360 Internet Security: FREE Triple antivirus engine, BitDefender included

go to toolbox/patch up/advanced settings, and under notification select "disable notification and do not patch".

edit: "turn off windows update" is also in the advanced settings, a few lines down.

 

That will/should disable Microsoft Windows Update, not 360 PatchUp.

The first one you provided was correct.

 

This thread is about Qihoo's Total Security Essentials and not Total Security. Keep discussions to the appropriate threads.

 

My apologies, my bad....

 

Well, the thread title says 360 Internet Security which is now Total Security not TSE.

 

360 Internet Security is now TSE.

 

I take my statement back. Thanks for the clarification.

 

Hmm bit bizarre. I received an email that contained a blatant virus in a docm file so I downloaded it and scanned it with TSE. It comes back as clean. Next I upload it to Virustotal (~ Removed VirusTotal Results as per Policy ~) and on there the QVM engine detects it as Win32/Trojan.Downloader.ad7 and Bitdefender detects it as Win32/Trojan.Downloader.ad7 so why is it not being detected when I scan it?

Just to add here is the scan log for it

360 Total Security Scan Log

Scan Time:2015-07-24 11:05:33
Time Taken:00:00:01
Object(s) Scanned:1
Threat(s) Found:0
Threat(s) Resolved:0

Scan Settings
----------------------
Compressed Files Scan:Yes
Scan Engine:Bitdefender Engine, Avira AntiVir Engine

Scan Scope
----------------------
C:\Users\eff\Desktop\OrderForm2968347.docm

Scan Result
======================
No threat found

 

Does the AV scan settings indicate that it is scanning all file extensions? If it scans only specific file extensions, is .docm one of them?

 

As can be clearly seen by the log I posted it was scanning a single file as that is what I asked it to do.

 

There are a couple of issues here. Qihoo really should have detected the malware after the file download. You should not have had to do a stand alone scan. Docx besides hosting XML docs. can also contain macros. Perhaps the malware was macro based? In that case, BD/Avira wouldn't be the first to have issues with Word macros.

If you have MalwareBytes AM installed, do a context scan with it and see if it detects the malware.

-EDIT- I would be very careful with that .docx file. Could be cryptolocker malware. Docx attachments is one of its favorite delivery mechanisms. Also might explain why Qihoo didn't detect anything. Actually since you already downloaded the file, you might already be ihfected. Good luck.

 

1 - It was docm not docx
2 - As I said in my original post both QVM and Bitdefender detected it when I uploaded to Virustotal. ~ Removed Off Topic Remarks ~
3 - Just downloading a file will not make me infected. God knows where you got that idea from.

 

That's not entirely true. Explorer file preview (merely looking at the file on disk) can trigger the payload as it was seen with the JPEG exploits in the past...

 

Personal experience here. Small company I do IT received docx file in a attachment. Email client was Mozilla Thunderbird. Sure enough, text was suspicious as hell, but I decided to check it out in the Sandbox to see what it is doing. As soon as I saved the file on Desktop, Qihoo screamed with Red Alert [shields up!], saying it was macro type virus. It asked me to remove it and sure enough, I did.
What I am saying here is, whatever malicous, one of these things will happen:
1: Get detected on file save and quarantined
2: Get detected on file run [sandbox or normal]
3: Get detected if someone in the world runs it, uploads the file, file goes through cloud analysis [Skynet] and intelligence gets shared with users worldwide. Should't take more than 5 hours tops.

 

But as you say that is for images where Windows will parse the file to create a thumbnail. But this is moving away from the fact that my local installation of TSE failed to detect something that two of it's engines did detect on Virustotal. It didn't detect it on download and it didn't detect it when I told it to scan the file. Question is would it have detected it if I had run the file? Not to much of an issue as I actually use Libre Office and not MS but you never know.

Again missing the point of the fact that it was not detected locally. As for point 3 this means some poor person has to get infected before it can get reported? The file should of been detected when I downloaded it and the file created on my desktop. Failing that it most certainly should of been detected when I told TSE to scan the file. But as I keep repeating the big issue I have is that it was detected by both QVM and BitDefender when I tested on VT.

 

First, macro based malware is back on the scene. See this for ref.: http://blog.trendmicro.com/trendlabs-security-intelligence/macro-enabled-files-found-carrying-zbot/ . I strongly suspect that is what is contained in the .docm attachment. Again detecting macro based malware is extremely difficult. Also I believe MS disabled macros by default starting with Office 2007.

 

And again my main issue is that both the QVM and BD engines on VT detected it yet the ones on my machine did not.

 

Perhaps this might help. From VirusTotal's FAQS:

A given antivirus in VirusTotal detects a file and its equivalent commercial version does not
VirusTotal antivirus solutions sometimes are not exactly the same as the public commercial versions. Very often, antivirus companies parametrize their engines specifically for VirusTotal (stronger heuristics, cloud interaction, inclusion of beta signatures, etc.). Therefore, sometimes the antivirus solution in VirusTotal will not behave exactly the same as the equivalent public commercial version of the given product.

In any case, this issue is something you need to ask Qihoo about.

 

No. All he has to do is run it. Even if it evades QVM and stuff, it still has to perform malware behaviour [suspicious/malicious], which in turn HIPS will kick in, blocking any action that might be harmful to the system. That thing gets uploaded, QVM learns how it work and instant protection for worldwide users. And similar variants too.
Point two, should of been detected..... I agree, but this works as well. Combination of Sandbox and HIPS give you an advantage.
Sandbox to see what the unknown stuff is doing, what is spawning where, and if it's malicious, well, who cares. Delete & Forget. HIPS is a guardian watchman overseeing if things are behaving properly.

People, relax and use your PC as it was intended for. Gaming, Entertainment, Study, take your pick. If the boys at the Pentagon were...... being this methodical about electronic security, not even POTUS would have a direct line to his....... ah, just forget it

Bottom line is, you want to help, do a full system scan every weekend, upload any unknown files, patch your windows and use that Sandbox for unknown stuff. That's all it takes.

 

Wow! What a ~snip~ attitude. If you already know what people are explaining to you, why ask in the first place?

 

How is the system performance with Bitdefender and Avira engine on? Is it worth?

 

Try to enable both, then watch performance as you web, game or do heavy duty stuff. Then switch to Avira. Then switch to BD.
If your machine is capable enough, then leave both.
If you want performance with a little extra protection, use Avira.
If you want performance with a little drop in speed, use Bitdefender.
If you want good protection with as much speed as possible, use none.

My practice is, when going to web or about to insert usb, then switch to security, but general stuff and gaming, keep Balanced. You could try the same.

 

Somebody be kind and rename this to Total Security Essentials, thank you.

 

So it can be brought to the companies attention or because there was possibly something I missed oh great and wise one.

So long as it is also said that it used to be IS.

 

Surprisingly light. So light that I had to torture test it to make sure it was working 'cos I wasn't sure it was doing anything! Try it; it really doesn't fail to impress...

@ others...personal attacks to PM please (or better yet, not at all--do unto others...first seek to understand...all that jazz)