avp 3.5 and another av with similar feature

Discussion in 'other anti-virus software' started by skeptic, Jan 23, 2003.

Thread Status:
Not open for further replies.
  1. skeptic

    skeptic Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    8
    With avp 3.5, it's able to detect an infection in a file as it is being downloaded, and subsequently prevent it from being downloaded and saved.

    Is there another av in the market that has this feature?

    The other ones that i've tried allows an infected file to be downloaded first, and then prevent access if there's an attempt to open or execute it.

    Thanks :)
     
  2. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Are you talking about archived files (ie zipped) here?

    If Yes then

    Pc-Cillin does this
    Avast
    Sophos
    F-Secure
    DrWeb32


    Technodrome
     
  3. skeptic

    skeptic Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    8
    Hi Tech,

    i'm referring to downloaded attachments in general.. From what i've encountered other av s allows them to be downloaded first and then if they're infected they prevent access to them...but this is once they've been downloaded though.. i tried this with f-secure, etrust, dr. web, norton ect..


    avp 3.5 doesn't do this.. it blocks infected files in the process of downloading..

    Thanks
     
  4. Alpha

    Alpha Guest

    Strangly, I have ever used Kaspersky 4.0 before , but that didn't prompt the computer stop downloading anything infected files, only will react when trying to execute them. And the same thing happen to AVP 3.5.1.6 which is using now at Windows 98.

    For Kaspersky 4.0, if the real time Monitor object setting chose to monitor "Archieves", then if a zip is infected, before bringing up the Winzip window, while pointing the cursor to the file in the Window Explorer, it will promptly alert that file was infected, but again the feature slow down the system tremendously and could be say very bad indeed.

    For AVP 3.5, even the monitor setting chose to monitor "Archieves", and it won't alert anything while using the mouse to point to the file, only will stop excuting it when one is trying to execute or open it.

    May I know what setting do you use.

    For simple clarity, I just went to eicar.org website and download the test eicar file, the AVP 3.5 or Kaspersky 4.0 won't stop the computer from downloading them at all.

    I was puzzling why the avp acted differently from yours?
     
  5. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Not entirely, some of infected files (could be corrupted) are stored in browsers Temporary folder.

    see picture:
    [​IMG]


    Technodrome
     
  6. skeptic

    skeptic Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    8
    Tech..

    you're right with avp 3.5 in some instances infected (dormant) cookies can be stored in IE's temporary internet folders.


    Alpha..

    i have avp 3.5 on access monitor set to scan all files:packed, archived, all mail and mail database, and i just have the on access monitor and on demand scanner loaded.

    when it comes to avp 3.5 and its ability to flag infected downloads, let me clarify things.. during downloads of email with attachment or a zip file, the download progress bar moves, but what happens afterwards is something that i've so far encountered only with avp 3.5.. in my case during the down load process itself (when the download bar is moving) avp usually detects if the file is infected, and after the download commences, in the finish download menu, it prevents the opening or saving of an infected file in question...

    maybe it's just in the settings.. can other avs do this. i tried this for example with etrust ez antivirus, norton, dr web and other. they go through the process of downloading an infected zip file and lets the saving and or opening of them ..then they flag its infected.. before there's any attempt to execute it.

    any ideas?
     
Loading...
Thread Status:
Not open for further replies.