Curious about F-Prot

Discussion in 'other anti-virus software' started by n8chavez, Aug 28, 2007.

Thread Status:
Not open for further replies.
  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    I've been reading the recently F-Prot thread here and, while it generally seemed highly thought of, I do have a couple questions about it.

    When I trialed it I could not seem to configure the on-access monitor to catch any version of the eicar test file. Has anyone been successful in doing so? If not, are there plans to fix this rather serious issue? Also, I know there has been talk about adding more options to F-Prot. Is that goin to happen any time soon? As it is right now, F-Prot is rather simplistic. Lastly, how good are the heuristics in F-Prot?
     
  2. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    I have seen the same situation as what you are describing regarding Eicar test file in XP. However, it will detect when you try to click the file once saved in your hard-drive. There is an option where you can use the Internet Explorer protection and this will alert before it gets saved on your hard-drive.

    For Vista, it will detect the file before it gets saved in your hard-drive.

    Regarding the heuristics, the egreetings spam was detected effectively. Overall, it is improving and yes Inspector will be out of commission if the heuristics fail or goes in the drain. :D I seriously doubt this will happen.
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    F-Prot will be from expectations in all this, the shocker in the next round of tests. A hell of a lot better, Advance+ but with still some needed work.
     
  4. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    That is very good news. I understand that detection rates should be the most important factor here, and indeed they are. I'm just a little concerned about the on-access monitor and the fact that if was not even able to catch simple test maleare, much less actual malware. Also, the fact that it seems to support nothing but Microsoft software is bothersome too; no support for anything other than Outlook or IE?

    P.S. You avatar seems to have escaped!
     
  5. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    The fact does provide detection of the Eicar test file. In what stage is probably the right term to ask. It's similar to a POP3 email scanner. The on-access protection will stop it.
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i think the opposite, and i aint sure why.

    i think fprot may have fallen, from their previous result that is.
     
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Not by choice but by OS.:doubt:
     
  8. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    You may be right but I watch jiotti all the time and in the last few months their detection has been awesome. Maybe not as good as the big ones but it has improved greatly.
     
  9. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Alot of people will question that but i must admit i sneak a peak there whenever i feel like it.
     
  10. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    That's because it is Browser -dependent.

    The Guard catches it immediately with IE, and in Opera it jumps in as soon as you try to save the files to the hard-disc. FireFox and other Mozilla bowsers such as K-Meleon do allow you to download the files BUT, as Miyagi points out, the RTM will jump into action when you try to access the file(s).

    For purely marketing purposes maybe Frisk could consider setting the RTM to stop the download of the eicar.com/zipped eicar files in all of the main browsers.

    Some users like it nice and simple but more configuration options, particularly for the Guard would be appreciated by more experienced users. More features and improvements are in the pipe-line.

    Not too bad, as you know, from the last av-comparatives ProActive/retrospective test and improving all the time.
     
  11. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    That'd what I thought. And least that's what I thought should happen. But that's not the case with me. The real-time monitor does not prompt me when any of the eicar files are transfered to the disk. BTW, I'm using Opera 9.23. That's why I wondering if there was anythign wrong with that monitor.

    Are you allowed to elaborate on any of those 'new features?' Do you know for sure or are you simply speculating?

    He's hoping they improve, as there is always room for that.....just like Jello.
     
  12. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    Try virscan.org too. ;)
    Very , very interesting reports there. :thumb: (29 antivirus engines)
     
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Looks like they're going to have to pull up there socks after the latest AV-Comparatives. Although a standard rating is still decent and it's only one test.
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    true, but polymorphic looks good.
     
  15. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    No, as stated in my previous post there is nothing wrong with the RTP (Guard) of FPAV 6.

    Here is a response from Krissi, the Frisk Driver Developer for F-Prot who has given me permission to quote him from his Forum response to my query;

    So as I have found, with Opera, initially the RTP prompts the user with Eicar on attempting to SAVE the file. If you then try to download the same file, the RTP appears to show download "fatigue" and there is no prompt.


    I know at least 2 new features but the new version will soon be released so not long to wait now.
     
Loading...
Thread Status:
Not open for further replies.