How do i know if a file is Labled by CAMAS as Suspicious,Suspicious++ or Malware?

Nik · October 21, 2024, 10:12pm

Hello Xcitium
How do i know if a file is rated by CAMAS as CAMAS.Suspicious or Suspicious+ or Suspicious++ or CAMAS.Malware?

Nik · October 24, 2024, 9:28am

@nivedithab ? Please help

nivedithab · October 24, 2024, 10:27am

hi @Nik

apologies for the delayed reply,

I will check with the concern team and get back to you.

thank you

Nik · October 26, 2024, 3:26pm

@nivedithab Any news on how do i know when its CAMAS.Suspicious or CAMAS.Malware ?

Nik · November 2, 2024, 4:32pm

@nivedithab i found on killswitch that it has Camas but every time it says Error(Timeout)
so if Camas works on Verdict Cloud why does it not work on Killswitch?

Killswitch version:

Nik · November 3, 2024, 11:16pm

@nivedithab Are you here?
What is happening?

nivedithab · November 5, 2024, 10:57am

hi @Nik

apologies for the delayed response , i have already forwarded the details to the concern team and waiting for their update on the same

Nik · November 6, 2024, 9:58pm

CAMAS works perfectly on Xcitium Verdict Cloud but we dont know if its CAMAS.Suspicious or CAMAS.Malware
so if the team could add classification of CAMAS is it Suspicious or Malware so we know which CAMAS verdict is given to the file

nivedithab · November 7, 2024, 3:37am

@Nik

i have already forwarded the details to the concern team and waiting for their update on the same

Nik · November 7, 2024, 6:49pm

Yes thanks under Dynamic Analysis Overall Verdict tab it should say which CAMAS verdict it is like CAMAS.Suspicious or CAMAS.Malware or CAMAS.Suspicious++ or CAMAS.Suspicious+
for exeample

Here where is the arrow the team can add CAMAS Analysis Verdict there is enough space

Nik · November 7, 2024, 7:36pm

@nivedithab Under the Dynamic Analysis Overall Verdict the team can add CAMAS Analysis Verdict and the classification CAMAS.Suspicious or CAMAS.Malware,CAMAS.Suspicious+ or CAMAS.Suspicious++

nivedithab · November 8, 2024, 4:30am

hi @Nik

killswitch should be using obsolete Camas service, which one (suppose) is not supported anymore (at least not by our team)

regarding the Valkyrie item : looks like under “Camas” customer means Dynamic Analysis Service (Dynamic Analysis Overall Verdict)
it uses RegExpt and ML analyzer and as possible results: Highly Suspicious (dynamic_malware_probability around 100 ) and “No Threat Found” for the rest (no more options )

Examples:

Dynamic Analysis Overall Verdict Result
Highly Suspicious

Dynamic Analysis Overall Verdict Result
No Threat Found

Nik · November 8, 2024, 10:26am

And how do i know if its CAMAS.Suspicious or CAMAS.Malware could the team explain more?

nivedithab · November 8, 2024, 4:23pm

hi @Nik

the team has provided examples in the above comment to address your query.

Nik · November 8, 2024, 4:36pm

Yes but I still dont know if its CAMAS.Suspicious or CAMAS.Malware could the team explain how do i know?

Nik · November 8, 2024, 11:40pm

@nivedithab Could the team add to Dynamic Analysis Tab CAMAS Analysis Verdict and which it is?
Under the overall verdict it should say is it CAMAS.Suspicious or CAMAS.Malware etc

Right here under the DYNAMIC ANALYSIS OVERALL VERDICT
The team should add CAMAS ANALYSIS VERDICT So we know which CAMAS verdict it is

nivedithab · November 9, 2024, 4:38pm

hi @Nik

I will check with the backend team for feasibility and get back to you.

nivedithab · November 9, 2024, 5:56pm

Hi @Nik

The backend team have shared their feedback on your query.

Camas is obsolete service and the most possible is not supported anymore at all and not integrated with Valkyrie as well

Nik · November 9, 2024, 7:09pm

In Valkyrie it is supported obviously but its not supported in killswitch because its obsolete

Nik · November 12, 2024, 3:36pm

@nivedithab Camas in Valkyrie is working and its not obsolete