CIS: two tests

khanyash · February 18, 2013, 11:29am

This is Avast Premier 8 Beta v/s CIS 6 Test.

Comodo is tested later i.e CIS 6 Test starts at around 30 Mins. At the end i.e the 10th malware link is a ransomware & it is autosandboxed. He tests 1-2 more links & the system restarts & reachs desktop & again restarts & this time the big ransomware screen at the boot. On the 9th link he killed cavwp.exe CAV processor, dont understand why?

Confusing for me as the test is not in english.

Your comments & info plzz…

spywar · February 18, 2013, 11:46am

Also if Avast does not detect evry missed samples by Evo-Gen it’s because they are too old and Evo-gen started working since beta1 …

khanyash · February 18, 2013, 12:00pm

Do you mean Evo-Gen will detect every new/fresh samples? No, right?

spywar · February 18, 2013, 12:17pm

Yes every thing that passed throught their Virus lab things like Virustotal’s samples user’s submissions honeypots etc etc …
And they push the Evo-gen detections with VPS but mainly with streaming updates (about 1 stream every 10 min).

Chiron494 · February 18, 2013, 1:25pm

But there’s no way it can detect everything. By the way, is it by any chance very similar to Valkyrie?

siketa · February 18, 2013, 1:32pm

I guess Valkyrie should be something like Evo-Gen…

spywar · February 18, 2013, 2:43pm

Off course first samples need to come to virus lab, then they analyse them with Evo-Gen and Malware Similarity Search and push detections for users through FileRep (instantly especially for FileRepMalware) or streaming updates and VPS (for Evo-Gen). I did not find a FRESH sample bypassing these things for a few days (testing in VM). But in that test naren gave, samples are old (Evo-gen started working in feb).

spywar · February 18, 2013, 2:44pm

Mostly for the Static detection part.

NSG001 · February 18, 2013, 3:42pm

Thanks for link Naren :-TU
Anxiously awaiting CIS 6.1 with valkyrie coming into action

Still here then Siketa

spywar · February 18, 2013, 3:47pm

There is no need of a new ver … Valkyrie is cloud based they just need to connect it with backend stuffs and then it starts to add EVERYTHING detected as malware to DB (on each update) …

Number of Definitions Added Today: 35227
Don’t know how many (but sure more than 80%) were added by automated systems.

khanyash · February 18, 2013, 5:19pm

Heyy Guys,

I posted the link for CIS & not Avast. And I mentioned the reason in the first post.

Can anyone watch the test & comment here.

In partial limited I know some ransomware bypass CIS but I never came across any malware in my test or youtube test which appeared during boot & stopped system boot.

In this the ransomware appeared during boot & stopped system boot. The strange thing was the system automatically restarted 2 times, during 1st restart the ransomware didn’t appeared during boot & system reached desktop but on reaching desktop within few secs the system restarted again & this time the ransomware appeared during boot & stopped boot. This was weird.

The test is not in english so I dont understand what he is saying & sometimes what is mentioned on the system. But I downloaded the test & watched it couple of times.

May be I am missing something & not getting things correctly.

If anyone watch the test plzz comment & give info here.

manzai · February 19, 2013, 5:53pm

Bonsoir,

Je ne parle pas anglais, donc obligé de vous répondre en français.

Comodo a bien échoué face à un Ransomware, vous voyez bien que le bureau disparait alors qu’il est Sandboxé.

Au 1er redémarrage, Comodo ne démarre plus.
Comme tout testeur, j’ai redémarrer une 2e fois (mon logiciel de capture avait planté)

Et la, je vous laisse deviner …

Aussi, concernant le Muldrop, il a aussi été sandboxé et il était très actif sur le pc …

Bonne soirée

siketa · February 19, 2013, 7:47pm

Avez-vous entendu parler de tous les services Google Translate?

khanyash · February 22, 2013, 11:08pm

XP SP3 32 Real System (No VMWare)
CIS 6 latest
CAV not installed
Internet Security Configuration (Default Settings)

Links Test i.e Malware links from malwaredomainlist, cleanmx & malc0de were copied & used for the test.

I clicked Sandbox whenever got Unlimited Rights popups.

After system restart KillSwitch showed no active malware, Quick Repair showed no prob, AutoRun showed no malware entries. CIS Cloud AV detected 4 malware.

HitmanPro found many malware. Few in CIS folder too & Java folder, Office folder, etc…

Attached are HitmanPro screenshots

I also tested Avast 8 RC2 Free with the same links. PUP Enabled for all the shields. Avast has NetworkShield (URL Blocker) which blocked quite a few links. Evo-Gen & FileRep were also good. I didn’t got any autosandbox popup. After system restart, with all the shields & new Evo-Gen & FileRep it did very good. KillSwitch, QuickRepair & AutoRun showed no probs. HitmanPro found 1 malware & 1 Yontoo entry was there in msconfig -startup.

[attachment deleted by admin]

SanyaIV · February 22, 2013, 11:16pm

Honestly I think such results are to be expected with the default settings (not saying that default settings should be like that, just that they are) Or did I miss something? ???

I hope I can purchase this laptop I’m borrowing for cheap since I need a new testing computer (motherboard is busted on the old one and can’t find replacement =P but even if I were to find a replacement this laptop should be cheaper) and then I can finally test my setup to see what flaws may lie within.

khanyash · February 22, 2013, 11:37pm

As the screenshots shows malware files in Office, Java, CIS, etc… folders, can this create probs for those programs or infect those programs & perform malicious actions? Malware files in CIS folder, can this affect CIS functionality?

a256886572008 · February 22, 2013, 11:47pm

CIS can block the “creation of files” for the following locations only.

%windir%*|
?:\Documents and Settings*\desktop*|
?:\Documents and Settings\All Users\Start Menu*|
C:\Documents and Settings\All Users\Application Data\Comodo*|
C:\Documents and Settings*\Start Menu\programs\Startup*|

You can delete all unrecognized files in the list before doing the virus scan.

It is like the “reset sandbox”.

Or, just set the sandbox level as fully virtualized

and reset sandbox before doing the virus scan

Chiron494 · February 23, 2013, 12:00am

Was the system actually infected after a restart, or were there just inert pieces of malware in those folders?

khanyash · February 23, 2013, 1:17am

Chiron,

As I mentioned in my first post, no active malware, malware files in folders including CIS, can they harm CIS or the programs in which folders they are?

I think sometimes Cloud doesn’t detects though definition is there (Checked with VirusTotal) & I have a doubt, Cloud doesn’t cleans/quarantines properly compared to local CAV installed.

I am going to test the same links with CAV installed to check any difference & post HitmanPro result here.

khanyash · February 23, 2013, 7:20am

Ok I tested with CAV installed now & with many more links. Same results as I mentioned in my 1st post.
As usual default settings.
When I got Unlimited Rights popups I clicked Sandbox.
After test system restarted.
No active malware, only 1 entry RegCleanPro in msconfig-startup & this entry was rated as trusted in AutoRun.
CIS quick scan didn’t found anything.
CCE quick scan didn’t found anything.

HitmanPro found many malware.
Attached are the screenshots.

Now testing Avast Free RC2 again…

[attachment deleted by admin]