OA hinders avast's evo-gen/filerep detection!?

Discussion in 'other anti-virus software' started by true indian, Jul 9, 2013.

Thread Status:
Not open for further replies.
  1. true indian

    true indian Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    755
    Location:
    india
    I just had a person who tested avast and OA with a particular sample set that spywar gave,I tested the same pack with avast on while the pack was been extracted and since evo-gen works real time avast caught mostly all and left behind 2.

    But when this guy disabled avast and extracted and manually scanned and removed and then enabled avast,started execution I was taken back by suprise,I didnt see any pop up from evo-gen,I am not sure,but I can certainly say that this is OA hindering the backend detection from avast by blocking most of the files earlier itself.

    Here is the link to the test: http://www.youtube.com/watch?v=v3-T60VZn74

    Avast should have caught the most with evo-gen and only left 1 or 2 behind but because of OA it doesnt happen,Uhm!??
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    did they add an exclusion for avast?
     
  3. true indian

    true indian Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    755
    Location:
    india
    I certainly think not,My main point is that,If OA blocks everything before execution it increases that user dependency line for these type of semi-real world condition tests.

    Since evo-gen works in real time it will work while samples are being extracted but here avast disabled during that while so it should catch samples while execution which because of OA it doesnt.But as you see 7 or more samples were detected by avast's evo-gen while he was deleting the samples from the folder which is not the point,OA should NOT hinder avast's on-execution detections.
     
  4. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    693
    Location:
    Hogwarts.
    So basically OA is beating Avast to the detection?
     
  5. true indian

    true indian Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    755
    Location:
    india
    Yes,I mean,where avast should Have pick that file up while execution with evo-gen OA doesnt allow it but instead call's it as unknown or malicious and consults the user
     
  6. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    OA blocks them by doing cloud lookup with Anti Malware Network. Check files with hashes, all are classified as malware http://www.isthisfilesafe.com/
     
  7. true indian

    true indian Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    755
    Location:
    india
    But that shouldnt be hindering avast,because avast gets evo-gen detections from the VPS so that shouldnt be a excuse.I am not sure how this thing works out.But it surely doesnt allow avast to pick files with evo-gen atleast with OA on there while execution.
     
  8. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,122
    If I clicked allow in OA, will AVAST detect using evogen?
     
  9. true indian

    true indian Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    755
    Location:
    india
    Majority of the files after the on demand scan are blocked by evo-gen so yes for that particular pack,avast should be detecting almost 100%
     
  10. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    Evo Gen signs are released throught VPS as well as streaming updates. Maybe during the tests, Evo Gen was not covering them and during yours, they pushed new detections...Isn't this possible ?
     
  11. true indian

    true indian Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    755
    Location:
    india
    Impossible...I did the test even before that test was done :)

    I did the test again with OA and it was same consequence.Then how the hell in the video,while the files were being deleted by the tester avast picked those up because it had the evo-gen sigs but during execution OA didnt allow it to detect it with evo-gen
     
  12. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    I bet if you allow the file through OA, that avast would pick it up.
     
  13. spywar

    spywar Registered Member

    Joined:
    Oct 23, 2012
    Posts:
    583
    Location:
    Paris
    Basically yes.
     
Loading...
Thread Status:
Not open for further replies.