of the files.

端点保护里面是系统观察器 取样 收集行为流特征


In addition to the ability to make regular updates, the heuristics database also supports trial behavior patterns. If Proactive Defense detects application behavior that is considered suspicious according to one of these patterns, a special report is sent to Kaspersky Lab via Kaspersky Security Network (KSN). This occurs if the user confirms agreement to participate in KSN. This feature means that the likelihood of false positives is minimized in the future.

然后主动防御的介绍 说的是个人版.
主动防御组件 检测到可疑行为 会发送到ksn里面

他说这个只是用来减少误报.

If the reputation services have no information about a program, various components of Kaspersky PURE 2.0 calculate the approximate level of threat it poses. Level of threat is a rate of maliciousness which can be caused to your operating system. It is based on two criteria:

Statistic (data concerning a file: size, creation date and etc.).
Dynamic (analysis of calling to system functions). The analysis is performed in a virtual environment. identified criteria allow detecting malicious activity.

这个ksn网络收集 静态 和动态信息
这里他的动态信息只说了收集程序使用的系统函数.

In the 2012 version of Kaspersky Lab products, the reputation services include the Astraea expert system. The purpose of the Astraea expert system is to analyze statistical information about applications and URLs, on the basis of which a verdict is reached regarding any hypothetical danger.

Information Reputation services are online services containing information about:

trusted applications and websites (whitelisting).
suspicious applications and websites (UDS - Urgent Detection System).
Kaspersky Lab’s specialists add information to these services before it becomes available in the form of updates to signature databases. This makes for much faster response times when new threats appear.

uds里有个专家系统. 这专家系统难道就简单评个分? 还是偷偷的把"减少误报"的行为特征码也使用了?

Kaspersky Lab’s specialists add information to these services before it becomes available in the form of updates to signature databases. This makes for much faster response times when new threats appear.

然后这个网络也不是全自动化的. 有人工处理...


那人们说的那个uds 危险图案到底是什么?
俄国佬是不是耍诈了. 我看他有可能把主动防御的具体日志也发过去了. 就是行为特征码.

可是危险图案为什么开头是uds 这不是自相矛盾么.
uds里面撑死只有危险行为+程序的评分.
但是这个行为特征 是主动防御自己发过去的. 又不是uds在跑分析... 取样是主动防御做的.

听说改md5对uds没用 但是这并不代表uds就只会收集md5 而且卡巴根本没说uds会收集md5
他只说了checksum
模糊哈希照样是哈希 他好像就是通过程序用了什么什么函数乱七八糟的
综合起来 生成一个hash
你修改md5是没用的. 那ksn是否用了模糊hash之类的技术?!



Wesly.Zhang
发表于 2017-8-7 22:12:59 | 显示全部楼层
Hello,

uds特征是病毒分析师定期根据需要手动添加到库中的,不是跟什么MD5码与KSN有关系。
dongwenqi
发表于 2017-8-8 11:00:40 | 显示全部楼层
Wesly.Zhang 发表于 2017-8-7 22:12
Hello,

uds特征是病毒分析师定期根据需要手动添加到库中的,不是跟什么MD5码与KSN有关系。

HELLO,你这个安软顾问团队是什么时候加上去的
Wesly.Zhang
发表于 2017-8-9 10:41:28 | 显示全部楼层
dongwenqi 发表于 2017-8-8 11:00
HELLO,你这个安软顾问团队是什么时候加上去的

Hello,

I have no idea, Maybe so long ago,
明月丶舞白衣
发表于 2017-8-11 10:12:25 | 显示全部楼层
dongwenqi 发表于 2017-8-8 11:00
HELLO,你这个安软顾问团队是什么时候加上去的

羡慕嫉妒恨了吗
dongwenqi
发表于 2017-8-11 10:16:08 | 显示全部楼层

没啥好羡慕的,我这个人就是低调
明月丶舞白衣
发表于 2017-8-11 10:21:05 | 显示全部楼层
dongwenqi 发表于 2017-8-11 10:16
没啥好羡慕的,我这个人就是低调

你再看看我的组别
dongwenqi
发表于 2017-8-11 10:25:46 | 显示全部楼层

绝对是高级,和你比较,我的确落伍了
明月丶舞白衣
发表于 2017-8-11 10:37:00 | 显示全部楼层
dongwenqi 发表于 2017-8-11 10:25
绝对是高级,和你比较,我的确落伍了

好了,不水了 不然我们俩都要被处罚了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-26 10:45 , Processed in 0.118765 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表