本帖最后由 191196846 于 2018-9-28 21:32 编辑
1&2
If you choose to "auto upload files", the files would be uploaded immediately if the query result is "unknown" (scan buttom status "scanning.."), and after querying all files, the scanner would query again these previous unknown files to get the lastest result ( scan buttom status "updating..").
The reason why the process still exsits after closing main window is that it is still uploading files and does not get any feedback,including successes or errors like "fail", and I do not set timeout ( because of difference of uploading speed or file size ) . Once it has the result and sends message to the non existing main window, the thread would automatically exit because of errors. Python's child thread function is not affected even if main thread is terminated...
Stop Scan Buttom will be added in the next update.
3.
Detection has two part:
first: by trusted vendors whose verdicts are very accurate and used to give the direct threat name.
second: if numbers of engines report malicous exceed the threshold (in settings), the threat name would be "malware"
===
It seems the result does not have any trusted vendors' malicious verdict , so ...
if engines threshold in Settings is 80% , then 66*(1-0.8) = 13 -> It means if there are more than 13 engines on VT reports "malicious", then result would be "malware". The picture shows only 12, so...
You can change the engines threshold to higher value if you want higher detection rate (like 90, but must not be 100 because you know..)
|
楼主: Jerry.Lin
[复制链接]
楼主
发表于 2018-9-28 20:55:22
