New files uploaded to Prevx for analysis?

Discussion in 'Prevx Releases' started by shadek, Apr 25, 2010.

Thread Status:
Not open for further replies.
  1. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    When a file that hasn't been executed ever before in the whole wild world, and Prevx see it for the first time, will Prevx then upload to the database for analysis automatically? If that is the case, then I don't know why the guidelines say you should send malware samples via e-mail. :)
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    This is what it says in this post: https://www.wilderssecurity.com/showthread.php?t=245129

    HTH,

    TH
     
  3. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    So you're saying there's no automated process when a brand malware in the wild is scanned for the first time by Prevx? The complete system is dependent on users sending the samples via e-mail? I was thinking that each time Prevx encounters a new, potentially dangerous file, it is scanned and sent to Prevx server for closer analysis... all done automatically.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @shadek

    I know :( and i've mentioned before that it's a lost oppourtunity for Prevx to get these files faster, and analyise them and update/protect people quicker. Why they don't ?

    Exactly what i used to believe.

    Not TH's fault, he's just the bearer of the bad news :D
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Yes most of it is automated but since it is a "community database" other Prevx users would have to see it also, Prevx gets info from other vendors and also from VirusTotal too when someone uploads an unknown file infected or not! But like I said before No AV is 100% they all will and do miss samples! Maybe the one that you found wasn't being spread "In The Wild" only if you go to that website and download it! See there are many factors involved what else can one say?

    Regards,

    TH ;)
     
  6. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Yeah, but Panda Cloud Antivirus has a great system going on. Unknown or suspicious files are uploaded to their own server for analysis, without user intervention.

    So, the best thing to do would be to upload to Virustotal, since Prevx will eventually get info of the file? Sharing on Virustotal would also add protection for other vendors; this seems to be the best thing to do in order to stop the spread of malware.
     
  7. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    You have to bear in mind that Prevx does it most thorough scanning when the file is executed, so executing the file in a VM would probably be the quickest way of getting the potentially malicious file's data into the Prevx database.
     
  8. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    right klick and scan do it also i thinnk.
    but sometime its needed to send the file, because prevx did not detected it :d
     
  9. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    This is correct :) Prevx does sometimes submit samples automatically (of executable threats) but only when needed. Prevx has been designed to get as much information as possible without requiring the upload of the sample, to save on bandwidth resources and user time. We have a server farm of several hundred physical PCs which analyze submitted malware centrally 24/7 so while we may not request a sample immediately, we will likely send it up if needed :)

    Also note that the right click scan only performs a very small fraction of the checks that the rest of the Prevx product performs (the most being applied when the program/file starts to load code).

    Let me know if you have any other questions! :)
     
  10. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I have yet another question. :)

    When I surf around malware sites, what would be the best way to contribute top the Prevx community? Launch the .exe file, simply right-click-scan or just don't surf to malicious sites? Would a right-click-scan do any good at all in order to help the Prevx-community?
     
    Last edited: Apr 26, 2010
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    A right click scan actually would not help the Prevx community. Running the sample itself or sending it to report@prevxresearch.com would be the best way to get the information fed into our database :)
     
  12. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
    I was under the impression that PrevX uploaded all unknown executable files for analysis.

    Say for example I had a trojan sitting on my desktop which I had just compiled. Would running a scan with PrevX result in this file being sent for analysis, would running it result in it being sent for analysis, or would it go totally un-noticed until someone manually uploads it?
     
  13. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Running a right click scan on the file will not cause it to be sent, but running a normal scan or executing it will cause either the file itself to be sent or information on the file to be uploaded.

    However, we recommend not compiling trojans as it is generally illegal ;)
     
Thread Status:
Not open for further replies.