Panda Cloud Antivirus 1.1 Beta Released

BTW Pedro, What is this Panda Beagle there at you desktop?

 

Just a very cool internal tool

 

File Renamer ? Or Panda Labs Internal AV solution?

 

No, these are not old files. I was asking how suspicious files (in fact, they are still there even as I speak!) could remain on my desktop for so long. And that got me into my new question; how come a malware sample were still going undetected when I've executred it in a virtual machine for several hours? That goes for the 5aa617a53c7cf22cf1495d0133400449 file. Now, that you conveniently added protection against it after I reported it here on Wilders (so much for automatic analysis...). It's still on my desktop being suspicious. 1) Should it not be removed to PCAs trashbin? 2) What do I do with all these files that are looked upon as non-suspicious but I _know_ are malware? Run them in an executed environment and hope PCA will add protection? Since Panda claim the system is automatic, is a right-click-scan on malware file enough for it to get queued in the analysis system?

I am glad you're sorting things out here, but I'd really love to get my questions answered.

 

Give them some time, your files be removed automatically.

Rest Pedro will tell you...

Edit:- Earlier you are saying that these files are old enough and now you changed your wordings...That's not fair. This is cheating !! (Just Kidding)

 

No, you've misunderstood me. I tried PCA for a few weeks but got tired of having all these 'suspicious' icons on my desktop without them getting a final detection. Hence I unistalled PCA in favour of some other AV. Now I am trying it again and obviously, I do not have access to the exact same malware I had back then that was bugging me. Therefore I downloaded new malware to prove my point.

And also, should not never-been-seen-before executables get checked against Panda Cloud and if they're totally new get blocked until they're whitelisted or blacklisted? Because if this is not the case, then I see no benefits over any ordinary AV which also takes a few hours before protection is added against new threats.

 

Like I said above, detection was added automatically by the cloud servers before I could add it manually.

 

See you have to understand that every undetected samples take some time to get analyzed. Some samples are coded very much professionally that they need to be analyzed manually and in special environment. Those hard coded samples can evade the special scanners at AV labs, hence they need manual analysis which may take some time.

About these samples i cannot say anything because i am not the right person to tell about them.

 

What do I do with all these files that are looked upon as non-suspicious but I _know_ are malware? Run them in an executed environment and hope PCA will add protection? Since Panda claim the system is automatic, is a right-click-scan on malware file enough for it to get queued in the analysis system? The MD5: 5aa617a53c7cf22cf1495d0133400449 virus was not considered 'suspicious'... how would I know it will get into the Cloud Protection?

And also, should not never-been-seen-before executables get checked against Panda Cloud and if they're totally new get blocked until they're whitelisted or blacklisted? Because if this is not the case, then I see no benefits over any ordinary AV which also takes a few hours before protection is added against new threats.

 

You can execute them ...

BTW why don't submit these missed samples to them so that they can analyze it properly? This would be the best way to get them added into their malware database.

 

Adding them manually kind of takes away the whole thing about "PCA doing everything automatically", does it not?

Here's another rouge AV sample with MD5: 69f3949141073679b77aa4d34e41a3e7

I've had it on my computer all day. I've executed it with PCA four (4) times now. It was first seen 28 hours ago. And still I get infected each time with it. And no 'suspicious' tag on it whatsoever.

 

There's literally tens of thousands of these "new" malware files released into the wild every day. These tens of thousands of new daily variants are optimized to bypass signature and heuristic detection, so what AV does is adapt to detect it... the sooner the better. That's where analysis automation + cloud-based scanning is able to offer very good response times in adding detection for these new files.

We try to prioritize the most urgent ones of these tens of thousands of daily new malware samples. I'm betting that you went to MDL and downloaded some of the newer entries and checked them against the product. How do you know these two files are more priority than the other tens of thousands of files released that same day? How do you know they have infected more users or has been spammed or delivered via drive-by more massively than other samples? This is where cloud-based decisions can really help in prioritizing the correct samples to add detection to.

If the file is only "new at MDL" this does not mean its more urgent than others and that detection should be added sooner than others more urgent ones which might be more prevalent. Or do you really think end-users are just sitting in front of their PCs waiting for a new entry at MDL to download and execute to "see what happens"?

 

Big deal... you can do that with any AV.

Just download everything that gets posted to MDL and see it infect the PC eventually.

What does this prove?

 

Now we're getting somewhere and I am beginning to see how you resonate. But, if I know I have a malware sample, and PCA is missing to put a 'suspicious' tag on it, how should I proceed? The PCA system is automatic you say... so I just need to scan it by right-clicking and it'll get added to your big-ass queuing machine?

And yeah, browsing on MWD and infect computer with every AV is possible. But since I really like (and even adore) the idea of your AV and its GUI and really, really want to use it, I want a real discussion about its mechanics.

 

Yes
But my point is that normal users don't sit all day long staring a MDL in their screens and downloading & executing anything they see there. So you can't compare that behaviour with the typical user behaviour and, ergo, the detection by the AV.

 

To further illustrate my point here's some data on these files being found by the cloud-servers running in real end-user machines:

69f3949141073679b77aa4d34e41a3e7 - 0 machines
5aa617a53c7cf22cf1495d0133400449 - 42 machines
55cffc0e9e05d00ce406ebc1974a206c - 0 machines

As you can see from the PCAV detections the one which was found running on actual machines has been prioritized and detected sooner than the others.

 

Very nice. But do you have run execute these viruses or is a right-click-scan enough to get them into the virus-analysis-queue?

 

Normal users have better things to do then executing malware samples from MDL

Good Shot Pedro!!

 

Since I am here at Wilders, I am no 'normal' user.

 

Like I said before there are many different factors we use to determine "priority", and the combination of them is one of the secret sauce

 

Hey Bro,

I and Pedro is not saying that you are a normal user, what he wants to tell you that there are number of samples which are circulating far more seriously then some handful of samples. So the priority goes to the high circulating samples than the low circulating new samples...

Off Topic:- Am i correct Pedro?

 

Exactly!

 

Thank you !! So i guess "Shadek" you are completely satisfied with the answers...

 

Aha, so the gathering of malware samples is a secret! Why did you not say so in the first place? But that sucks on the users part, since we do not know what we should do with undetected malware which we may for various reasons don't want to e-mail to you.


Good riddance. I finally got the answers I wanted answered. Take care pbust and thank you for your time.

 

Undetected samples will soon get detected !! Its Universal Law.

BTW i was not "Thanked"...This Is Cheating !!