Panda Cloud Antivirus 1.1 Beta Released

OK, so you want the AV to flag all your documents as "uncertain" and bomb you with warnings about them?

 

We would not have lots of FP, because accordning to Panda, each file is analyzed within 6 minutes; after that the file is either whitelisted or blacklisted. So no FPs there. And yes, other vendors require users to manually upload a few samples every now and then, but Panda CLAIMS you don't need to do that. So, Panda is actually to be considered malware for getting lots of people think they are safe (sort of like a rouge AV).

 

Well, as already mentioned that 6 minutes is plain not true. Plus - and mainly - I have zero desire to upload my documents to Panda Cloud to stop it from flagging them.

WTH are you talking about here?

 

Just to point out here that Panda is not a fakeav and that is as far off topic as I am getting. Lets get back to discussing the Beta

 

Wow, it's amazing how much ignorance and bad vibes can be put into just a couple of sentences...

We've *always* said that in the best case scenario a file takes 6 minutes to be analyzed by CI from the moment it its received. I mention "best case" as the processing queue takes many things into consideration, such as heuristic flags, prevalence, source of the file, how the file is found (running vs. latent), and a very large etc. So if *your* file hasn't made it to the top of the processing queue its no reason to have mental seizure.

This has been well documented as well in various places. You can opt out of having PCAV submit files automatically to the cloud-servers. Also, "documents" are not scanned by our cloud-servers, only PE files.

 

Hi, that was just a response to the shadek's suggestion that every unknown file should be treated as suspicious until uploaded to the cloud and analyzed. I wasn't suggesting that PCAV steals your documents or anything.

 

I see, that's what I understood from the sentence:

But thanks for clearing that up

 

"Another benefit of using cloud-based detection is that the time from detection to protection has been shortened a lot. It takes C.I. literally under 6 minutes to analyze and classify a new file that it receives. "

You cannot get away with it. It clearly states under 6 minutes. And now you're saying it's the best case scenario? That's not how you promote the software on your webpage. And please don't imply I'm getting a mental seizure. I'm just attacking the way you're promoting PCA and getting normal users fooled to think they might be safe when they're actually not. Furthermore, I'd like to point out that I am following the progress of PCA as I am a keen admirer of what the project is trying to accomplish, but there are still things which are clearly not even close to other vendors' protection. Those 'things' are stuff I like to point out, which I am doing in this very post.

 

Yes it says that and it is true. Many files are analyzed and detected automatically within 6 minutes of being received. We've had very respectable people from the sec industry visit our labs and see this first hand. If you don't want to believe it that's up to you, everybody is entitled to their personal opinion. But going as far as calling it "rogue" is a little far fetched don't you think?

 

I confirmed that files are analyzed and detected automatically within 6 minutes of being received by Panda's Collective Intelligence...Yesterday i have tested Panda Cloud with 838 ITW Samples...Out of which it missed 154 but after an hour when i again scan those missed samples then out 154, 50 got detected. And within 15 minutes the number goes upto 65 (Confirmed by Pedro).

So yes Panda Collective Intelligence took fraction of minutes to get other 15 detected as malwares.


BTW Pedro, i have asked you one question @ PM. I hope you will soon reply it !! This will really help me. Hope you understand the urgency...

 

I noticed a certain file being considered 'suspicious' for over two weeks and not removed nor change of status. This file is a known malware.

 

Even though I'm not currently using PCA; however, I tested it for three days with a sample of 30 malware each day and in the end my virtual machine was pristine no infection whatsoever. I was pretty impressed iwth its ability to protect and cleanning. To me, PCA does protect users and based on my test I felt protected.

Thanks.

 

I need evidence not just your word. Please PM that sample to me.

Thanks.

 

Sorry I fail to see the problem you think you have:
* If the file is marked as suspicious it is removed (check the file's size). The only thing left is a modified icon.
* If it is detected as suspicious this is still a detection and PCAV will not allow you to run the file.

So your "problem" seems to be that it hasn't been given a specific name, not whether it is detected or not.

Feel free to give me an MD5 of send me the file itself and I will check it out, but I stand by our statements of the level of protection offered by PCAV.

EDIT: Just to clarify, PCAV's cloud-based detections can be suspicious (by cloud-heuristics), generic malware, trj/ci.a. or other specific family names. The fact a file is detected as "suspicious" by our cloud-scanner (which detects heuristically over the cloud as well as signature-based) does not mean it is not detected.

 

If it is indeed marked as "suspicious" and being handled by the the cloud servers for analyze, why is the file still on my desktop where I downloaded it? Shouldn't it be removed to PCA's built in trash-can? As, I've said before, I love the project going on here. I'm definately a future customer, but there simply are things I am doubtful of yet.

 

The only thing left on your desktop is a modified icon. The contents of the file itself are in the Recycle Bin. You can right-click on the icon and either delete it permanently or unblock it.

EDIT: If you send me the md5 or the file itself I can look into it more in-depth.

 

Bit Off Topic:- Sir Pedro, Can i have your attention at your PM? I have asked you something, i hope you will solve my issue soon. Thank you.

 

Sorry for the late reply.... done!

 

Does the file on your desktop have either of these icons?

 

Yes, like the one to the right. Why are the still there for weeks? For how long will the files be 'suspicious' and not detected as malware? The cloud is supposed to classify these 'suspicious' files within minutes or hours you say. But sometimes there's no mark/icon on malware .exe at all. What do I do with these (I am very well aware these are malware in the first place since I am testing the antimalware system)? PCA claims all files are automatically analyzed. But if I start those .exe I get infected big time.


What do I do with the two .exe files on the left hand side?

 

Post their MD5 so I can see what they are and what happened.

 

DSC209854.com = 5aa617a53c7cf22cf1495d0133400449 There's no detection at all. I ran it, it injects something into my iexplorer.exe and asks for access to internet.

sdsd44432d.exe = 55cffc0e9e05d00ce406ebc1974a206c Here, after execution, Panda seems to step in.


So, have a look at the first example. You'll see that it's definately something deceitful there.

 

They were detected as suspicious automatically before I had a chance to even force detection manually.


Btw these files are very recent, 24-48 hours max. You said you had these files for weeks? Where did you get them from?

 

Can you please let me know when you receive this file ? According to your MD5 its the latest sample which is being detected by couple of AV companies...

Should i provide you the whole details of your Sample? OK. Here it goes:-

1. Sample:- File size :- 45056 bytes
MD5 :- 5aa617a53c7cf22cf1495d0133400449
SHA1 :- 4d4340e033c337a6bc4ccd1e5b11e7860af3b05b
SHA256 :- 7cb46f16c8709bcdacb5ba0f6a643cb73b84177cb50500ee79a5b6d955461b01

Detected as:- TR/ATRAPS.Gen, Win32:Rootkit-gen

PANDA LABS Detected it as "Suspicious files"

2. Sample:- File size: 2902528 bytes
MD5 :- 55cffc0e9e05d00ce406ebc1974a206c
SHA1 :- eec0ff5a17caf9c7db8460bbd81f1985a6b3dc43
SHA256 :- 7fa5d2abcb0e9674634c50f95767b32cdee85fecb60c7dc3acfa4cfca12542c9

Detected as:- Backdoor.Tidserv or TrojanDropper:Win32/Microjoin.gen!B

Yet to be detected by PANDA LABS !!

Are you sure these samples are old enough? I don't think so !!!

 

Hey Perdro,

I guess he's misleading us....These file are very recent one. Even i have cross checked it !!