Say I made some malware in python or c# or whatever language, How would an antivirus detect that the program has malicious intent because how does the antivirus know that the program is malicious since it isn't known on its database to have malicious purposes.
Asked
Active
Viewed 100 times
-1
-
Your question appears to be: how does antivirus identify malware it has not seen before. Is that correct? – schroeder Jan 19 '19 at 14:33
-
yes correct that's what I'm asking! – Mattz Manz Jan 19 '19 at 14:38
-
While the question is not an exact duplicate, the answer you are looking for is there. Your question as asked is answered by wiki (or any Google search): https://en.wikipedia.org/wiki/Antivirus_software – schroeder Jan 19 '19 at 14:46
-
Ok cool I will check it out! – Mattz Manz Jan 19 '19 at 14:49
-
Please make sure that you have done at least a little research before posting here. – schroeder Jan 19 '19 at 14:51
1 Answers
1
Depends on the AV engine. Some AVs just do detection based on signatures so in this case your malware will be not detected. Others AVs have behavioral capabilities that allows them to analyze the behavior of your binary, for example based on syscalls paths or other heuristics, and decide if is malware and in some cases send statistical information to their cloud system and make a decision.
camp0
- 2,172
- 1
- 10
- 10
-
Oh okay thanks I get you, So its looks at the behaviour of the program! – Mattz Manz Jan 19 '19 at 14:39