Eicar test

Hi,
I tested ESS (on Vista) with the compressed files Eicar.
From level 11 , ESS does not detect any more Eicar.
I think that ESS does not scan the compressed files more than 10 times.

 

So does NOD32 , I think . Compressed 11+ times it does not pose any threat to your computer . When it gets unpacked , it may be a threat and the it gets detected immediately

 

KIS has not this problem. An early detection ensures a better security. Eset must innovate if it wants to form part of the best antiviruses

 

As some people in their forums say : False sense of security

Being detected even in 30+ compression is of no point . As I said , any virus/malicious code can only pose a threat and harm your computer not compressed .

 

that does not worry you to have in your archives some potential malwares whose you are unaware of the existence. prevention is better than cure

 

With no offense I want to say it again that real-time scanner's point is to ensure there are no malicious files loaded in your computers/trying to do something . The onliest malicious files can be bare files , no pack , no zip .

Files zipped (1 time , 20 times or 100 times) are not malicios files themselves because they , when zipped/packed can not load in memory , cannot affect/infect the user's files or operating system , can do nothing . Scanning such files can only increase the time necessary for AV software to scan files .

Alarming user that there is a potential threat in 11+ or 40+ packed file is again False sense of security , detect something that is not the real threat.If you unzip the file , the executable inside can pose a threat so it gets detected right on time .

Sorry for the long explanation , just trying to explain it ...

 

I understand very well your opinion. I prefer all the same that the infected archive is deleted before the virus is active. This is my opinion. KIS reacts in this manner. It privileges the prevention.

 

NOD32 or Eset Smart Security will never allow a malware get active !

That's why they have the option to scan files on-access/on-execute and on-create . When you try to unpack your archive , the malware will get caught before it gets active because of ESET's function to scan malware on-create . This function is enabled by default and as I said , it is specially designed to prevent malware load in memory .

See these 5 pics , files taken from from www.eicar.org ,ignoring the HTTP scan alert

 

Your screenshots are not necessary. You do not understand me. But I understand your mind. If the Eicar file is compressed more than 10 times, it is not detected by ESS. Each one has an opinion. This reality advances the world.
The word of the end: I like ESS, but I would like that it will be better.

 

Last time I checked it didn't detect a 10 zipped file, however 2.7 does.

 

Yes; same here. I tried the eicar link at your website with both NOD32 and ESS. IMON picked it up straight away and blocked the download. ESS allowed me to download. Nor did ESS pick it up with an ondemand scan, until I manually unpacked the file.

I gather from ESET that ESS does not currently have IMON's higher efficiency option. I hope that they will restore that capability as an option.

 

For my case, Ess blocks right away the zip files standard protocol http and SSL enabled protocol https...

 

Ok try again and don't block anymore SSL enabled protocol https!!

 

How can a firewall check secured communication over SSL if the data received is encrypted? There must be a dedicated plugin for mail clients that will check already decrypted data passed to the plugin by a mail client. What you can do is block all secured communication but there's no sense in it.

 

I am not trying to be insulting, but do we care whether the virus is found in its packed state, or unpacked? Isn't the main concern that the virus not be allowed to infect the computer?

Thanks