sweidre Posted July 28, 2010 Report Share Posted July 28, 2010 Hi, If another in the system tray resident shield as Anti-Virus, Anti-Malware, Firewall, AntiLogger etc. block, clean, or quarantine a malware, will then this malware be also noticed by the Immunet Protect for reporting to the Immunet Community Cloud?' Cheers, sweidre Link to comment Share on other sites More sharing options...
sweidre Posted July 30, 2010 Author Report Share Posted July 30, 2010 Hi, If another in the system tray resident shield as Anti-Virus, Anti-Malware, Firewall, AntiLogger etc. block, clean, or quarantine a malware, will then this malware be also noticed by the Immunet Protect for reporting to the Immunet Community Cloud?' Cheers, sweidre Hi again, hereby I reply to own question, because nobody has yet replied to my question, due to: 1. Nobody is not able to reply to it correctly, or 2. The question is not understood If #2 applies, I will hereby reformulate my question a bit: Besides Immunet FREE, I have in the system tray the following online shields: NOD32 Anti-Virus, Malwarebyres Anti-Malware, Emsisoft Anti-Malware, Zemana Antilogger, WinPatrol, and Task Catcher. Of course, not all shields will detect a parasit (virus or malware) at the very same time! One of the shields will detect the parasit first! If Immunet FREE will detect the parasit first, I take it for granted, that Immunet FREE will report and contribute it to the Immunet Community Cloud! But if one of the other online shields will detect the parasit first and block, clean, or quarantine it, will then Immunet FREE be capable to report and contribute this parasit to the Immunet Community Cloud? Cheers, sweidre Link to comment Share on other sites More sharing options...
xarc Posted July 31, 2010 Report Share Posted July 31, 2010 I guess not ... if NOD32 detect one malware and this malware it's not in Immunet database, then NOD32 must pass to Immunet the signature of this malware and I don't think NOD32 will report to Immunet this. Just a supposition, Link to comment Share on other sites More sharing options...
sweidre Posted July 31, 2010 Author Report Share Posted July 31, 2010 I guess not ... if NOD32 detect one malware and this malware it's not in Immunet database, then NOD32 must pass to Immunet the signature of this malware and I don't think NOD32 will report to Immunet this. Just a supposition, Hi Bogdan, I agree, with you! I doubt also, that NOD32 will pass its found malware info to Immunet! This means, that if we have many malware shields in addition to Immunet, the possibility that Immunet get info of a malware found is very small! So, to have Immunet alongside another Anti-Virus is not so good, if we think of increasing the amount of threats, that we are protected from in the Immunet cloud! An increase of the amount of Immunet members will not increase the number of threats, that we are protected from, if the new members place Immunet together with an existing Anti-Virus software. If we uninstall the other Anti-Virus software and only rely upon Immunet, the situation should be completely different! Then Immunet will hopefully catch the malware and of course report it to the "cloud"! On the other hand, I do not personally rely completely on Immunet, because it seems to me, that Immunet is not yet completely developed in all aspects yet! I want to see an inpartial review of Immunet compared with other well-known AV softwares first by testing the different AV softwares how they recognize and handle different virus and malwares! Cheers, sweidre Link to comment Share on other sites More sharing options...
Guest orlando Posted July 31, 2010 Report Share Posted July 31, 2010 Hi Bogdan, I agree, with you! I doubt also, that NOD32 will pass its found malware info to Immunet! This means, that if we have many malware shields in addition to Immunet, the possibility that Immunet get info of a malware found is very small! So, to have Immunet alongside another Anti-Virus is not so good, if we think of increasing the amount of threats, that we are protected from in the Immunet cloud! An increase of the amount of Immunet members will not increase the number of threats, that we are protected from, if the new members place Immunet together with an existing Anti-Virus software. If we uninstall the other Anti-Virus software and only rely upon Immunet, the situation should be completely different! Then Immunet will hopefully catch the malware and of course report it to the "cloud"! On the other hand, I do not personally rely completely on Immunet, because it seems to me, that Immunet is not yet completely developed in all aspects yet! I want to see an inpartial review of Immunet compared with other well-known AV softwares first by testing the different AV softwares how they recognize and handle different virus and malwares! Cheers, sweidre Instead It's contrary: When another antivirus detects malware that is not relevant Immunet is added to the community when a different product finds a virus. I am sure of what I say because I read it while translating Immunet in Italian, an explanation explaining the issue. Orlando Link to comment Share on other sites More sharing options...
