Avast 12.1.2272 Final

Status
Not open for further replies.

Alikhan

Level 2
Oct 14, 2015
66
I wonder what "Unknown" in regards to CyberCapture means?

Unknown - Not in Avast whitelists
or
Unknown - Low Reputation/Suspicious, etc...

It would be both. If a file is unknown, it most likely will have low reputation.

However, if Hardened Mode was enabled as aggressive in Avast Settings, no files would run unless they were in the Avast Whitelist at all.
 

jamescv7

Level 85
Verified
Helper
Mar 15, 2011
13,085
Well if CyberCapture works on low prevalence of files then that ransomware as mentioned should prevent that immediately.

Honestly the cloud of Avast tends to revise little concept like in Norton Download Insight.

I like Avast numerous techniques and features however everything must be build for maturity cause threats are already sophisticated already.
 

DJ Panda

Level 30
Verified
Top poster
Well-known
Aug 30, 2015
1,928
Well if CyberCapture works on low prevalence of files then that ransomware as mentioned should prevent that immediately.

Honestly the cloud of Avast tends to revise little concept like in Norton Download Insight.

I like Avast numerous techniques and features however everything must be build for maturity cause threats are already sophisticated already.

Been using Avast for about 8 years and its never failed me.. Then again I am usually not that judgemental of a person. :p
 

jamescv7

Level 85
Verified
Helper
Mar 15, 2011
13,085
@J Gamez065: Well Avast like others are meant to protect all day long, and the scenario occurred against ransomware is just a reference purpose to see the effectiveness, so your decision comes for you and it is your right to retain since the AV is not meant to test against any threats that surely bypass. :)
 

DJ Panda

Level 30
Verified
Top poster
Well-known
Aug 30, 2015
1,928
@J Gamez065: Well Avast like others are meant to protect all day long, and the scenario occurred against ransomware is just a reference purpose to see the effectiveness, so your decision comes for you and it is your right to retain since the AV is not meant to test against any threats that surely bypass. :)

I wish I were part of MalwareHub testing the tweaked Avast against some ransomeware on a VM would be interesting results.
 

Alikhan

Level 2
Oct 14, 2015
66
Ok, as promised, I have come back with some more information.

CyberCapture only triggers from files downloaded from web and executed and low prevalent. This only applies to HTTP and HTTPs. So if the file was moved to a USB before being triggered, CyberCapture would not be triggered. Running the file from the USB will also not trigger CyberCapture. I have suggested on the forum that this should change and apply to emails, FTP, P2P and USBs.

The whole file is uploaded because it will be run in Avast lab where "internal tools for analysis, NG, our scanner with detections which are not released".

However, if they don't have the file (prevalence = 0) then they upload it to Avast servers. Once the file has been uploaded, a file with the same hash will not be uploaded again by other users i.e other users with same hash don't upload the file.
 

Alikhan

Level 2
Oct 14, 2015
66
The Hub members can only test the products with default settings. That's one of the rules, otherwise it will not be approved.

Some AVs during installation ask to enable/disable PUP detection so if PUP detections were disabled were default, would a user be able to enable them?

With Avast enabled to hardened mode - aggressive, I've never seen a malware get through lol.

@Alikhan
So I already have a fresh ransomware on my desktop (o-day sample)
I installed Avast.. and run the ransomware.
Does CyberCapture stop the sample? with your information the answer is 'no'.
It only protects your PC from online downloaded threats. I can't get it.

You are correct here - this is the way it CURRENTLY is but could be changed. I agree that is should be changed for all unknown files but it's up to Avast to decide. But there are other protection features such as the signatures, HIPS (which is pretty useless atm), cloud, evo-gen and DeepScreen which may able to detect the file. It will take them time to get some of these new features working and then the effectiveness will be known.
 

Alikhan

Level 2
Oct 14, 2015
66
Ok, an update from Avast mod Vlk.

Hi guys,

Glad to see some excitement about CyberCapture here -- it indeed is quite an exciting piece of technology (really taking benefit of a bunch of things that we have been building for years) and we can't wait to see it in action -- that is, can't wait till the Nitro Update really starts rolling out to millions of users and our backend systems start getting some serious load with this. :)

Anyway... I totally hear your concern, and would like to say one thing from the very beginning: there's absolutely no design limitation that would imply that CyberCapture can only work with http/https downloads. And in fact, we totally plan to extend its scope in the upcoming weeks and months. The beautiful thing about it is that the decision process takes place (again) in the cloud, so these things can actually be changed at any time.

The reason why we have limited it to http/https downloads for now is that this is the category of files that carries most infections, and at the same time, contains some additional metadata (e.g. the source URL) that allow us to minimize false positives and generally make faster and more accurate decisions. And it also allows us to slightly lower the number of files coming to the system, which is important to make sure our backend stuff can gradually handle the load (we're quite confident we have built them robustly, but it's always a good practice to roll such things out in stages).

Remember, CyberCapture has been in production for about 1 day now. Here's a proposal. Let's give it a bit of time, and make sure that it handles the http/https vector really well (which would already be quite an accomplishment, given that statistically, 85%+ of all malware comes through that channel). And in parallel, let us work on the other vectors.

Deal?
 

motox781

Level 10
Verified
Well-known
Apr 1, 2015
490
Major сhanges-
your personal files are encrypted
2acd1f2f4132a37198f6ee8f8a0d.gif

CyberCapture - better detection of unknown and unique files via our cloud technology
better,better........:D


CyberCapture is a new system and will take a bit of time to become fully tuned and productive. Because of the nature of its operations, CyberCapture continually gathers intelligence on new viruses. This means it will organically improve as it is used and, therefore, it will continue to iterate increased performance.
 
Status
Not open for further replies.