From 5a0d4df62c8a9d40aaf78565aee9c7b24bc08c7b Mon Sep 17 00:00:00 2001
From: Moritz <mr-tz@users.noreply.github.com>
Date: Tue, 28 Nov 2023 16:21:43 +0100
Subject: [PATCH] suggest to run on dynamic trace for packed samples (#852)

* suggest to run on dynamic trace for packed samples

---------

Co-authored-by: Willi Ballenthin <willi.ballenthin@gmail.com>
---
 internal/limitation/file/internal-packer-file-limitation.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/limitation/file/internal-packer-file-limitation.yml b/internal/limitation/file/internal-packer-file-limitation.yml
index 5e87b7e56..bd983a65a 100644
--- a/internal/limitation/file/internal-packer-file-limitation.yml
+++ b/internal/limitation/file/internal-packer-file-limitation.yml
@@ -8,8 +8,9 @@ rule:
       This sample appears to be packed.
 
       Packed samples have often been obfuscated to hide their logic.
-      capa cannot handle obfuscation well. This means the results may be misleading or incomplete.
+      capa cannot handle obfuscation well using static analysis. This means the results may be misleading or incomplete.
       If possible, you should try to unpack this input file before analyzing it with capa.
+      Alternatively, run the sample in a supported sandbox and invoke capa against the report to obtain dynamic analysis results.
     scopes:
       static: file
       dynamic: file