Does CIS detect autorun virus?

Adonis · July 15, 2011, 5:12pm

Hello guys!

I have a question. Does CIS detect autorun virus that plagues usb flash drives in my university. I use now Avast 6.0 and it detects and deletes it pretty easy and fast the moment i connect an infected flash drive to my computer. Now i want to install CIS again as a full suite with its own AV. That’s why i want to know will i be protected with CIS against this threat

siketa · July 15, 2011, 5:55pm

Yes.

Adonis · July 15, 2011, 7:05pm

Thanks a lot! Now I feel much safer installing CIS :-TU

clockwork · July 16, 2011, 12:54am

if the antivirus doesnt catch it, it might be allowed to run in the sandbox! cant do permanent harm probably, but it might run for the time until reboot, and might leave “files”!

thats why i dont use the automatic sandbox.
so, if an autorun something would try to run here, defense+ should ask a question. when i enable an usb stick, i read VERY carefull what the question is about. the autorun virus is not able to run in this case, until i make a mistake.

antivirus can only catch an autorunner if it detects it. one day its this antivirus which fails, the other day another one. defense+ (without sandbox) denies on every day, gives you the chance to decide.

and of course, maybe someone else might be protected because he has the sandbox enabled…
what i am trying to say: choose what you are able to handle, and keep your eyes open

Adonis · July 16, 2011, 10:07am

Thanks for your advises! So what do you recommend me to do? I used Avast 6.0 before and was absolutely sure it catches this autorun.inf virus each time I connected my flash drive to the computer ???

clockwork · July 16, 2011, 2:41pm

i recommend to use an antivirus AND a host intrusion protection like defense+.

when i would go into a new network, i would set defense+ to paranoid, because usually you dont need to let something unknown run while you are connected in an university, or like that. then everything that tries to run, should produce a question. even “digital signed” files. better safe than sorry.

you must decide for yourself, if you want a possible dangerous file running inside the sandbox (safer environment but running), or if you want total control over things that try to start. remember, when sandbox is disabled, and you would allow the wrong thing, it will harm your computer. so decide, are you able to make no mistakes, or is it better that a malicious file runs automatic in the sandbox, and maybe leave malicious files or is doing stuff BUT with reduced rights.
i recommend, its better when things dont run at all, as long as they are unwanted! in new networks its easy: everything is unwanted to run at first!

defense+ can protect against autorunners. the operation system can be SET TO BLOCK AUTORUNNING. this is the first step!

panic · July 17, 2011, 12:53am

And therein lies the problem - there isn’t just one autorun.inf malware. New ones get created and it’s up to the AV to have up-to-date signatures or technology to detect them.

Clockworks advice is, IMHO, sound and correct - an antivirus AND a host intruction protection.

Ewen

Adonis · July 20, 2011, 5:56pm

So I hope D+ will stop it. I switched to proactive 8)