Advice Request Adaptive Defence 360

[XhenEd]

Guess it will be easy for me to reach 100 post this way and gain access to the so called fresh malware. Hehe

Or request the testers to test the product.

@cruelsister @Evjl's Rain @MalwareBlockerYT

 

[Emmanuellws]

The payloads were most probably blocked because they were not whitelisted. This is the standard default\deny behavior of a firewall, not an AV.

Firewall?. It's as easy as, deny the unknown, allow the goodware, deny the badware, delete or quarantine the PUP/virus/malware, deny the bad behaviour

 

[Emmanuellws]

Three questions if I use it on my laptop

1) Is Panda AV strong enough as compared to Kaspersky, BD, Avast etc
2) If offline how can it protect my system? If cannot then I'll need another set of of AV?
3) Is this software totally cloud-based?

Thanks

We are using Kaspersky and in the midst of transitioning to PAD360. 6 zero day ransomware case hit our users with Kaspersky fully loaded. We were clueless. We studied the actual problem and the limitations of our current security. 2 cases was by targeted attacks. Our Barracuda firewall didn't detect anything as well. So you justify the reason why we moved to Panda. since endpoint is the target and the entry point for those zero day ransomware, we focusing on changing the endpoints security

 

[XhenEd]

We are using Kaspersky and in the midst of transitioning to PAD360. 6 zero day ransomware case hit our users with Kaspersky fully loaded. We were clueless. We studied the actual problem and the limitations of our current security. 2 cases was by targeted attacks. Our Barracuda firewall didn't detect anything as well. So you justify the reason why we moved to Panda. since endpoint is the target and the entry point for those zero day ransomware, we focusing on changing the endpoints security

What specific Kaspersky product were/are you using?

 

[HarborFront]

We are using Kaspersky and in the midst of transitioning to PAD360. 6 zero day ransomware case hit our users with Kaspersky fully loaded. We were clueless. We studied the actual problem and the limitations of our current security. 2 cases was by targeted attacks. Our Barracuda firewall didn't detect anything as well. So you justify the reason why we moved to Panda. since endpoint is the target and the entry point for those zero day ransomware, we focusing on changing the endpoints security

How about the answers to my questions 2) & 3)?

Thanks again

 

[Emmanuellws]

In

How about the answers to my questions 2) & 3)?

Thanks again

my organization, there are some 50 locations with bad internet connection, and so we installed Panda, get it updated and protected for the very first time, threw all the malware and the most famous pendrive virus.. all SAFE AND SECURE. we also installed to our mobile laptops so as to track their usage, virus activity, threats report... For existing malware, the remediation do not require IT staff to attend to them to do manual scanning amd removal. Everything is done through the cloud by sending a command to the agent. Results of scanning and removal can be seen through the cloud. Can seperate the policy by departments or individuals. It has built in web content filtering and protection. Cloud for management and policy and reports and command. When your are offline and not updated... You are still protected by it's built-in AV and whitelisting mode. So basically, unknown malware or programs or bad behaviour will be denied.

 

[Emmanuellws]

What specific Kaspersky product were/are you using?

Kaspersky Endpoint Security 10

 

[jamescv7]

Remember that the capabilities between endpoint products and home based are different, it's a huge responsibility to gather information as possible which will not rely on signatures but create behavior analysis/lock down mode.

Now in terms of samples, there are so many in the internet; a matter of combination on how you will check for freshness/premature files.

 

[XhenEd]

Kaspersky Endpoint Security 10

I assume that it has default-deny option, which would have prevented the infection. Was it turned on?

 

[Emmanuellws]

Or request the testers to test the product.

@cruelsister @Evjl's Rain @MalwareBlockerYT

Actually I am a tester myself...not driven by any Panda people....I have tested Sophos Intercept X, Voodooshield, SecureAplus....studied how Cylance works.. I was totally driven by the 6 ransomware cases that hit my organization. Really fed up with those malware. I cannot expect our normal non-IT savvy users to think like us...to be clever like us....I must expect them to be stupid...and will always be vulnerable to new zero-day malware...even with blasting email and awareness to remind them not to...they still download and opened those emails....you can't deny how good a "Targetted Attack" is these days. Hope those testers like me, really test it in a real world and not just download and executing malware...they need to test those docs, xls spreadsheet, vulnerable flash website, or even go to a website that force and addon to be installed. How can we suggest other testers to test the product? How about using metasploit and execute malware in the memory? Really need testers to do up to this level.

 

[Emmanuellws]

I think PAD360 is almost perfect....except there is one problem with all App Whitelisting program...the rely on MD5 hash...which was addressed in one of the video in Vimeo. The demo was specifically targeting Panda AD360. But also it will work the against any Application Whitelisting program includng Voodooshield in Lock Mode....the technique is called "MD5 Poisoning". Luckily, that particular loopholes has been identified by Panda after that video was advertised and reported...and they have patched their agent and detection mechanism not to be fooled by MD5 Poisoning. So that's a good thing. I admit the Panda AV is not as good as others in terms of virus update definition...but to combine these two is a very good idea with all the application will and already classified by Panda Labs through machine learning. So Voodooshield and Intercept X users and other similar products, please verify this with your AV vendor on MD5 Poisoning status.

