sunbelt vipre problems

Interesting because the eicar.com file sailed through Vipre on my laptop and other users have seen the same non-detection of the eicar file as here and here show.

 

Yeah, that's odd. However I've been using VIPRE Premium 4. Havn't tested nor used the new beta version yet.

 

Therefore, it's probably the web-filter/IP/IDS in the Premium version which causes the difference between it and the standalone AV.

It would be of interest to compare the detection abilities of the Premium and the standalone AV.

 

Indeed, perhaps NickHSunbelt could give us a hand over here.

 

With the "Check files when they are opened or copied" (on-access) option disabled, VIPRE's Active Protection will not detect Eicar as a threat. This is because Eicar is not actually executing itself. As it's a 16 bit com file it's being run through a virtual DOS machine (ntvdm.exe) so VIPRE would be scanning ntvdm.exe as this is what is being executed. As eicar is being launched through this other known good executable and not performing any actions, it is not detected as a threat.

When the "Check files when they are opened or copied" option is enabled in VIPRE, Eicar will be detected by the on-access scanning as the Eicar com file is being accessed in any way.

It sounds like atomomega may have used another test file other than Eicar. If the test file were one that actually launched then it would be detected even with on-access scanning disabled.

Basically, with on-access scanning disabled, VIPRE's Active Protection will only scan files that are executed. While having the option enabled definitely provides better protection, having it disabled should still prevent any threats from executing and causing any harm on the system.

 

Nick,

Thanks, the latest beta fixed the two issues I was having.

Hawk

 

Vipre Premium firewall became silent ..!!! Vipre only asks when I execute any unknown exe... (AE mode) but don't ask when it tried to connect to internet... Am I missing some settings... I remember it was not silent 2 months ago...

 

SG09,

Have you set VIPRE to simple mode? To check this, open VIPRE. Go to the Firewall tab. Click View Settings. Click the first Exceptions button. In Learning mode the "Any other application" settings should all be set to Prompt. In Simple mode this would be set to "Block Allow Block Allow".

If you have set it Simple mode and want to set it back to Learning mode you'll just need to open VIPRE. Go to the Firewall tab. Click View Settings. Near the bottom, click Reset to Defaults. Select the Reset to Learning Mode option then click OK. Make sure not to select the "Delete all user defined firewall rules" option as this would delete any rules you've setup.

 

Thanks a lot Nick. Yes somehow I may have selected simple mode.. May be during setup...