Hi, as i normally do, i submit a bunch of malware on a regular basis. What i have noticed and this has happenend alot, i have to object to malware rating. The team will rate as clean, we have the option to click on the VT rating, then as no surprice many vendors rate it as malware, as example below:
But yet if you look at the list of vendors rating is al malware, Xcitium is one of them:
This is very confusing and then causes doubt when it comes to auto-containment. It will only contain the file if unknown, know if the team rate malware as clean, when then have to hope somewhere in the attack chain is an unknown to then contain the attack chain somewhat.