Regarding Cloud-Based Detection

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by SweX, May 9, 2011.

Thread Status:
Not open for further replies.
  1. SweX
    Offline

    SweX Registered Member

    I am requesting more detailed information about how the whole new
    Cloud-based detection system works.

    Regarding the Cloud-based detection, is it similar to Symantecs reputation detection "WS.1 Reputation" ? Or what will we see when the cloud detects something?

    So basically, we really need more info on How it works?, What will the detections look like?. Is it behavior based?
    Are the Cloud-Powered Reputation and Cloud-Based Detection systems connected? etc etc.....

    Am I alone wondering this?

    I got more Questions but let's start with these ;) Cheers!
    Last edited: May 9, 2011
  2. Thankful
    Offline

    Thankful Registered Member

  3. Rompin Raider
    Online

    Rompin Raider Registered Member

    More info is appreciated!
  4. Marcos
    Offline

    Marcos Eset Staff Account

    The cloud system is subject to evolution. The principle behind any cloud system is collection of data that can be used to calculate the reputation of files. At this point it is not safe to flag files with low reputation as bad and we're yet to see if that will ever be possible as such detections would cause FPs on less common files.
    Using cloud will reduce the number of scanned files and thus decrease scan times. It will also help ESET optimize existing or new detections for better malware variant coverage and improve scanning of files which take a lot of time to emulate.
  5. SweX
    Offline

    SweX Registered Member

    This was the particular feature that I was unsure of if you had starting to use or not. Yes I agree perhaps it will increase the FP's too much to actually be useful :doubt:. Time will tell I guess :)

    Thanks a lot Marcos :thumb:
  6. Ego_Dekker
    Offline

    Ego_Dekker Registered Member

    I really liked Cloud-based detection. I've launched malware that has been blocked by the clouds, but NOD32 was unable to clean or delete it. Is it a bug? A9ACA94F7DACE7BBCF534C7DC77C6B92 — caught by the clouds (a part of 5FB86DDC4E4C6781743805F4CB22C564), but after update all infiltrations were quarantined.
    Last edited: May 10, 2011
  7. cupez80
    Offline

    cupez80 Registered Member

    maybe by design to minimize FP. btw could you send me the sample i just wanna see the detection :D
  8. Marcos
    Offline

    Marcos Eset Staff Account

    That's impossible, see my previous post. There are no cloud/reputation detections, most likely it was that the detection for your malware was added in the last update.
  9. toxinon12345
    Offline

    toxinon12345 Registered Member

    if you run an on-demand-scan on the file, is it detected?
  10. Ego_Dekker
    Offline

    Ego_Dekker Registered Member

    Marcos is right, i'm wrong. Detection for that small BAT file was added long time ago, but i thought it was detected by the clouds.
  11. Geosoft
    Offline

    Geosoft Registered Member

    What are the chances that the Cloud service could be used to blacklist just added malware that isn't in the signature file yet, but will be released soon?

    For example, a new Fake-AV was discovered and will be in the 6111 update (right now it's 6110 as of writing this) but the cloud service will come up with a prompt asking if we want to terminate the process.
  12. Ego_Dekker
    Offline

    Ego_Dekker Registered Member

    Incorrect cloud info?
    cloud_info.png
    B2DE3452DE03674C6CEC68B8C8CE7C78 (NTDETECT.COM) — clean file;
    9E3C13B6556D5636B745D3E466D47467 (jeefo.a) — infected Microsoft file?

    I'd like to know too.
  13. dorgane
    Offline

    dorgane Registered Member

Thread Status:
Not open for further replies.