 

[Emmanuellws]

Let me share more features and sample screenshots....
Email Notification Samples

Spoiler: sample1

Spoiler: sample2

Spoiler: sample3

Spoiler: sample4

Spoiler: sample5

Spoiler: sample6

Spoiler: sample6

Spoiler: sample7

Spoiler: sample8

Spoiler: sample9

Spoiler: sample10

Spoiler: sample11

Spoiler: sample12

 

[Emmanuellws]

Sample of its forensic report:

'

Its Scan and Removal Report after send command from Cloud to do scan and removal
I expanded one of the report - after removed Kaspersky and replaced by Panda Adaptive Defense 360...we were bumped and curious how KAV missed all that?

 

[Deleted member 178]

Thanks for clarifying for me about hybrid-analysis.com
However, 900+ machines of Mac and Windows under Active Directory Win Server 2012 with GPO enforced. Protected with Acronis for system rollback. Used to enforced to block all exe and scripts under Users context but that's just overkill. So we used Panda to control device access, programs as well while protecting users from zero-day attacks and malware.

You just need SRPs

I am pretty confident that PAD360 can block all the viruses and malware samples in this website.

maybe yes, maybe not; many of our malwares are FUD; AV are based on signature , so they are always behind release of zero-days; they may fill the weakness by using BB/HIPS or whatever features but those will sooner or later need user interaction, which is not admissible in corporate environment.

Oh and System Rollback wont work for documents and spreadsheets that has been modified before the next backup. That's why we need prevention and not action after infection.

I won't use Acronis, it is too bloated. i talk about light virtualization/rollback application like rollback RX or Deepfreeze/Shadow Defender , they create a virtual snapshot of the system and the clean baseline is reloaded either every boot or when the admin/user want to.

Oh and....if doxware is a future problem....any type of backup won't work....you need total prevention. Ransomware problem plus exposing the data to the public - backup is total useless. Even if you already recovered the data, but the copy of your files and databases is in their server ready to be exposed..you won't be able to do anything unless you can trace their command server and report it to the authority or just simply pay them so they will not expose the data.

It is why major corporation and ex- admin like me are using SRPs , they are designed to block everything not whitelisted by the admin. we don't bother with AV and their obsolete signature model. We don't have time to monitor every popup resulting for from a lack of info from the AV. SRP block everything not already installed. that is it. and ransomware have no chance of even executing.

From what i can read from you, you have a "home user" knowledge and approach to security , you rely on home users products; Acronis, Panda, etc... Corporate don't use them. Don't take it wrong, many admins i knew are same as you , they have good knowledge of networking management but are mostly like home users when it comes to security. Their knowledge are a bit above common users and very influenced by marketing tricks made by AV vendors.

Stick to this forum, learn what you can, don't believe Panda is the ultimate solution,despite you having good results; you will find we talk here about far better solutions and methods than AVs .

And by the way, if we users has less than 100 post in this website, the best and lots of samples so far is only hybrid-analysis.com..right? While waiting to reach for 100 post....so can you suggest a better solution for now while answering to another user's question inquiry on where to download samples?

Nope , rules are rules, you have to satisfy the requirements.

@francis de lorraine
Francis , je suis Francais et moderateur du forum, merci de repondre en Anglais, MT est un forum Anglophone. Merci..[/QUOTE]

 

[Emmanuellws]

But I am sure it can't prevent fileless attack. Do you know what is fileless attack? Here's an info for you. Understanding Fileless Malware Infections – The Full Guide - Heimdal Security Blog

 

[Emmanuellws]

Exactly.

Your reaction to the firewall is nevertheless... priceless

But I am sure it can't prevent fileless attack. Do you know what is fileless attack? Here's an info for you. Understanding Fileless Malware Infections – The Full Guide - Heimdal Security Blog

 

[Deleted member 178]

But I am sure it can't prevent fileless attack. Do you know what is fileless attack? Here's an info for you. Understanding Fileless Malware Infections – The Full Guide - Heimdal Security Blog

You are in a security forum , we all know that since ages, Heimdall's representative is a member of MT and asked us about a security course they were creating
what can't prevent fileless attacks?

btw, can you put your images under spoilers, thx

 

[Emmanuellws]

You are in a security forum , we all know that since ages, Heimdall is member of MT and ask us about a security course they were creating
what can't prevent fileless attacks?

thats what I meant too..do i have to repeat that thing again? If you all know since ages...that if a program just solely doing app whitelisting, it won't be able to protect against filesless attack. thanks for agreeing on me.

sorry about the images though. Still learning how to use the forum's feature
I'll try to find out about the spoiler pictures thingy

 

[Emmanuellws]

how do i do that....on spoiler...sorry...really need to hide the pictures...its getting on my nerve too hehehe

 

[reboot]

@Emmanuellws Do you believe that SRPs would not prevent fileless attacks?