Kyle Posted October 3, 2010 Report Share Posted October 3, 2010 What does immunet do if a file is unknown, - (It's not on the whitelist or any blacklist.) What happens after Immunet makes a generic detection? Is this then analysed in the cloud? If it makes a difference, I'm using the pay for version. Link to comment Share on other sites More sharing options...
ritchie58 Posted October 3, 2010 Report Share Posted October 3, 2010 If during a scan a file is flagged by one of the detection engines as being unknown it is sent to the servers for analysis by the Immunet team to determine its legitimacy. It is important that Immunet has an internet connection when running a scan for that reason. That's what the community approach is all about. Helping to keep each other safe from known and emerging threats. As with any Antivirus solution on the market today you can have false positives but I have seen through this forum that the Immunet team work very hard to rectify those problems when they arise. If you browse the forum there is a section where you can report false positives if you feel you've encountered one. Link to comment Share on other sites More sharing options...
Kyle Posted October 3, 2010 Author Report Share Posted October 3, 2010 That doesn't make sense. When I create my own programs they run fine without being determined legitimate in the cloud. Link to comment Share on other sites More sharing options...
ritchie58 Posted October 3, 2010 Report Share Posted October 3, 2010 Are you saying that you're a software developer and write your own code? Link to comment Share on other sites More sharing options...
Kyle Posted October 3, 2010 Author Report Share Posted October 3, 2010 No, I just posted it for fun. Link to comment Share on other sites More sharing options...
Kyle Posted October 4, 2010 Author Report Share Posted October 4, 2010 Bump Link to comment Share on other sites More sharing options...
Kyle Posted October 4, 2010 Author Report Share Posted October 4, 2010 ............ Link to comment Share on other sites More sharing options...
ritchie58 Posted October 4, 2010 Report Share Posted October 4, 2010 I did my best to answer your question. If it was too vague for your liking that's no reason to be rude toward me. Perhaps an administrator or someone more knowledgeable will post and can better answer your inquiries. Link to comment Share on other sites More sharing options...
Kyle Posted October 4, 2010 Author Report Share Posted October 4, 2010 Yes it's quite disappointing after buying a 2 year license that this is taking so long for such a simple question. I'd hate to have problems with the product, Imagen the tech support.. Link to comment Share on other sites More sharing options...
Guest Orlando Posted October 4, 2010 Report Share Posted October 4, 2010 What does immunet do if a file is unknown, - (It's not on the whitelist or any blacklist.) What happens after Immunet makes a generic detection? Is this then analysed in the cloud? If it makes a difference, I'm using the pay for version. First of all we apologize for the delay, but these days we have been working on the program and how to improve it. To answer your question: If a file is unknown, it is recognized as safe, but it is sent to the cloud and is analyzed to remove all doubt. After a generic detection Immunet seeks to examine in depth the malware specifically to catalog the best, we're just improving the way our engines will be able to increase the accuracy of specific malware (and detection), of course, all analyzed and controlled. Obviously there are differences in the product and on survey of the types of malware and not of variants of it (more information here: http://www.immunet.com/plus/compare/index.html). For example, if Immunet plus finds a generic trojan (W32.Trojan for example) also Immunet free find it (or his variants as plus), infact Immunet free and plus detect viruses, but it change if Immunet plus finds a spyware, Immunet free in this case does not detect it. Please ask if I haven't been exhaustive. Regards, Orlando Link to comment Share on other sites More sharing options...
Kyle Posted October 4, 2010 Author Report Share Posted October 4, 2010 Thank you, that was clear Link to comment Share on other sites More sharing options...
alfred Posted October 4, 2010 Report Share Posted October 4, 2010 First of all we apologize for the delay, but these days we have been working on the program and how to improve it. To answer your question: If a file is unknown, it is recognized as safe, but it is sent to the cloud and is analyzed to remove all doubt. After a generic detection Immunet seeks to examine in depth the malware specifically to catalog the best, we're just improving the way our engines will be able to increase the accuracy of specific malware (and detection), of course, all analyzed and controlled. Obviously there are differences in the product and on survey of the types of malware and not of variants of it (more information here: http://www.immunet.com/plus/compare/index.html). For example, if Immunet plus finds a generic trojan (W32.Trojan for example) also Immunet free find it (or his variants as plus), infact Immunet free and plus detect viruses, but it change if Immunet plus finds a spyware, Immunet free in this case does not detect it. Please ask if I haven't been exhaustive. Regards, Orlando Excellent reply Orlando. I will add one thing, in not all cases will the file be requested. The request will happen only if the file meets certain criteria as set by our cloud servers. In the majority of instances it will be reviewed only by the cloud/desktop engines and if it passes we will generally not ask for it. However, if it scores high on a 'suspicious' scale then we may well request it. ETHOS & the SPERO engines may request data directly. We also have a series of 'Cloud only' engines which will request files, they are the TMV and the CMV (Temporal Malware Verifier & Community Malware Verifier). Best, al Link to comment Share on other sites More sharing options...
Kyle Posted October 4, 2010 Author Report Share Posted October 4, 2010 Oh, I got another one while your here. How does immunet go with interpreted languages? e.g Python. I don't notice anything while I'm writing or executing Link to comment Share on other sites More sharing options...
alfred Posted October 4, 2010 Report Share Posted October 4, 2010 Oh, I got another one while your here. How does immunet go with interpreted languages? e.g Python. I don't notice anything while I'm writing or executing Not sure I understand your question. If you're asking if we review python scripts the answer is that we can although we rarely do. Plus will review ascii files more often than Free will. I am afraid there is no easy answer to that except to say both Free and Plus can both review non PE files although Plus will do so more often that Free. al Link to comment Share on other sites More sharing options...
Kyle Posted October 4, 2010 Author Report Share Posted October 4, 2010 The reason stemming from; http://forums.comodo.com/news-announcements-feedback-cis/how-to-kill-cis-easily-t56353.0.html;msg407810#msg407810 Reason being - comodo didn't monitor raw and got burned because of it(no protection what so ever, HIPS). Another user posted a more realistic threat with java.. So it's nice that you review as necessary, thanks. Link to comment Share on other sites More sharing options...
Shaoran Posted October 5, 2010 Report Share Posted October 5, 2010 Hi Kyle, On this case, the reason isn't because Comodo don't monitor raw as it checks it. The reason is all safe app can destroy it or bypass it (like OA too). Java script have been made to show that, and they fix it, but as there is so many way, you can still disable it with a html throw an ActiveX for example. I didn't do more test as I have no reason to spend time on it to see lot of users pray for Comodo and banish the devil. As you will not find lot of malware in java or python, it's not necessary to check it too, this was just some PoC. Practically all security suite can be disable with this method, but this won't mean that you are not protected as you won't find any malware which try to use this way. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.