Regarding Cloud-Based Detection

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by SweX, May 9, 2011.

Thread Status:
Not open for further replies.
  1. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,259
    I am requesting more detailed information about how the whole new
    Cloud-based detection system works.

    Regarding the Cloud-based detection, is it similar to Symantecs reputation detection "WS.1 Reputation" ? Or what will we see when the cloud detects something?

    So basically, we really need more info on How it works?, What will the detections look like?. Is it behavior based?
    Are the Cloud-Powered Reputation and Cloud-Based Detection systems connected? etc etc.....

    Am I alone wondering this?

    I got more Questions but let's start with these ;) Cheers!
     
    Last edited: May 9, 2011
  2. Thankful

    Thankful Registered Member

    Joined:
    Feb 28, 2005
    Posts:
    2,987
    Location:
    New York City
  3. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,152
    Location:
    North Texas
    More info is appreciated!
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,330
    The cloud system is subject to evolution. The principle behind any cloud system is collection of data that can be used to calculate the reputation of files. At this point it is not safe to flag files with low reputation as bad and we're yet to see if that will ever be possible as such detections would cause FPs on less common files.
    Using cloud will reduce the number of scanned files and thus decrease scan times. It will also help ESET optimize existing or new detections for better malware variant coverage and improve scanning of files which take a lot of time to emulate.
     
  5. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,259
    This was the particular feature that I was unsure of if you had starting to use or not. Yes I agree perhaps it will increase the FP's too much to actually be useful :doubt:. Time will tell I guess :)

    Thanks a lot Marcos :thumb:
     
  6. Ego_Dekker

    Ego_Dekker Registered Member

    Joined:
    Aug 22, 2010
    Posts:
    97
    Location:
    Russia
    I really liked Cloud-based detection. I've launched malware that has been blocked by the clouds, but NOD32 was unable to clean or delete it. Is it a bug? A9ACA94F7DACE7BBCF534C7DC77C6B92 — caught by the clouds (a part of 5FB86DDC4E4C6781743805F4CB22C564), but after update all infiltrations were quarantined.
     
    Last edited: May 10, 2011
  7. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    602
    Location:
    Surabaya Indonesia
    maybe by design to minimize FP. btw could you send me the sample i just wanna see the detection :D
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,330
    That's impossible, see my previous post. There are no cloud/reputation detections, most likely it was that the detection for your malware was added in the last update.
     
  9. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,180
    Location:
    Managua, Nicaragua
    if you run an on-demand-scan on the file, is it detected?
     
  10. Ego_Dekker

    Ego_Dekker Registered Member

    Joined:
    Aug 22, 2010
    Posts:
    97
    Location:
    Russia
    Marcos is right, i'm wrong. Detection for that small BAT file was added long time ago, but i thought it was detected by the clouds.
     
  11. Geosoft

    Geosoft Registered Member

    Joined:
    Jan 7, 2009
    Posts:
    270
    Location:
    Toronto, Ontario, Canada
    What are the chances that the Cloud service could be used to blacklist just added malware that isn't in the signature file yet, but will be released soon?

    For example, a new Fake-AV was discovered and will be in the 6111 update (right now it's 6110 as of writing this) but the cloud service will come up with a prompt asking if we want to terminate the process.
     
  12. Ego_Dekker

    Ego_Dekker Registered Member

    Joined:
    Aug 22, 2010
    Posts:
    97
    Location:
    Russia
    Incorrect cloud info?
    cloud_info.png
    B2DE3452DE03674C6CEC68B8C8CE7C78 (NTDETECT.COM) — clean file;
    9E3C13B6556D5636B745D3E466D47467 (jeefo.a) — infected Microsoft file?

    I'd like to know too.
     
  13. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
Thread Status:
Not open for further replies.