What does [Susp] tag stands for?

I’ve seen quite some detections with such tag, like Win32:FNFAV-C [Susp], INF:AutoRun [Susp], JS:ScrObfs-gen [Susp] etc…

Now i do know that [Heur] stands for a heuristic detection, but what is [Susp] then? I’m guessing suspicious, but wouldn’t that fall under [Heur] as well? Just curious as usual :slight_smile:

Methinks those are behavior shield detections.

edit:http://forum.avast.com/index.php?topic=59700.0

or not.

I don’t think they are. Those have [Heur] tag. That’s why i’m wondering. Unless they use [Heur] for behavior analysis heuristics and [Susp] for more “traditional” heuristics used to scan Autoruns, BAT’s, scripts, HTML files and so on, stuff that usually doesn’t run inside virtual emulators but can still be checked with heuristics.

I believe they are basically equivalent - some virus analysts using [Heur] even though we originally agreed on [Susp] (or vice versa, I don’t remember it myself ;)).

Ok, thanks for clearing that up. :slight_smile: