Microsoft Security Essentials

Discussion in 'other anti-virus software' started by Kees1958, Aug 9, 2009.

Thread Status:
Not open for further replies.
  1. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    The most obvious answer is that MSE didn't check because it didn't think that the file was suspicious.
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    I was thinking so.
     
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Cracks aren't trojans, and uploading it to VT is in no way an identifier of it to be a trojan. In most cases you can upload any harmless crack and it will be identified as a "trojan" by certain anti-virus vendors on VT.

    Microsoft submitted files are prioritized according to an automated analysis system on their side.
     
  4. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    581
    @softtouch
    I think ronjor is implying that since MSE uses the AU and BITS services you should check svchost connections during the scan? :doubt: When MSE detected something it tried to connect to a SpyNet IP. I just forgot if svchost made this connection.

    @elapsed
    softtouch said the crack he found was fake. Most cracks today I have seen are either rogue downloaders/installers or file infectors like Virut. Even MSE detects these harmless cracks you speak of as suspicious (Obfuscator) since most are packed.
     
  5. jdavis77

    jdavis77 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    9
    I was doing a little firewall shopping and downloaded the Security Software Testing Suite from www.matousec.com.


    A rather disturbing discovery was made.

    There are a bunch of test trojans in this package.

    AntiVir picked up 15 on them on a scan.

    MSE running on my X64 Win 7 box, ZERO.

    How is this possible?

    I invite you to download the test suite and see for yourself.

    http://www.matousec.com/downloads/
     
  6. bathisland

    bathisland Registered Member

    Joined:
    Jul 1, 2005
    Posts:
    85
    @jdavis77....even Nod32 with database of 11/22 did not pick up the trojans....said all 233 file were clean :|
     
  7. guest

    guest Guest

    Last edited by a moderator: Nov 23, 2009
  8. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    Anyway, the file in question is a trojan, something with krap in the name, and still, 2 days after submitting, not detected by MSE. Its still under "Active Investigation"...

    And yes, MSE should have connected to their spynet, but did NOT. There was no connection established at all. There's is something wrong with my MSE I think...


     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    119,026
    Location:
    Texas
  10. jdavis77

    jdavis77 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    9
    Seems impossible. Could they have whitelisted those TEST files? I mean if these programs can't pick up obvious stuff like this, what good are they on the hard ones?

    I see kaspersky also with zero hits. Very bizarre.

    Anyone have a clue what the deal is ?
     
  11. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    They are not the EICAR test file. Why would vendor waste time classifying test files as malicious when there are plenty of real malicious stuff going on?
     
  12. softtouch

    softtouch Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    415
    If that was related to my post, I DID submit it properly, and I DID get emails from M$.

    Now, 3 days after submission, its confirmed by M$ as:
    TrojanDownloader:Win32/Harnig.EK, Aler Level: Severe

    3 days is a little too long in my opinion.
     
  13. jdavis77

    jdavis77 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    9
    I think you are in big trouble.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,161
    Location:
    UK / Pakistan
    They are not real trojans. Many vendors will not detect such files. It,s simple as that.
     
  15. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    Can't really blame av companies for not detecting these types of downloads. Otherwise they get into the business of trying to detect every single test download available.
     
  16. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I totally disagree, like I said these files are analyzed on a priority. If you seriously think your infect 1 user trojan requires a higher priority than a rogue or fast spreading koobface variant then you need to change your outlook on the anti-virus world.
     
  17. jdavis77

    jdavis77 Registered Member

    Joined:
    Jul 18, 2005
    Posts:
    9
    Lets get this straight. You think that a test trojan, which is testing for a vulnerability , should not be picked up by a scanner?

    So the scanners are so smart they know the trojan is 'just kidding'. Aha.

    I think my whitelist idea makes a lot more sense than simply ignoring trojan code. And quite a few scanners do pick them up. I would deeply suspect a scanner that bypasses these UNLESS a whitelist is at work.
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    does this antivirus has on the cloud thecnologgy?thanks
     
  19. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Some people call it cloud, I don't.

    It's a means of collecting file information/behaviour and submitting it to Microsoft servers to improve detection algorythms. No scanning happens on their servers.
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    thanks,this antivirus is good cause has a huge database,too bad at this moment is not compatible with defensewall:)
     
  21. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    cloud doesnt purely mean cloud scanning, it can be several things...
     
  22. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Um, I mention cloud scanning and you automatically think that I view cloud computing as a virus scanning resource? lol?

    http://en.wikipedia.org/wiki/Cloud_Computing

    This does not coencide with the description of MSE.

    Anyway, like I said in my previous post, I really don't care what you classify MSE as nor am I interested in debating it.
     
  23. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    I don't have a problem with a behavior monitor or heuristics picks them up. But I could see why they don't have a signature for each and every test download unless it is just some generic.
     
  24. PunchsucKr

    PunchsucKr Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    138
    had to bump this thread since creating a new thread for what i am posting seemed a bit unneeded...

    I also had the same update issue with MSE where it would never update on its own, what i did was create a scheduled task running mpcmdrun.exe (in the MSE installation dir) with the arguments "-SignatureUpdate"... triggering it 3 times a day.. and never had the issue since. :)
    I do wish tho MS would come out with a concrete solution though.
     
  25. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,570
    Dont know if its just my pc but i find MSE very slow to start (show in system tray) and it also seems to prevent other start up apps from starting as quickly as they used too.Even tried it with just the windows firewall but no improvement in speed.Back to ZA and avast for me
    ellison
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.