Deepviz Endpoint Client Beta release

[DardiM]

Added : "Note: this is our first public beta of the client, which means we’re aware of several issues we need to address yet. Do not install it on a production environment unless you know what you are doing".

I wonder what people think about Deepviz :

I don't remember to have used their online tool

But I have just received this mail :

"Dear user,

We are excited to share with you our new Deepviz BETA release:

Deepviz Endpoint Client

With our Deepviz platform we already provide you with a flexible and powerful threat intelligence and malware analysis engine, an extensive set of REST APIs along with plug and play libraries to integrate our services into your existing platforms.

Among the use cases where Deepviz has been used, some companies implemented Deepviz alongside their network perimeter defense appliance, to automatically capture and scan reached domains, IPs and incoming executable files looking for malicious activities.

While this is one of the best scenario where Deepviz can fit into, the company would anyway loose the monitoring of their laptop when they are outside the enterprise network - and this can easily become a nightmare, as it often is a very common infection vector.

This is the reason why we wanted to extend Deepviz to land on your endpoint, to track down targeted attacks and defend your endpoint wherever it is.

​

Endpoint Client: Our client is designed to be installed on Windows 7, 8, 8.1 both x86/x64 – Windows 10 x86 /x64 will be added very soon. It is extremely light, less than 10MB. It will do an initial inventory scan. Once the initial scan is complete, it will monitor the filesystem for new files written to disk. If found, they will be verified against our cloud threat intelligence database for malicious detection. If no detection is found, the sample is automatically uploaded and scanned with our cloud based malware analysis engine. The result will be logged in the console and the file will be determined as clean or malicious.

​

Centralized console: All active endpoints will be logged and visible on our cloud-based centralized console at endpoint.deepviz.com. From there you will be able to monitor their system status, eventual malware found, if the endpoint is active, force automatic update if the endpoint client is running an out-of-date build - you will have an in depth overview of your company endpoints.

Learn more

Register your account for free at Deepviz and use your API key to try out our Deepviz Endpoint Client - your API key will allow you to install Deepviz Endpoint Client on 3 endpoints for free.

Join now our BETA program and help us improving our client - every feedback will be greatly appreciated!"

 

[Ink]

@DardiM Mod Edit Notes: Added Homepage and Beta release into title.

You can check if you have an account by following: Deepviz - Account and entering your email. If you do have a registered account, you'll get a password reset instructions otherwise an error. For example: [Error - We had a problem - [ERR0010E2] Invalid e-mail address.]
If you turns out you have an account, or someone registered without you knowing. Visit their Contact Form: Deepviz - Malware analysis, simplified. and request your account to removed.

As for DeepViz itself, it's the first I have heard of them. They also have an online tool, Deepviz - Analyze

 

[DardiM]

@DardiM Mod Edit Notes: Added Homepage and Beta release into title.

You can check if you have an account by following: Deepviz - Account and entering your email. If you do have a registered account, you'll get a password reset instructions otherwise an error. For example: [Error - We had a problem - [ERR0010E2] Invalid e-mail address.]
If you turns out you have an account, or someone registered without you knowing. Visit their Contact Form: Deepviz - Malware analysis, simplified. and request your account to removed.

As for DeepViz itself, it's the first I have heard of them. They also have an online tool, Deepviz - Analyze

Thanks

I have followed your advice :

=> Apparently I have got a registered Deepviz account, with only e-mail on the profile no more personal information, and no activities (no files uploaded). It's an e-mail that I use for testing purpose (for example, to be targeted by ransomware new waves).

=> Certainly one day I have registered to test their online tool, but I really do not remember that ...

(I am getting old, and my memory too ...)

I will take advantage of this "lost of memory" to test their beta tool .
I will post about it on this thread.

 

[Deepviz]

Hello,

Deepviz online here We wrote about our malware analysis engine in the past: https://malwaretips.com/threads/deepviz-online-malware-analyzer.50295/

Since then many things changed, and our infrastructure dramatically improved and changed!

Please if you have any question, hint, feedback, don't hesitate and let us know - we'll try to do our best to support each one of you guys

Thanks!

 

[DardiM]

Hello,

Deepviz online here We wrote about our malware analysis engine in the past: https://malwaretips.com/threads/deepviz-online-malware-analyzer.50295/

Since then many things changed, and our infrastructure dramatically improved and changed!

Please if you have any question, hint, feedback, don't hesitate and let us know - we'll try to do our best to support each one of you guys

Thanks!

Thank you

 

[Deepviz]

Thank you

You are welcome!

 

[DardiM]

@Deepviz
My First question before eventually installing the beta version and testing it :
Will This Product be only for Enterprises, or for individual users too (who can't spent as money as Enterprise) ? I mean like others existing tools.
Because from what I read on you website about your current basic subscription plan for existing service ("35$/29€, giving you every month 50 samples downloads, access to our APIs and 50 threat intelligence searches"), not a lot of individual users can/would pay this amount of money, even with a VGECT (Very Good Endpoint Client Tool) - Enterprise can afford it.

