No alert with an infected file !

Hello,

Sorry for my english... I buy ESS today and I wanted to make a test. So I have downloaded one "crack" on a site well known to have many malware.

The file is named "XXX_serial_number.txt.exe" and it's an autoextract archive with 3 .exe behind.

1. Even real-time scan of self-extracting archives is activated, ESS doesn't detect any malware when I download the file by my browser and put it on my hard drive.

2. When I launch scan on demand, ESS is unable to scan files :
XXX_serial_number.txt.exe » RAR » patch.exe - decompression could not complete (possible reasons: insufficient free memory or disk space, or a problem with temp folders). (Although I can extract it with Winrar).

3. Finally when I extract files with Winrar, ESS failed to recognize one of the malware.
Result of others antivirus ~Screenshot to VirusTotal removed. Not requested by support.~
So I am wondering if I have made the best choice for my security ?? And how heuristic scan works ?? (Heuristic and advanced heuristic are activated)

In the past NOD32 2.7 has also failed to recognize a keylogger and a rootkit...

 

I for one do not see any sense in that post. Every AV misses threats for sure, no AV is 100% perfect. It's not a problem to show you malware missed by other famous AVs that is detected by ESS/EAV. If you come across a suspucious file that is not detected yet, submit it to samples[at]eset.com for further analysis.

As for the error "decompression could not complete", you either have your disk full (not likely), or ESS could not write into your temporary folder.

 

Hello thanks for your answer. I know that any Security Suite is perfect.
But I realise after this test that ESS doesn't have "behaviour" scan to alert me if a malware is not in its bases.

Other Suites could misses this malware but warn me of its some dangerous action (try to modify registry or hosts file, try to use or modify another process).

Could you tell me how the "heuristic" scan works ? For example, does it detect some of these behaviour ?

(about the file i have sent it with ESS, and about the temp file I didn't have any problem like this in the past, I will look at it)

 

ESS needs a behavior blocker as soon as possible in my opinion - it would be a much needed layer for advanced users.

 

Threatfire in my opinion is a good addition to ESS, it's mostly set it and forget it.
DSA can also be added. After that, you can run an on demand anti-spyware and Boclean. By this point, anything else related to antimalware is overkill.

 

Do ESS and Threatfire work well together? Does it mean you can install Threatfire on top of ESS? I use SAS on demand. Would SAS real-time be adding much to my security against malware? Can someone pls advise? Thanks

 

I agree with marcos Nothing Is perfect Nor ever Will Be at least In my Lifetime.

 

you miss the guys post this is the same problem that I have ESS is not setup correctly to scan archives. It's an ESS problem & he probably runs vista...in other word it would find the malware but the engine doesn't scan correctly...

 

Hi,

which type of file is packed in archive?

 

I didn't miss post # 3 finally when extract Files with Winrar,Ess Failed to Recognize one of the mailware. So I am wondering If I have made the best choice for security?? and how heruristic scan works?? (heuristic and advanced heuristic are activated) In The past nod32 2.7 Has also failed to recognize a keylogger and a rootkit.

 

It was *.exe files

You can see in this report what kind of malware is it
~removed link to virus total result~

(I can tell where I have found it in PM). I have sent file for analysis but no news from Eset...)

 

Mmm what's the problem with the link ?!

 

The rules speaks about "start a thread here to either praise or bash the anti-virus scanners involved."
It was not my objectives...
I made this link to explain what threat is it, what I can't do with my personnal NOD32 because it doesn't detect it, even with the best scan settings...

 

I've already sent the files by the "send for analysis" function in NOD32, and no answers. It's the reason I've made the thread.