xarc Posted July 31, 2010 Report Share Posted July 31, 2010 I think we must wait for a developer to respond here ... Link to comment Share on other sites More sharing options...
millard@immunet.com Posted August 2, 2010 Report Share Posted August 2, 2010 It depends on the order in the stack (specifically I believe it's the filter driver Altitudes that determine this) of who sees the file first. With Blocking Mode on, if Immunet Protect sees the file before any other AV, then it can mark it malicious and prevent another from seeing it. If it's not sure the file is malicious, it can send it to the cloud for further analysis, but allow the another AV to still detect and convict the file. If Immunet is not the first to see it, then another AV who may miss the detection will allow Immunet to still perform detection or send it to the cloud. With Blocking Mode off, then things get a little different. If Immunet Protect is in front, the file is still written to disk which gives another AV a chance to detect it and we have a race condition of who is going to mark it malicious and quarantine the file. A separate AV can still stop us from detecting if they see the first. Right now, it's NOT a bad thing to run Free with an additional AV. Link to comment Share on other sites More sharing options...
Guest orlando Posted August 2, 2010 Report Share Posted August 2, 2010 It depends on the order in the stack (specifically I believe it's the filter driver Altitudes that determine this) of who sees the file first. With Blocking Mode on, if Immunet Protect sees the file before any other AV, then it can mark it malicious and prevent another from seeing it. If it's not sure the file is malicious, it can send it to the cloud for further analysis, but allow the another AV to still detect and convict the file. If Immunet is not the first to see it, then another AV who may miss the detection will allow Immunet to still perform detection or send it to the cloud. With Blocking Mode off, then things get a little different. If Immunet Protect is in front, the file is still written to disk which gives another AV a chance to detect it and we have a race condition of who is going to mark it malicious and quarantine the file. A separate AV can still stop us from detecting if they see the first. Right now, it's NOT a bad thing to run Free with an additional AV. So to help more Immunet the "blocking mode" should be disabled? So if another antivirus detects a virus Immunet places it in the cloud. Orlando Link to comment Share on other sites More sharing options...
millard@immunet.com Posted August 2, 2010 Report Share Posted August 2, 2010 So to help more Immunet the "blocking mode" should be disabled? So if another antivirus detects a virus Immunet places it in the cloud. Orlando Actually, it's better to have Blocking turned on. It gives us more time to look at the file, but there is a small performance hit so we have it turned off by default. Link to comment Share on other sites More sharing options...
Guest orlando Posted August 2, 2010 Report Share Posted August 2, 2010 Actually, it's better to have Blocking turned on. It gives us more time to look at the file, but there is a small performance hit so we have it turned off by default. Okok I had already done a long time to hold on, I only had some problems with the translation of your previous topic. Orlando Link to comment Share on other sites More sharing options...
xarc Posted August 2, 2010 Report Share Posted August 2, 2010 It depends on the order in the stack (specifically I believe it's the filter driver Altitudes that determine this) of who sees the file first. With Blocking Mode on, if Immunet Protect sees the file before any other AV, then it can mark it malicious and prevent another from seeing it. If it's not sure the file is malicious, it can send it to the cloud for further analysis, but allow the another AV to still detect and convict the file. If Immunet is not the first to see it, then another AV who may miss the detection will allow Immunet to still perform detection or send it to the cloud. With Blocking Mode off, then things get a little different. If Immunet Protect is in front, the file is still written to disk which gives another AV a chance to detect it and we have a race condition of who is going to mark it malicious and quarantine the file. A separate AV can still stop us from detecting if they see the first. Right now, it's NOT a bad thing to run Free with an additional AV. No is not a bad thing with Free edition ... but can be "cheated" the others AV scanning ahead of them ? Link to comment Share on other sites More sharing options...
Vranek Posted August 28, 2010 Report Share Posted August 28, 2010 Are the detections by TETRA engine also reported to the Immunet cloud? Link to comment Share on other sites More sharing options...
alfred Posted August 28, 2010 Report Share Posted August 28, 2010 Are the detections by TETRA engine also reported to the Immunet cloud? They should be in 1.0.14 and up. They were not before. I know we altered the code base to allow for it, but I did not actually check. Let me look and get back to you. al Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.