Prevx & Panda Sandbox Times

Discussion in 'other anti-malware software' started by AndyXS, Jul 9, 2009.

Thread Status:
Not open for further replies.
  1. AndyXS

    AndyXS Registered Member

    Joined:
    Mar 17, 2009
    Posts:
    44
    Does anyone know the time required between scanning a 0day trojan and the it becomes known as malware.

    One other question for panda. Will you be adding a stats page like prevx did? Its good to read the sandbox reports.
     
  2. Retadpuss

    Retadpuss Suspended Member

    Joined:
    Apr 4, 2009
    Posts:
    226
    Cant speak for panda, but Prevx seems to catch most within 24 hours, but it relies on it having been seen in the population. I believe, once seen a handful of times its detected - so quite possibly within an hour if it spreads fast enough.
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Most samples are automatically added within about 5 minutes but it depends on the sample - some samples delay their behavior or download other samples so everything needs to be taken into account.

    Retadpuss is correct, however, that once a sample starts spreading (to even 2-3 users) it will be most likely caught automatically before it can get any further.

    We also do automatically determine between 20,000 and 30,000 new threats every day on the absolute first time they're seen before they execute, meaning the entire community is immediately protected even if you happen to be the first user to encounter the file.
     
  4. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,173
    Location:
    Spain
    In the case of Panda its very similar to Prevx. We process approx 60.000 files every day. Each file takes approx 6 minutes to classify. Telemetry from the community is also taken into account to prioritize some files over others. This same telemetry is also used to detect prevalence for protection during offline operation.
     
Loading...
Thread Status:
Not open for further replies.