alfred Posted September 7, 2010 Report Share Posted September 7, 2010 All, After working on our SPERO engine since our June release of 2.0 we have now shipped 3 SPERO sub-engines in 'convict' mode. This means you will start seeing SPERO detections popping up as of today. The three new sub-engines are virus 'family' specifc and are: 1. W32.SPERO.Allaple 2. W32.SPERO.SillyFDC 3. W32.SPERO.Startpage You may in some cases see detections with those names and an appended '-0907' as well. These sub-engines, as you might have guessed, are built to hit threats in the Allaple, SillyFDC and Startpage families. The last two 'families' are more references to threat types (those which copy themselves over network shares and those which change your start page on your browser). The represent the first of over a dozen sub-engines we will be releasing throughout the winter. We will also be switching on a 'Generic' tree in the next 10 days as well, this generic tree has our most signifigant boost in detections of all the trees ready to be brought to production right now . The 3 engines above plus the Generic engine in training dramatically increase our in-field detection rates. So much so that it's probably the biggest single gain I have seen for our product since it's 1.0.10 release. To put it in plain terms they increase our in-field detection rates by 70% or more in our test harnesses. We expect to see this jump in the field by the end of November if not before. Of course the risk of generic detection engines is that they will increase our FP rates. Please be sure to post in the FP Forum if you encounter any detections which you feel are FP's from these engines. Best, Alfred Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.