Note The Engine In Popup Alert Or Details

[dallas7]

I'd like to see in the PopUp alert and/or in the File History Details the notation of which engine caught the malware.

 

If you can't do it sometime in the current release model, maybe for version 3?

 

Cheers!

[alfred]

I'd like to see in the PopUp alert and/or in the File History Details the notation of which engine caught the malware.

 

If you can't do it sometime in the current release model, maybe for version 3?

 

Cheers!

 

 

Yes, it should be in as of now actually. All detections w/ ETHOS.* or W32.SPERO.* are direct from the ETHOS or SPERO engines. Otherwise they come from our main engine (which has no name). That is not to say that ETHOS and or SPERO did not suck up the file (because they act as file gatherers as well as engines) and lend to it becoming a classified threat.

 

al

[dallas7]

Yes, it should be in as of now actually. All detections w/ ETHOS.* or W32.SPERO.* are direct from the ETHOS or SPERO engines. Otherwise they come from our main engine (which has no name).

Thanks for the clarification.

Hmmm. I'm going to have to pay more attention. I haven't yet noticed the ETHOS.* or W32.SPERO.* tags unless what I've seen so far is via the main one. Or Tetra. Are detections snagged by that tagged in any way?

Lately I've been disabling it for my zero day shenanigans so as to eliminated BitDefender from the fray.

 

It slipped my mind that Millard once mentioned in an email that the "main engine" has no name. That is so sad! I suggest we have a contest to name it. The prize? Three free downloads from Softpedia.

 

I submit: MEIP

Main Engine Immunet Protect

Pronounced "mipe" as in... wipe.

[alfred]

Thanks for the clarification.

Hmmm. I'm going to have to pay more attention. I haven't yet noticed the ETHOS.* or W32.SPERO.* tags unless what I've seen so far is via the main one. Or Tetra. Are detections snagged by that tagged in any way?

Lately I've been disabling it for my zero day shenanigans so as to eliminated BitDefender from the fray.

 

It slipped my mind that Millard once mentioned in an email that the "main engine" has no name. That is so sad! I suggest we have a contest to name it. The prize? Three free downloads from Softpedia.

 

I submit: MEIP

Main Engine Immunet Protect

Pronounced "mipe" as in... wipe.

 

Sure, MEIP sounds fine: > ETHOS detects are rare in the general overall detection landscape for us - to put it in context yesterday we saw 20,541 in-field convictions. The break out was:

 

MEIP: 18549

SPERO: 1742

ETHOS: 250

 

The numbers fluctuate a lot with MEIP and SPERO but ETHOS remains in the range, that will be changing a lot starting over the next 3 days as we get a lot more aggressive with ETHOS detections. Our goal, internally, is to increase our in-field detections by %100 by November 15. We are *well* on our way there already, our effort started Sept 1.

 

After shipping 2.0 we have a cloud that can scale to many millions of users, have good infrastructure, client etc. so our complete focus now is on moving the needle with detection.

 

One important thing to remember is that all of our engines have two modes:

 

1. Conviction

2. Vacuum

 

All engines start their life with us as a vacuum which means their purpose is primarily to suck up suspicious malware so we can classify it. Once that gets to a stage where the TP/FP rates look strong we flip on Conviction mode as well as continuing to operate it as a Vacuum.

 

Both MEIP, ETHOS and SPERO are running in both modes now and we are ratcheting up their aggressiveness over time. ETHOS gets its first real kick-start this week. SPERO has 3 active trees and more planned over the next 10 days.

 

Cheers,

al

[ritchie58]

I just posted in the issues/defects category concerning the difference in full scan times between Online Armor and COMODO Firewalls. After reading Alfred's post now I'm wondering that the discrepancy between scan times is due to the tweaking going on with the detection engines. What ever it is I'm just glad that a full scan doesn't take over an hour now.

[alfred]

I just posted in the issues/defects category concerning the difference in full scan times between Online Armor and COMODO Firewalls. After reading Alfred's post now I'm wondering that the discrepancy between scan times is due to the tweaking going on with the detection engines. What ever it is I'm just glad that a full scan doesn't take over an hour now.

 

 

Should not be the issue. SPERO is inline and actually faster than any of our engines. ETHOS is slower but is not invoked on full/custom/flash scans, it's designed to catch files as they are being downloaded.

 

al

[dallas7]

Thanks once again Al for taking the time to explain things so well and in the kind of detail your geek fans enjoy so much.

 

It doesn't take much imagination to realize how busy you and the rest of the crew are, but I don't think I'm alone in thinking this is the kind of progress we'd like to see posted up in the Announcements forum.

 

And, I might add, in the app's Notices windows (stuck in August). I know such minutia evokes a "Wow. Cool!" response in only a small segment of your user base, every one else would see it as a report from the front lines in the war against malware... "I'm not sure what all that engine stuff is all about, but those Immunet people are on the ball!"

 

Not to mention some one might post up at Wilduhs.

 

Just my thoughts. Cheers.

[alfred]

Thanks once again Al for taking the time to explain things so well and in the kind of detail your geek fans enjoy so much.

 

It doesn't take much imagination to realize how busy you and the rest of the crew are, but I don't think I'm alone in thinking this is the kind of progress we'd like to see posted up in the Announcements forum.

 

And, I might add, in the app's Notices windows (stuck in August). I know such minutia evokes a "Wow. Cool!" response in only a small segment of your user base, every one else would see it as a report from the front lines in the war against malware... "I'm not sure what all that engine stuff is all about, but those Immunet people are on the ball!"

 

Not to mention some one might post up at Wilduhs.

 

Just my thoughts. Cheers.

 

I think you're right. I will post something this evening in the Announcements section. I would post to Wilders but two things make me reticent to do so. I am usually super tight on time so I cannot follow it there and here. My responsibility is here so I fear looking a like pinhead by not actively participating on Wilders if I post something there. Also, posting on Wilders invites commentary from some awesome people and some... Wilders is a cool mix of people, do not get me wrong. I just need more time to apply there than I have is the gist of it. I just flipped the bit on ETHOS, I will post more about it tonight.

 

al

[dallas7]

I meant that some one else would read the Announcement here and post up on Wilduhs. As far as looking like a pinhead, that would be several rungs up on the social order over there. I can't speak for everyone, but I'm sure the consensus would be if you never posted up there again, it would just fine.

 

We'll look forward to your updates, here, as you get to them!