Q&A Adaptive Defence 360

Discussion in 'Panda' started by owk688, Mar 2, 2017.

  1. francis de lorraine

    Mar 19, 2017
    36
    81
    ecrouves (54) france
    Windows 10
    ESET
    this antivirus is much improved and today it remains a barrier difficult to cross and test confirms it but again the 100% does not exist is obvious
     
  2. Amelith Nargothrond

    Mar 22, 2017
    586
    2,119
    Romania
    Windows 10
    Avira
    Application firewall - Wikipedia
     
  3. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    263
    Malaysia
    Windows 7
    Panda
    #123 Emmanuellws, Mar 28, 2017
    Last edited: Mar 28, 2017
    Sorry, that's firewall in the application layer.. You need to read carefully. So you're still wrong. Firewalls can operate in different layers.. Read about the network layers. For computers, exexuteable they don't call it firewall.. They call it application whitelisting
     
    Sunshine-boy likes this.
  4. Rodney74

    Rodney74 Guest

    Well today I thought I'd try something with a white list / cloud, something with signatures, and 2 way firewall, and Zemana to cover the rear...

    So I installed Gdata Total Security, it has -2 way firewall, Immunet has cloud/whitelist, and Zemana Anti Malware.

    Runs very fast on my i7-4820k with 32g Ram, and SSD


    I don't have access to malicious files like you do, test it, all three programs listed have trial version.

    Maybe make very short video and post your findings???
     
  5. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    263
    Malaysia
    Windows 7
    Panda
    Here I do not have access yet to the malware files... Need to post more to access. However, i got another 2 websites has lots of samples and updated every minute or even seconds. Hybrid-analysis.com and malwr.com. I always bumped to malware in malwr.com that no AV has signature yet in virus total with message file not found, so you have to manually download and upload to virustotal to analyze
     
    Sunshine-boy and TerrakionSmash like this.
  6. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,611
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    Of course malwr.com is one of the best malware place, don't upload them to VT , then the file will be detected by others AV, and people can't test them anymore...
     
  7. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    263
    Malaysia
    Windows 7
    Panda
    I found out that with Panda Adaptive Defense, I am unable to install keyloggers into my own machine without allowing it in from the cloud. If the keyloggers is flagged as malware by Panda, then there would be no way for me to allow the keylogger to be installed at the first place even if I am the administrator of the computer. Even if I manage to allow, Panda will eventually flag that keylogger as malware. So, now, direct hacking and spying attack won't work thanks to the app whitelisting feature plus AV and EDR capability.
     
    Sunshine-boy, XhenEd and _CyberGhosT_ like this.
  8. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    263
    Malaysia
    Windows 7
    Panda
    #128 Emmanuellws, Apr 6, 2017
    Last edited: Apr 6, 2017
    Hi there ya'll. Check this out...this can also affect all whitelisting based security product...Inclusive AppGuard, Windows SRPs, Intercept X, Kaspersky TAM, VoodooShield or whatever you call it...as long it is based on MD5 hash....it is vulnerable. This blog however, target specifically Panda Adaptive Defense 360. I am sure by now..there is a Public Release of the patch already for PAD360. Please notify and check with your respective product vendor whether this is already patched or not. The only method a malware can use that can actually bypass MD5 based whitelisting technology security product.

    Check out the timeline of the blogger at the end of this article.

    Taken from SilentSignal's -> Blog.

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    An update on MD5 poisoning
    November 28, 2016Uncategorizedantivirus, bypass, evasion, md5, panda,whitelistingb


    Last year we published a proof-of-concept tool to demonstrate bypasses against security products that still rely on the obsolete MD5 cryptographic hash function.

    Summary: The method allows bypassing malicious executable detection and whitelists by creating two executables with colliding MD5 hashes. One of the executables (“sheep”) is harmless and can even perform some useful task and is expected to be categorized as goodware by the victim. After the sheep is accepted by the victim, the colliding malicious version (“wolf”) is sent. Because affected products rely solely on the MD5 fingerprints to identify known good executables, wolf is already whitelisted and can run.

    Although the reception of the research was generally positive, some were skeptical about the extent and even the validity of the issue. Although in the meantime we received information about more affected products, NDA’s prevented us from further demonstrating that the problem indeed exists and affects multiple vendors.

    Today we are able to share a demonstration of the problem affecting Panda Adaptive Defense 360. The issue is demonstrated against the stricter “Lock mode” of the product meaning that the Panda agent only allows known good executables to run (application whitelisting). For the sake of this video we manually unblock the harmless executable version (sheep4.exe) to speed up the process, as otherwise the analysis could take several hours to complete (it was confirmed that the “sheep” executables aren’t detected as malicious by the cloud scanner in case they are not manually unblocked):



    (You can skip 01:00-01:55 if you are not interested in the policy update)

    We notified Panda Security about this issue through their Hungarian partner (see the timeline at the end of this post). Panda responded that this is a known issue that is expected to be fixed in the next major version, but no ETA was provided. Panda stated that MD5 was used because of performance reasons. We informed Panda that the BLAKE2 hash function can provide higher level of security at better performance than MD5 (thanks to Tony Arcieri for this update!).

