Panda Cloud AV

Discussion in 'other anti-virus software' started by ShyGuy, Apr 29, 2009.

Thread Status:
Not open for further replies.
  1. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    1,340
    Location:
    Québec, Canada
    Did you try to uninstall in safe mode?
    (while booting hit F8 and select safe mode, then uninstall should be successful)
     
  2. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    2,175
    thanks a lot .
    downloaded the whole package and installed it from the top. then i uninstalled and it is fine
     
  3. progress

    progress Guest

    How many % of Panda Anti-Rootkit are integrated now? Where can I find the rootkit settings or is rootkit scanning always on? :)
     
  4. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,176
    Location:
    Spain
    Sorry for lack of response, took a few days off from work :D

    Most of it other than the boot monitor and certain techniques. It's always on and there are no settings for it as it is treated similar to the other malware detection/disinfection features.

    Yes we're working on releasing an uninstall tool. As soon as its ready we'll announce it on blog.cloudantivirus.com.

    Meanwhile you can follow the manual process:
    1- Kill the PSANHost.exe task.
    2- Uninstall Panda CloudAV.

    If this still doesn't work then follow this process:
    1- Delete these registry keys:
    HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A29A2B191BFED6E499762C708E116FEF
    HKEY_CLASSES_ROOT\Installer\Products\C6DBBA24E22432547B67A2DDE6AEC956
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A29A2B191BFED6E499762C708E116FEF
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C6DBBA24E22432547B67A2DDE6AEC956​
    2- Delete all temporary files and directories (Run, %temp%, delete all content).
    3- Reboot and reinstall the latest version. Then uninstall.

    If it still gives you an error PM me the logs inside %TEMP%\PSLogs.
     
  5. progress

    progress Guest

    Thank you Panda :)

    I noticed that it's very easy to turn off Panda Cloud AV, what about self protection? Maybe you should add a captcha code to disable it :)
     
  6. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,176
    Location:
    Spain
    Yes you're absolutely right. We have not implemented the self-shield features yet, that's why you can easily kill the process, etc. These will come at a later date either with v1.0 or 1.1.
     
  7. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    "Sorry for lack of response, took a few days off from work :D "

    - You deserve it. ;)


    "Yes we're working on releasing an uninstall tool. As soon as its ready we'll announce it on blog.cloudantivirus.com.

    Meanwhile you can follow the manual process:
    1- Kill the PSANHost.exe task.
    2- Uninstall Panda CloudAV.

    If this still doesn't work then follow this process:
    1- Delete these registry keys:
    HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A29A2B191BFED6E499762C708E116FEF
    HKEY_CLASSES_ROOT\Installer\Products\C6DBBA24E22432547B67A2DDE6AEC956
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A29A2B191BFED6E499762C708E116FEF
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C6DBBA24E22432547B67A2DDE6AEC956​
    2- Delete all temporary files and directories (Run, %temp%, delete all content).
    3- Reboot and reinstall the latest version. Then uninstall."


    - Is there a particular reason the uninstaller itself doesn't execute this kind of process? (Afterall... I'm thinking the same thing everytime I see a "removal tool" for a particular application; why doesn't the uninstall program just do it to save the user from the hassle?)
     
  8. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    lol ye ive wondered the same thing for a very long time now...
     
  9. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    P-CAV will detect GeSWall v2.8.3 setup executable (Free version - latest currently directly from their website) as malicious and block it.
     
  10. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,176
    Location:
    Spain
    Is that GESWALL.MSI with MD5 7A3760154E3D0FB04C9455009268C96D and 6730752 in size?

    EDIT: nevermind, just noted it's geswall.2.8.3.freeware.exe (9BF30BC8FA6F1A03F94A98B5E5A28F6C). Seems a local heuristic engine (v1.5.1.1) detection, not a cloud detection. In our latest heuristic engine (v1.5.1.7) it doesn't flag it as suspicious. We'll take care of it, thanks for the report.
     
    Last edited: Jul 21, 2009
  11. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    No problem. :) Out of curiousity, since currently using your software once again - can the heuristics of yours in this case be tweaked somehow to prevent FPs (like this) in the future? Basically what I mean is, instead of just adding an exclusion rule for this particular .exe (I dunno... maybe that's the best solution to not sacrifice security? :doubt:), can you analyze what in that file triggered the FP, being an heuristic detection, in order to prevent FPs on other files using similar behavior?
     
  12. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    1. Another question... does P-CAV feature something similar to the measures used by your free AutoRun vaccine product?

    2. I must've forgotten this one if already asked... how does the protection against malware, etc. compare to your full AV product, considering P-CAV only?
     
  13. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,176
    Location:
    Spain
    Normally we configure these settings ourselves as we have better visibility of the malware detection ratios vs FP ratios over our entire database of malware and goodware. With our regular products you can tweak these settings on a per-vector basis (files, email, web, IM, etc.) but with CloudAV we're trying a different approach, as automated and transparent for the user as possible, so we tweak these ourselves.

    Actually this is a very good question we've been asking ourselves internally lately. It would be yet another layer of protection for offline mode. What do you guys think? (keep in mind some people will not like getting their Autorun disabled and each USB stick vaccinated automatically).

    If we leave aside other aspects such as web/mail/im filtering, personal information anti-leakage, firewall HIPS, etc. that are included in the full product that are not in PCA, when it comes to detection/disinfection it should be very very similar. There is still a difference which is TruPrevent (behavioral analysis) which is not yet present in PCA, but we'll add some behavioral analysis & blocking to PCA in the medium term as well ;)
     
  14. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Oh snap! I formulated that sentence completely wrong... I ofc meant "you" as in you - the company. :D

    Thank you for the answers. :)
     
  15. progress

    progress Guest

    Please no automatic Panda USB Vaccine!! :thumbd:
     
  16. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,176
    Location:
    Spain
  17. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Will you take measures in your normal uninstaller if it fails, to notify the user about this tool or so? Get what I mean? :) Otherwise I'm sure most users will not think about that just think "oh great - this software only screwed with my system!" :doubt:
     
    Last edited: Jul 22, 2009
  18. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
  19. progress

    progress Guest

    I think this is really important, what about adding the uninstaller file to the next version of Panda Cloud AV? :)
     
  20. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    To be honest, when I think about it, I'd like to think mine and firzen's original point might be even more important. :D :)
     
  21. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    its very tru, its a big problem that ive honestly never understood...
     
  22. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    .
    Using NIS as an example the built-in uninstaller intentionally doesn't do a complete uninstall. It preserves some data like active subscription info, and it also leaves shared components that other Symantec products need like LiveUpdate. On the other hand, if you use the Norton Removal Tool it warns you that it will remove everything. Perhaps it is easier to remove everything then to do a selective, partial uninstall? it will be interesting to hear what the Panda rep has to say about their product in this regard.
     
  23. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    295
    Also, some installers don't run in Windows safe mode while most removal tools do.
     
  24. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Good point Victek - I'm too looking forward to the reason of Panda. :)
     
  25. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    then the uninstaller shuld give a choice if u want a complete uninstall or to keep those certain pieces (which some uninstallers already do yet dont actually do a complete uninstall for some unkown reason...)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.