New files uploaded to Prevx for analysis?

When a file that hasn't been executed ever before in the whole wild world, and Prevx see it for the first time, will Prevx then upload to the database for analysis automatically? If that is the case, then I don't know why the guidelines say you should send malware samples via e-mail.

 

This is what it says in this post: https://www.wilderssecurity.com/showthread.php?t=245129

HTH,

TH

 

So you're saying there's no automated process when a brand malware in the wild is scanned for the first time by Prevx? The complete system is dependent on users sending the samples via e-mail? I was thinking that each time Prevx encounters a new, potentially dangerous file, it is scanned and sent to Prevx server for closer analysis... all done automatically.

 

@shadek

I know and i've mentioned before that it's a lost oppourtunity for Prevx to get these files faster, and analyise them and update/protect people quicker. Why they don't ?

Exactly what i used to believe.

Not TH's fault, he's just the bearer of the bad news

 

Yes most of it is automated but since it is a "community database" other Prevx users would have to see it also, Prevx gets info from other vendors and also from VirusTotal too when someone uploads an unknown file infected or not! But like I said before No AV is 100% they all will and do miss samples! Maybe the one that you found wasn't being spread "In The Wild" only if you go to that website and download it! See there are many factors involved what else can one say?

Regards,

TH

 

Yeah, but Panda Cloud Antivirus has a great system going on. Unknown or suspicious files are uploaded to their own server for analysis, without user intervention.

So, the best thing to do would be to upload to Virustotal, since Prevx will eventually get info of the file? Sharing on Virustotal would also add protection for other vendors; this seems to be the best thing to do in order to stop the spread of malware.

 

You have to bear in mind that Prevx does it most thorough scanning when the file is executed, so executing the file in a VM would probably be the quickest way of getting the potentially malicious file's data into the Prevx database.

 

right klick and scan do it also i thinnk.
but sometime its needed to send the file, because prevx did not detected it :d

 

This is correct Prevx does sometimes submit samples automatically (of executable threats) but only when needed. Prevx has been designed to get as much information as possible without requiring the upload of the sample, to save on bandwidth resources and user time. We have a server farm of several hundred physical PCs which analyze submitted malware centrally 24/7 so while we may not request a sample immediately, we will likely send it up if needed

Also note that the right click scan only performs a very small fraction of the checks that the rest of the Prevx product performs (the most being applied when the program/file starts to load code).

Let me know if you have any other questions!

 

I have yet another question.

When I surf around malware sites, what would be the best way to contribute top the Prevx community? Launch the .exe file, simply right-click-scan or just don't surf to malicious sites? Would a right-click-scan do any good at all in order to help the Prevx-community?

 

A right click scan actually would not help the Prevx community. Running the sample itself or sending it to report@prevxresearch.com would be the best way to get the information fed into our database

 

I was under the impression that PrevX uploaded all unknown executable files for analysis.

Say for example I had a trojan sitting on my desktop which I had just compiled. Would running a scan with PrevX result in this file being sent for analysis, would running it result in it being sent for analysis, or would it go totally un-noticed until someone manually uploads it?

 

Running a right click scan on the file will not cause it to be sent, but running a normal scan or executing it will cause either the file itself to be sent or information on the file to be uploaded.

However, we recommend not compiling trojans as it is generally illegal