I’ve seen quite some detections with such tag, like Win32:FNFAV-C [Susp], INF:AutoRun [Susp], JS:ScrObfs-gen [Susp] etc…
Now i do know that [Heur] stands for a heuristic detection, but what is [Susp] then? I’m guessing suspicious, but wouldn’t that fall under [Heur] as well? Just curious as usual
I don’t think they are. Those have [Heur] tag. That’s why i’m wondering. Unless they use [Heur] for behavior analysis heuristics and [Susp] for more “traditional” heuristics used to scan Autoruns, BAT’s, scripts, HTML files and so on, stuff that usually doesn’t run inside virtual emulators but can still be checked with heuristics.
I believe they are basically equivalent - some virus analysts using [Heur] even though we originally agreed on [Susp] (or vice versa, I don’t remember it myself ;)).