Discussion in 'Prevx Releases' started by Hugger, Jul 19, 2011.
Look at the MRG test results and please tell me I'm hallucinating.
Prevx failed 3 of 4.
The Flash tests are over single samples which don't reflect the tens of thousands of other samples we're blocking every day. There isn't an issue - no vendor finds 100% and it is easy to find files that would bypass every vendor listed every day if wanted - it is just the nature of today's malware.
You don't think that the MRG flash tests have any value? That is the essence of what you're saying, isn't it? I'm not saying that I do, I'm just trying to clarify, is all.
No, they do have value. They are a point-in-time snapshot of single file threats and need to be understood as such. Just because we missed SpyEye today doesn't mean that we miss all SpyEye - it could very well just be that we missed that single sample. To put it in perspective - we have detection over several hundred thousand unique versions of SpyEye alone.
I don't have the MD5s/samples of the samples so I couldn't get further metrics on the scope of these files but most infections today are designed to only ever affect a very small number of users.
Ah ok, I gotcha.
It should be pointed out that any missed samples are sent to the vendor before the test results are published - quote by Sveta of MRG:
So Prevx should actually have copies of those three undetected malware.
Also Prevx would have them in there database when MRG scan them that's the good thing about full cloud based Anti-Malware we don't have to wait for a signature download to be protected!
MRG test with programs at default settings. If age/popularity based heuristics were increased, I would assume Prevx's detection rate would increase in these tests.
I have always run max program heuristics and high age/popularity and don't find false positives to be excessive, but am now considering an increase to max for both.
PrevxHelp (Joe) are you able to tell from your end what difference an increase in age/popularity based heuristics would have made in each of the missed samples from the MRG tests?
I'm not sure - I haven't been able to find who within Prevx is receiving the samples from MRG so I still don't have visibility into them. I'm still investigating and should hopefully have an answer by the morning.
Could you get ur hands on them? I'm curious eheh
Separate names with a comma.