    We’d like to stress that this research is not about individual vendors but about bad practices prevalent in the security industry. We now know of at least four vendors affected by the above problem and several others still provide MD5 fingerprints only in their tools and public reports. It is shameful that while hard work is put into phasing out SHA-1, in the security industry it is still generally accepted to use MD5, even after it was exploited in a real-world incident. We understand that there are more straightforward ways for evasion, but think that this issue is a good indicator of how security product development is often approached.

    We should do better than this!

    Timeline
    2016.08.30: Sending technical information to vendor.
    2016.09.05: Vendor requests more information, including PCOPInfo logs collected during retest.
    2016.09.06: Sending demo video and identification information about product instance. Requesting more information about PCOPInfo usage.
    2016.09.06: Vendor responds with instructions about PCOPInfo.
    2016.09.08: Sending PCOPInfo logs to vendor.
    2016.09.19: Vendor responds that this is a known issue, replacement algorithm is expected to be implemented in the next version.
    2016.09.27: Requesting negotiation about issue publication date.
    2016.10.12: Requesting negotiation about issue publication date. Including notification about 90-day disclosure deadline in case no agreement would be achieved.
    2016.10.19: Vendor responds, internal discussion is still in progress.
    2016.11.16: Requesting information about acceptance of publication date.
    2016.11.28: Public release.
     
    Sunshine-boy and XhenEd like this.
  9. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,699
    11,803
    AppGuard LLC Virginia, U.S.
    #129 Lockdown, Apr 7, 2017
    Last edited: Apr 7, 2017
    AppGuard is not susceptible to this type of bypass. The user would have to disable AppGuard protections, "accept the 'sheep' [file]," and execute it. That is not a bypass. It is a user error.

    Also, the concept does not apply due to other factors.
     
    XhenEd and TerrakionSmash like this.
  10. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    263
    Malaysia
    Windows 7
    Panda
    #130 Emmanuellws, Apr 7, 2017
    Last edited: Apr 7, 2017
    oic...so Appguard can allow user to make some errors? or it can be controlled and policy enforced from a command center? Blocking and unblocking for Panda cannot be done by normal user because they are the weakest link in a security endpoints. Whatever is blocked, needs to be analyzed using their AI machine learning or Big Data,then will be classified classified as goodware, malware or PUP...then update the command center database to either block or allow the execution and update all end point database...PAD360 end points from other parts of the world do not need worry about it already. I think it is dangerous to allow end users to decide to have that room for errors to disable protections because not all end users are tech security savvy. Not to forget, of all this Advanced Protection....it is still running with its Panda Antivirus....so there's double protection for you. So Appguard has its own antivirus or no and can run with any Antivirus? Like Voodooshield....I like Voodooshield...so powerfull...but it can be more powerfull when installed along with a light Antivirus.
     
    Sunshine-boy likes this.
  11. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,699
    11,803
    AppGuard LLC Virginia, U.S.
    AppGuard utilizes "strict blocking." The user can set it to high security or system lock down as they see fit. Some flexibility in the product is provided such that a user can adjust the product and make it work as they wish for them personally on their specific system. We are not going to force system lock down on consumers by default. Different levels of system lock down are provided in the product and it is up to the end user to decide for themselves which level they wish to enforce.

    What happens on the system always remains the user's responsibility no matter what security software is utilized. It's in every EULA - including Panda Adaptive Defense 360.
     
    XhenEd likes this.
  12. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    263
    Malaysia
    Windows 7
    Panda
    Yes I agree. Panda has Audit, Hardening and Lock Mode too...but all the modes ...the UI for end users they will have NO OPTION to reduce or to increase....its controlled by IT Admin from the cloud console through policy. It can deploy device security as well, exchange server protection as well, web security including web filtering which can deny or allow users to access certain websites anytime or by schedule. The UI at end points are so simple...not much buttons except seeing what is blocked, quarantined, deleted...network intrusion detection report if Panda firewall is enabled. Thats all. Because I believe, end users are the weakest link in the last line of defense. So Panda let Admin has full control and not the user. Well I respect Appguards decision to allow users to set whatever settings they want...I still have some Kaspersky users...and they have full control of it...again...they reduce the security so they can run conventional software...and again, 6 of them got infected with ransomware. Oh my, I don't believe in letting users deciding the level of protection by themselves from that point. Oh and panda can also prevent sabotage of computer system or data from happening...even if my users has full Administrator access in that machine...they wont be able to uninstall Panda, delete Panda related folders...they won't be able to install any trojans, or deliberately execute ransomware, or install keyloggers...they wont be able to do anything without us noticing the illegal stuff that they are trying to do. If I allow my users to be able to reduce the protection of a computer, its also a chance for users to sabotage or do data extortions. And that what makes Panda is at an advantage for its customer in-line with Europe's GDPR law which will be enforced next year.
     
