How does the company you work for handle the "unknown" executables?

Please tell us what the company you work does to stop unknown executables running in their network.

thank you!

Melih

The company that I work rely on Symantec EndPoint Sec and its secure (as far as I know of).

In my company i run CIS + COMODO Endpoint… all great too…

The thing is to have a nice firewall well configured. But this question doesnt mean anything if You keep pushing CIS versions with a lot of bugs and problems that I have talked about for a looooooong time…

Melih do schools or education institution apply?

If so, mine uses Symantec Endpoint security and MSE. Which does nothing to block unknown threats/files.

yes schools and education too…

what do they do about unknown executables?

They block anything that is not whitelisted on their proxy, when it comes to web, and in endpoint by symantec, when it comes to any source thats not web related.

example 1: if a person downloads a file called “e-w32/er.pp.app.truste|cc&$.exe” the file will be blocked by the proxy list just because its related to a insecure source registered back in the days…
example2: if a person copy a file (from hdd, pendrive, cd/dvd, network, etc) called “xxx” (soemthing thats related to not know app) it is blocked by endpoint symantec.

thats the actual behavior on the security matter on the place that I work (its government).

I personaly think that the best way to go is to sandbox anything not know but letting things run (sandboxed) and see what it tries to do, then block the behavior, not the file itself. when a vacine comes in place then we erradicate the file for good.

cis do it in a great way, but its bugs makes it useless for us.

as BuketB send me a message asking for more informations about what I wrote above here, I answer the message with this message:

"no problem. Ill list the bugs that intrig me on my personal computer and on 6 computers that I personaly care about (4 desktops of my clients and 2 notebooks of my family, mixing windows 7 pro and windows 8.1)

  • The famous gui lags and slow downs and hang outs that everybody complain about on the forum;

  • The file proprieties are removed by CIS (I dont know how or why) when the files comes from internet, pendrives, cd/dvds. the files affected (that I see for myself) are: .exe, .jpg, .mp4, .mkv, .wmv, .ini, .■■■, .srt, .cab, .7z and .rar;

  • CIS ignores the trusted list when the files are moved from one source to another. example: If I trust a file lets say called aaa.exe (that cis auto-sandboxed once) then the file is trusted and everything is fine, until I decide to move the file from the actual place to another directory or source. If I move this exacly file to a pendrive or even to another folder on the same disk, CIS will block it again ignoring that the file was truste before. This bug I already talked about sometime ago and, I beleave, I posted as a wish for future versions (this when we where on CIS 7 yet);

  • CIS do not manualy scan files every time we right click on the file and click on the comodo scan file option. Sometimes the option works and a new window is opened with the status of the manual scan, but sometimes (the majority of the times) no window is opened and no action is done.

These are the “normal” bugs that Im forced to deal with when using CIS on all machines that I take care of. These bugs makes CIS useless even if its secure and if it works great for prevention and sandbox etc etc. but when we stromble with these situations all the magic behind CIS fades away because these bugs makes users angry and makes users not trust in it. Imagine if you receive a file from a friend, by email, but you are suspicious about this file. Then you right click the file and select the option to CIS scan this file and CIS do nothing. What will you think about this security software? atleast that its not secure… thats my point.

Show this message to Melih so maybe he can picture the reality of the todays CIS and focus on solving these issues instead of forcing the idea that CIS is a product from Gods. I love CIS and I love how Melih do business but sometimes even the more simple and profetional man has its times of “thinking more than doing”. Is CIS great? Yes, it is. But its becoming useless edition by edition with these old problems not geting solved."

I do not like to talk by pm. Lets see what people say about these issues that I talked to You too.

EDIT.: a typo errror :stuck_out_tongue: sorry. its not “I love Melih”, its “I love CIS” :stuck_out_tongue: my bad… im married guys, im married with a beautiful woman :):):slight_smile:

every good software hardware goes threw expansion and perfection cycles. Its not rocket science. I can’t find the ted talk but there was a tech author that talked about dragon dictation and for a whole development cycle all they did was improve word hit accuracy. Just making what they had more precise at what it already did.

Yro, who is married to a beautiful woman :slight_smile: ,

Buket is the product manager who is trying to improve the product. So if we all help her with our feedback, she can then improve CIS.

thanks
Melih

:P:P:P

I didnt know that Buket was a girl.

We are trying to help with feedbacks in here. She has told on another topic that you will release another update to cis this week. Lets see what happens… I hope for the best.

If not, we will keep pushing complains and feedbacks until CIS has its gloruous days back and forever. Im intented to do so. To stick with CIS and help with any information that I can provide. I dont have time to expend with it but theres always a “10 minutes to poke around”… so lets use these 10 minutes per day…