[MultiAV] Dynamic Scanning of Samples

Question

[MultiAV] Dynamic Scanning of Samples

SteveBox0 opened this issue a year ago · 3 comments

Lots of AV don’t perform will using just using the file AV scan component. It would be much better if an option was adding to the Dynamic Analysis to include AV products results from executing the payload.

Answer 1 · 2023-01-03T10:57:46.000Z

Hey @SteveBox0

We are working on it ! That's what the next release will include: dynamic analysis report.

Just wait a couple of weeks, and this will be public.

Answer 2 · 2023-01-03T15:24:13.000Z

Hi @LordNoteworthy ,

Great to here. Behavioral AV detection is much more of a useful feature now days that static analysis is heavily bypassed and VT from what i can tell mainly static only. Does that mean you will be running a VM for each AV product during the dynamic analysis stage? Otherwise i suspect they might conflict with each other.

Answer 3 · 2023-04-23T00:40:29.000Z

Each AV has to run in a separate VM to avoid conflicts, agree this is more relastic tests but requires more hardware resources.

@SteveBox0 have you seen any service which does that ? I can remember one but I forgot the name.