So there is a trade off here: you can do conservative detection in favor of less FPs, and leave aggresive detection to IT administrators or you can be more aggressive in detection and optimize 3rd party FP test scores using certain white samples in the training set (e.g. Such product is susceptible to "pool pollution" attack and can be bypassed with clever social engineering. And for some static ML engines with low FPs in such test, one can easily trigger an FP by randomly padding zeroes and ones at the end of a benign file. On the other hand, if one product performs well in such FP test, it doesn't necessarily mean it is indeed low in FPs in real life.įor some "low FP" product in such test, one can easily make it generate an FP using simple tools and innocent code (like hello world). I personally tend to interpret the FP test in such 3rd party test as: if one product performs poorly in such FP test, it is indeed bad (and there is actually a sensible gap betwen 1~2 FPs and 4~5 FPs in such test when using the product in real life). But it also generates way more false positives. It blacklist threats very quickly with recent updates. The following picture shows me using the latest version of WinDbg to open the dump display provided by my post.MSE is indeed impressive with their new cloud system. Need to use the latest Windows 10 SDK analysis, I will provide new dump and reply later. I can see the crashed file in windbg, dump is generated from Windsystem. Probably caused by : Unknown_Image ( ANALYSIS_INCONCLUSIVE )"Ĭan you please provide us a new dump to have a look? "***** Debugger could not find nt in module list, module list might be corrupt, error 0x80070057. reload failed, module list may be incomplete" *** WARNING: Unable to verify timestamp for Unknown_Module_00000000`00000000 "Missing image name, possible paged-out or corrupt data. Thank you for providing us with the complete dump, but it seems it is corrupt so I'm not able to analyze it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |