Jump to content

Few Questions About Immunet


Kyle

Recommended Posts

What does immunet do if a file is unknown, - (It's not on the whitelist or any blacklist.)

What happens after Immunet makes a generic detection? Is this then analysed in the cloud?

 

If it makes a difference, I'm using the pay for version.

Link to comment
Share on other sites

If during a scan a file is flagged by one of the detection engines as being unknown it is sent to the servers for analysis by the Immunet team to determine its legitimacy. It is important that Immunet has an internet connection when running a scan for that reason. That's what the community approach is all about. Helping to keep each other safe from known and emerging threats. As with any Antivirus solution on the market today you can have false positives but I have seen through this forum that the Immunet team work very hard to rectify those problems when they arise. If you browse the forum there is a section where you can report false positives if you feel you've encountered one.

Link to comment
Share on other sites

Guest Orlando

What does immunet do if a file is unknown, - (It's not on the whitelist or any blacklist.)

What happens after Immunet makes a generic detection? Is this then analysed in the cloud?

 

If it makes a difference, I'm using the pay for version.

 

First of all we apologize for the delay, but these days we have been working on the program and how to improve it.

 

To answer your question: If a file is unknown, it is recognized as safe, but it is sent to the cloud and is analyzed to remove all doubt.

 

After a generic detection Immunet seeks to examine in depth the malware specifically to catalog the best, we're just improving the way our engines will be able to increase the accuracy of specific malware (and detection), of course, all analyzed and controlled.

 

Obviously there are differences in the product and on survey of the types of malware and not of variants of it (more information here: http://www.immunet.com/plus/compare/index.html). For example, if Immunet plus finds a generic trojan (W32.Trojan for example) also Immunet free find it (or his variants as plus), infact Immunet free and plus detect viruses, but it change if Immunet plus finds a spyware, Immunet free in this case does not detect it.

 

Please ask if I haven't been exhaustive.

Regards,

Orlando

Link to comment
Share on other sites

First of all we apologize for the delay, but these days we have been working on the program and how to improve it.

 

To answer your question: If a file is unknown, it is recognized as safe, but it is sent to the cloud and is analyzed to remove all doubt.

 

After a generic detection Immunet seeks to examine in depth the malware specifically to catalog the best, we're just improving the way our engines will be able to increase the accuracy of specific malware (and detection), of course, all analyzed and controlled.

 

Obviously there are differences in the product and on survey of the types of malware and not of variants of it (more information here: http://www.immunet.com/plus/compare/index.html). For example, if Immunet plus finds a generic trojan (W32.Trojan for example) also Immunet free find it (or his variants as plus), infact Immunet free and plus detect viruses, but it change if Immunet plus finds a spyware, Immunet free in this case does not detect it.

 

Please ask if I haven't been exhaustive.

Regards,

Orlando

 

Excellent reply Orlando. I will add one thing, in not all cases will the file be requested. The request will happen only if the file meets certain criteria as set by our cloud servers. In the majority of instances it will be reviewed only by the cloud/desktop engines and if it passes we will generally not ask for it. However, if it scores high on a 'suspicious' scale then we may well request it. ETHOS & the SPERO engines may request data directly. We also have a series of 'Cloud only' engines which will request files, they are the TMV and the CMV (Temporal Malware Verifier & Community Malware Verifier).

 

Best,

al

Link to comment
Share on other sites

Oh, I got another one while your here. :lol:

How does immunet go with interpreted languages? e.g Python. I don't notice anything while I'm writing or executing

 

Not sure I understand your question. If you're asking if we review python scripts the answer is that we can although we rarely do. Plus will review ascii files more often than Free will. I am afraid there is no easy answer to that except to say both Free and Plus can both review non PE files although Plus will do so more often that Free.

 

al

Link to comment
Share on other sites

The reason stemming from;

http://forums.comodo.com/news-announcements-feedback-cis/how-to-kill-cis-easily-t56353.0.html;msg407810#msg407810

Reason being - comodo didn't monitor raw and got burned because of it(no protection what so ever, HIPS). Another user posted a more realistic threat with java..

So it's nice that you review as necessary, thanks.

Link to comment
Share on other sites

Hi Kyle,

 

On this case, the reason isn't because Comodo don't monitor raw as it checks it. The reason is all safe app can destroy it or bypass it (like OA too). Java script have been made to show that, and they fix it, but as there is so many way, you can still disable it with a html throw an ActiveX for example. I didn't do more test as I have no reason to spend time on it to see lot of users pray for Comodo and banish the devil.

 

As you will not find lot of malware in java or python, it's not necessary to check it too, this was just some PoC. Practically all security suite can be disable with this method, but this won't mean that you are not protected as you won't find any malware which try to use this way.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...