    Sunshine-boy and XhenEd like this.
  13. Lockdown

    Lockdown From AppGuard
    Developer

    Oct 24, 2016
    2,699
    11,803
    AppGuard LLC Virginia, U.S.
    It's unfortunate, but people shoot themselves in the foot everyday - even Admins with many years of experience, a strong working knowledge of security, a generous IT budget with competent staff, high attention to detail and hard-core, military-grade discipline. All it takes is one innocent moment of inattention. And I speak knowledgeably based wholly upon my own mistakes.

    The wider security soft industry can "foolproof" security software only to a certain point. After that the responsibility is on the end user to combine products with knowledge, experience and enforce best practices - which you and I both know is the fundamental problem.

    That's why it makes sense to not rely completely upon a single product, but instead to make combinations that add a degree of "user anti-screw-up."
     
  14. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,611
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    This is the Appguard Consumer (aka Home User version)... Dont mix discussion about corporate products and Home user ones...
    The Enterprise version is managed only by the Admin (alone or in collaboration with BRN team because for BRN even Admins can't be trusted either).
     
    Sunshine-boy, Emmanuellws and XhenEd like this.
  15. XhenEd

    XhenEd Level 27
    Content Creator Trusted

    Mar 1, 2014
    1,606
    8,417
    Philippines
    Windows 10
    Default-Deny
    This. :D

    AppGuard Enterprise obviously is tailored to enterprise environment, and therefore has management console just like with Panda's Adaptive Defense. :) AppGuard Personal/Professional doesn't have this because it's for home users. :)
     
    Emmanuellws and Umbra like this.
  16. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    263
    Malaysia
    Windows 7
    Panda
    Thanks for pointing this out because I also have a mixed feeling that are we talking about the same grade of product - home consumer? Corporate? Thanks Umbra. I am sure Appguard has all the features like what Panda Adaptive Defense 360 too.
     
    Sunshine-boy and XhenEd like this.
  17. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    263
    Malaysia
    Windows 7
    Panda
    #137 Emmanuellws, Apr 7, 2017
    Last edited: Apr 7, 2017
    Exactly I was thinking just now why wouldn't AppGuard has some controls from a management console from my understanding based on the posts? I was expecting answers related to Enterprise Grade...but got responses related to home consumer...so I got it all wrong. Anyway, Panda Adaptive Defense 360 is for Enterprise or Corporate...I wouldn't be here if I were using Panda Antivirus or their Internet Protection only. Don't get me wrong, all my post are related to PAD360 in my company's servers, desktops and laptops...and not in my computer at home or my personal laptop. (I use voodooshield and AVG at home...hehehe)
     
  18. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    263
    Malaysia
    Windows 7
    Panda
    This one i really agree. I am with you on this :)
     
    Sunshine-boy and XhenEd like this.
  19. Umbra

    Umbra From Emsisoft
    Developer

    May 16, 2011
    17,161
    29,611
    Community manager
    Vietnam & France
    Windows 10
    Emsisoft
    #139 Umbra, Apr 7, 2017
    Last edited: Apr 7, 2017
    But we are in a home user forum, not a corporate one, so PAD360 will not be interesting to anyone here (hence very few cared as you can see), the home user version isn't worth mentioning; better solutions are available for home users.
     
  20. Emmanuellws

    Emmanuellws Level 3

    Mar 11, 2017
    115
    263
    Malaysia
    Windows 7
    Panda
    #140 Emmanuellws, Apr 7, 2017
    Last edited: Apr 7, 2017
    Home User Forum? Show me pleaseeeeee...Perhaps I came to the place full of home products....geeee....but we are in the Thread Subject "Adaptive Defence 360" - enterprise and corporate level? Yes, no one is interested, but to get 2k views for such a small Panda.....is a thing hehehehe
     
Loading...
Similar Threads Forum Date
Android Oreo Adaptive Icons Bug Sends Thousands of Phones Into Infinite Boot Loops Security News Nov 1, 2017
Action Launcher/Adaptive Pack Icon app for iOS? Android, iOS and Windows 10 Mobile Sep 13, 2017
Adaptive Authentication on the Rise as 2FA Fervor Wanes News Archive Jan 14, 2017