On 2018-05-25 18:05, Kagamin wrote:
One approach to behavioral detection is when the antivirus has an emulator that executes the analyzed program to see if it will do something nasty. Viruses are usually not written in python, so this emulation can be skipped for python programs.
I'm guessing for Python it has scanned the interpreter once at some point. It doesn't need to be re-scanned since it rarely changes. While a native application changes every time it's built.
-- /Jacob Carlborg
