Overview
- The model is live in the latest Kaspersky Unified Monitoring and Analysis Platform, providing detection within the SIEM pipeline.
- It can run in a correlation mode for faster alerting or process broader event collections for retrospective threat hunting.
- Detection relies on indirect metadata such as non‑standard paths, file renames, size or structure changes, digital signature integrity, and the calling process.
- Training used internal analysis data and anonymized Kaspersky Security Network telemetry with labels from Kaspersky’s file‑reputation databases.
- Kaspersky says early inaccuracies were addressed through iterative refinement, reports high accuracy today, and expects further gains as telemetry and KSN signals grow, with no independent validation cited.