Regarding Cloud-Based Detection

I am requesting more detailed information about how the whole new
Cloud-based detection system works.

Regarding the Cloud-based detection, is it similar to Symantecs reputation detection "WS.1 Reputation" ? Or what will we see when the cloud detects something?

So basically, we really need more info on How it works?, What will the detections look like?. Is it behavior based?
Are the Cloud-Powered Reputation and Cloud-Based Detection systems connected? etc etc.....

Am I alone wondering this?

I got more Questions but let's start with these Cheers!

 

Not alone.
https://www.wilderssecurity.com/showthread.php?t=298882

 

More info is appreciated!

 

The cloud system is subject to evolution. The principle behind any cloud system is collection of data that can be used to calculate the reputation of files. At this point it is not safe to flag files with low reputation as bad and we're yet to see if that will ever be possible as such detections would cause FPs on less common files.
Using cloud will reduce the number of scanned files and thus decrease scan times. It will also help ESET optimize existing or new detections for better malware variant coverage and improve scanning of files which take a lot of time to emulate.

 

This was the particular feature that I was unsure of if you had starting to use or not. Yes I agree perhaps it will increase the FP's too much to actually be useful . Time will tell I guess

Thanks a lot Marcos

 

I really liked Cloud-based detection. I've launched malware that has been blocked by the clouds, but NOD32 was unable to clean or delete it. Is it a bug? A9ACA94F7DACE7BBCF534C7DC77C6B92 — caught by the clouds (a part of 5FB86DDC4E4C6781743805F4CB22C564), but after update all infiltrations were quarantined.

 

maybe by design to minimize FP. btw could you send me the sample i just wanna see the detection

 

That's impossible, see my previous post. There are no cloud/reputation detections, most likely it was that the detection for your malware was added in the last update.

 

if you run an on-demand-scan on the file, is it detected?

 

Marcos is right, i'm wrong. Detection for that small BAT file was added long time ago, but i thought it was detected by the clouds.

 

What are the chances that the Cloud service could be used to blacklist just added malware that isn't in the signature file yet, but will be released soon?

For example, a new Fake-AV was discovered and will be in the 6111 update (right now it's 6110 as of writing this) but the cloud service will come up with a prompt asking if we want to terminate the process.

 

Incorrect cloud info?

B2DE3452DE03674C6CEC68B8C8CE7C78 (NTDETECT.COM) — clean file;
9E3C13B6556D5636B745D3E466D47467 (jeefo.a) — infected Microsoft file?

I'd like to know too.

 

infected : http://www.google.fr/search?sourceid=chrome&ie=UTF-8&q=9E3C13B6556D5636B745D3E466D47467