No alert with an infected file !

Discussion in 'ESET Smart Security' started by jilo, Nov 7, 2007.

Thread Status:
Not open for further replies.
  1. jilo

    jilo Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    11
    Hello,

    Sorry for my english... I buy ESS today and I wanted to make a test. So I have downloaded one "crack" on a site well known to have many malware.

    The file is named "XXX_serial_number.txt.exe" and it's an autoextract archive with 3 .exe behind.

    1. Even real-time scan of self-extracting archives is activated, ESS doesn't detect any malware when I download the file by my browser and put it on my hard drive. :cautious:

    2. When I launch scan on demand, ESS is unable to scan files :
    XXX_serial_number.txt.exe » RAR » patch.exe - decompression could not complete (possible reasons: insufficient free memory or disk space, or a problem with temp folders). (Although I can extract it with Winrar).

    3. Finally when I extract files with Winrar, ESS failed to recognize one of the malware.
    Result of others antivirus ~Screenshot to VirusTotal removed. Not requested by support.~
    So I am wondering if I have made the best choice for my security ?? And how heuristic scan works ?? (Heuristic and advanced heuristic are activated) o_O

    In the past NOD32 2.7 has also failed to recognize a keylogger and a rootkit... :doubt:
     
    Last edited by a moderator: Nov 7, 2007
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I for one do not see any sense in that post. Every AV misses threats for sure, no AV is 100% perfect. It's not a problem to show you malware missed by other famous AVs that is detected by ESS/EAV. If you come across a suspucious file that is not detected yet, submit it to samples[at]eset.com for further analysis.

    As for the error "decompression could not complete", you either have your disk full (not likely), or ESS could not write into your temporary folder.
     
  3. jilo

    jilo Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    11
    Hello thanks for your answer. I know that any Security Suite is perfect.
    But I realise after this test that ESS doesn't have "behaviour" scan to alert me if a malware is not in its bases.

    Other Suites could misses this malware but warn me of its some dangerous action (try to modify registry or hosts file, try to use or modify another process).

    Could you tell me how the "heuristic" scan works ? For example, does it detect some of these behaviour ? ;)

    (about the file i have sent it with ESS, and about the temp file I didn't have any problem like this in the past, I will look at it)
     
  4. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    ESS needs a behavior blocker as soon as possible in my opinion - it would be a much needed layer for advanced users.
     
  5. Pfipps

    Pfipps Registered Member

    Joined:
    May 15, 2007
    Posts:
    181
    Threatfire in my opinion is a good addition to ESS, it's mostly set it and forget it.
    DSA can also be added. After that, you can run an on demand anti-spyware and Boclean. By this point, anything else related to antimalware is overkill.
     
  6. zoomster

    zoomster Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    13
    Do ESS and Threatfire work well together? Does it mean you can install Threatfire on top of ESS? I use SAS on demand. Would SAS real-time be adding much to my security against malware? Can someone pls advise? Thanks
     
  7. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I agree with marcos Nothing Is perfect Nor ever Will Be at least In my Lifetime.
     
  8. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    you miss the guys post this is the same problem that I have ESS is not setup correctly to scan archives. It's an ESS problem & he probably runs vista...in other word it would find the malware but the engine doesn't scan correctly...
     
  9. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hi,

    which type of file is packed in archive?
     
  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I didn't miss post # 3 finally when extract Files with Winrar,Ess Failed to Recognize one of the mailware. So I am wondering If I have made the best choice for security?? and how heruristic scan works?? (heuristic and advanced heuristic are activated) In The past nod32 2.7 Has also failed to recognize a keylogger and a rootkit.
     
  11. jilo

    jilo Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    11
    It was *.exe files

    You can see in this report what kind of malware is it
    ~removed link to virus total result~

    (I can tell where I have found it in PM). I have sent file for analysis but no news from Eset...)
     
    Last edited by a moderator: Jan 15, 2008
  12. jilo

    jilo Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    11
    Mmm what's the problem with the link ?!
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    See the Policy.
     
  14. jilo

    jilo Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    11
    The rules speaks about "start a thread here to either praise or bash the anti-virus scanners involved."
    It was not my objectives...
    I made this link to explain what threat is it, what I can't do with my personnal NOD32 because it doesn't detect it, even with the best scan settings...
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    It is best to simply submit files to ESET for examination. They will then determine the status of the file at that point.
     
    Last edited: Jan 16, 2008
  16. jilo

    jilo Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    11
    I've already sent the files by the "send for analysis" function in NOD32, and no answers. It's the reason I've made the thread.
     
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
Thread Status:
Not open for further replies.