0
Currently, I am messing around with Avira, Kaspersky & co. and C# Malware. My program is getting detected by Avira with the signature "HEUR/AGEN.1023813".
What does this signature mean? (What exactly did Avira detect?)
VerbxteneSkillz
Posted 2018-08-23T15:05:25.730
Reputation: 13
4
What does this signature mean?
It means whatever was detected, was detected through, heuristic analysis.
Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the "wild".
In other words, when it determined what the program did exactly by executing the programming commands within it's scanning engine, it matched the behavior of a generic heuristic malware variant sample. AGEN.1023813 is simple the identifier of that particular sample.
What exactly did Avira detect?
If Avira does not report this information then this cannot be determined. However, it's a safe bet, that the detection is based on the analysis that was performed. Outside of that educated guess, what Avira detected exactly, cannot be determined. Avira is a black box with regards to how their scanning engine works exactly.
Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. MultiCriteria analysis (MCA) is one of the means of weighing. This method differs from statistical analysis, which bases itself on the available data/statistics.
Ramhound
Posted 2018-08-23T15:05:25.730
Reputation: 28 517
@VerbxteneSkillz - Avira is a closed black box. You really shouldn't be trying to "mess around with" malware. Since it's your program you know every action that is performed. You can easily determine which action is being detected by Avira. – Ramhound – 2018-08-24T14:22:44.177
The only people that will be able to answer this conclusively would be Avira's authors; a best guess, based on the name of the signature, is that it sees a pattern of instructions in the code that strongly resembles code that may do inimical things to your computer - that is, it's using heuristics to decide that this program may be a problem. – Jeff Zeitlin – 2018-08-23T15:18:43.807