90-day trials of Panda

Hmm I see..No Comments

 

This is actually more of the norm than you'd think. Most AV engines treat files differently when they are coming into the PC vs. files already in the PC, both in heuristics as well as characteristics in behavioural engines' decision trees.

In our case we've extended this not only to heuristics & behavioural engine but also to signatures (cloud signatures that is). It could very well be that Panda detects some files as Trj/CI.A (Collective Intelligence detections based on automated analysis and reputation) using the on-demand scanner or through VirusTotal, while the file is not ranked as 100% malicious yet (still under analysis). In these cases the enduser products do not necessarily need to detect these with the on-access scanner.

I recommend the following writeup from Symantec which is a very similar approach with with a different technology:
http://www.symantec.com/connect/blo...rity-suspiciousinsight-detections-virus-total

 

I do see your point and it is valid. No harm in asking questions, and getting answers.

It's most likely some internal adjustments to keep the program as light as is. If every file was checked with the cloud, those on dial-up or wireless might complain of system slowdowns.

I think it would be best if the full scan option was checked by default (it might already be, but I didn't think it was), encouraging a user to scan the whole contents of their drive, this would be a better outcome.

And maybe a pop-up when an external drive is connected, saying, 'do you wish Panda to scan the contents of this drive, yes/no'. Those two added, and it'll be even better. I know kaspersky has something like this, but the scan might be automatic, yes?

Otherwise, all files downloaded through the browser, msn etc, are already getting full protection with the cloud. It's a tough one, maximising protection verse user convenience (no slowdowns, able to play games, able to open large files or browse without lock-ups etc).

 

thank you. Just trying to become better edumacated.

 

That means the keygen which i am running is not malicious, This what i understand. Secondly, i don't think that during on-access if file was analyzed in-cloud, it will slow down your broadband connection. And Pbust, could you please tell me, why it is still under analysis? How much time it will took to be analyzed completely? Incase you need my log file then please do let me know.

 

Not fact, just throwing the thoughts out there. heh heh

Without comparing products, some cloud programs, two I've used, were slower in launching programs, or scanning drives, when I was on wireless, which seemed to be the worst connection in the world. But some people, their best connection might be the speed I had when I was on wireless. Glad those days are over, I nearly chopped my fingers off waiting for a page to download!

 

Little Off-topic
One more surprise, this file which i am discussing over here was not detected by PrevX and a-squared whereas Ikarus is detecting the same file as Trojan-PWS.Win32.Dybalom

 

so is that a good thang or bad thang.

 

Just some inconsistencies. Meaning, program might have been flagged by users/developers using Ikarus, but a-squared users/developers might have deemed the file as safe.

I think it's more 'unwanted', rather than safe or dangerous. Keygens do tend to be loaded with malicious files. People think they're getting a serial for a product for free, but instead, get the free product and a free rootkit/virus as a bonus.

 

Still analyzing, till i found each and every details what this keygen file is doing. As per Sunbelt Sandbox, CIMA this file is clean and doing nothing malicious..Threat Expert is saying that this file is a BOT and a Keylogger...

Which Sandbox to trust

 

People like us always use these type of files for education/testing purpose..But some malicious files are so naughty that they won't show their original face in VM machines and also in Sandbox environment. And this is a very a good example of this file, which i am analyzing with my dear Pbust...

 

I'd say it's clean, but if executed, if it or another process requires an outbound connection and is allowed, then it has the potential to do much worse.

 

Can you post the link to the Threat Expert report?

 

I have not posted these links because i think posting these links are against rule...I am not sure, so if somebody like Mods and Admin authorize me to post it, then i will do the same...

 

I am still waiting for Pbust reply, but today i guess he is ignoring my PM's ...

 

Smart man

 

Why Smart? I guess we are discussing something useful, but if he is not interested to answer then its his choice. I don't think its a smart move...

 

Pbust get's many PM's so it may take him time to get them all. I know he read's them because he has responded to mine before

 

he has been working hard, so I gave him the day off.

 

Hi Bro,

Hmm i see, yesterday he told me that the file on which we are discussing is doing nothing malicious. He said that he will get back to me asap, and that's what i am waiting for.

 

seriously some things cant be answered. I am not saying that is the case here, but we all need to realize that many of this so called spokespersons, actually work for a vendor and have a boss, so they can only do or answer so much.

 

OMG, I guess your the General Manager of Panda Labs, then i guess i should ask you too about the issue.

 

ok, the answer is, "Yes."

 

I agree, but i guess Pbust is not the PR, he is from tech. team. I am not sure whether He is officially representing Panda Labs here or not.

 

no, that would be Lodore.