Regards,
@DardiM

 

[Deepviz]

@Deepviz
My First question before eventually installing the beta version and testing it :
Will This Product be only for Enterprises, or for individual users too (who can't spent as money as Enterprise) ? I mean like others existing tools.
Because from what I read on you website about your current basic subscription plan for existing service ("35$/29€, giving you every month 50 samples downloads, access to our APIs and 50 threat intelligence searches"), not a lot of individual users can/would pay this amount of money, even with a VGECT (Very Good Endpoint Client Tool) - Enterprise can afford it.

Regards,
@DardiM

Thanks for the question, which allows me to clarify this point!

Right now the plans you see online are more focused to SMB and enterprise customers as well as single researchers (note: the plan you highlighted is not a monthly recurring payment, it's a pay-as-you-go plan where you buy some credits and you can use them, then refill when finished) however the Endpoint Client is not intended for enteprise only, we are working on pricing plans for consumers as well

I can't say more at this time as it's a bit too early to discuss about pricing for the endpoint client, we just started our public beta and there are quite few things to be shaped and more features to be added yet

Hope this answers your question!

 

[DardiM]

Thanks for the question, which allows me to clarify this point!

Right now the plans you see online are more focused to SMB and enterprise customers as well as single researchers (note: the plan you highlighted is not a monthly recurring payment, it's a pay-as-you-go plan where you buy some credits and you can use them, then refill when finished) however the Endpoint Client is not intended for enteprise only, we are working on pricing plans for consumers as well

I can't say more at this time as it's a bit too early to discuss about pricing for the endpoint client, we just started our public beta and there are quite few things to be shaped and more features to be added yet

Hope this answers your question!

Yes, Thanks

01:42 am (France Time) => I go to sleep
Will test tomorrow.

Good "night"

 

[Deepviz]

I'm from Italy, so yes...I definitely agree with you

 

[jamescv7]

This alternative security program should be well deserve use by each enterprise, people should steer away on those common products that it's effectiveness are still the same without continuous improvements.

 

[DardiM]

Some tests :
- It would be nice after installation to have a shortcut created.
- Seems to only scan system files => No specific files scans ? (choose folder, choose list of files, etc...)
- Bugs in the Setting part. If playing with the buttons to switch on/off /on/ off, it make the program crashes.
- When, files are detected as malware, that are files from my security program (ZAM.exe, and Roboform.dll),
I don't see options to white-list them.

Regards;
@DardiM

 

[Deleted member 178]

Few questions here:

1- does Deepviz has a proprietary engine or a "rented/borrowed" one?
2- Deepviz seems to be just a scanner, does it have some prevention features?
3- Does Deepviz has offline protection?

 

[Deepviz]

Some tests :
- It would be nice after installation to have a shortcut created.
- Seems to only scan system files => No specific files scans ? (choose folder, choose list of files, etc...)
- Bugs in the Setting part. If playing with the buttons to switch on/off /on/ off, it make the program crashes.
- When, files are detected as malware, that are files from my security program (ZAM.exe, and Roboform.dll),
I don't see options to white-list them.

Regards;
@DardiM

Thanks for your feedback!

- Forsure! We'll add this in the next release
- Right now it's scanning only specific critical area on the system as well as realtime monitoring for every new PE file landing on your endpoint. A custom manual scan will be added very soon, it's on our roadmap
- One specific setting or clicking casually everywhere? Could you see whether it's something you can replicate?
- File/Folder exclusion will be added soon as well - right now it's only "monitoring" and not blocking/removing anything. However they are clearly FPs, we'll get them addressed as soon as possible

Again, thanks very much for your support and help!

 

[Deepviz]

Few questions here:

1- does Deepviz has a proprietary engine or a "rented/borrowed" one?
2- Deepviz seems to be just a scanner, does it have some prevention features?
3- Does Deepviz has offline protection?

Hello Umbra,

thanks for your questions!

1. Fully proprietary engine, we wrote our cloud-based malware analysis engine fully from scratch. Deepviz Endpoint Client could be seen as a light frontend for our cloud malware analysis engine (Deepviz - Analyze) which can analyze PE files and correlate extracted behaviors and static details against our threat intelligence database to isolate new malware

2. It's our first public beta, so it's just a monitoring tool - however our future releases will include prevention features as well, it's definitely where we're heading to

3. Right now no, our threat intelligence database is fully cloud-based, as that's where we can quickly correlate intelligence data and analyze malware in a more powerful and thorough way without being too heavy on the endpoint's system resources

Hope these answer your questions! If not, please do not hesitate and get back in touch and I'll try to do my best to answer!

 

[Deepviz]

Just as a side note: if you are interested in getting access to our threat intelligence/search engine/API scripting functionalities and you're beta testing our Endpoint Client here, providing feedback, suggestions, ideas, please PM me as we have a free coupon for you

Thanks!

 

[Deleted member 178]

Just as a side note: if you are interested in getting access to our threat intelligence/search engine/API scripting functionalities and you're beta testing our Endpoint Client here, providing feedback, suggestions, ideas, please PM me as we have a free coupon for you

Thanks!

thank you for your swift reply and for your offer, i will contact you.

i am a Real-Time signature-based skeptic by nature, however some things would let me install a signature AV again:

1- light on resources
2- very very few Fps
6- total control of the applications and settings.

Can you give us some infos about those 3 points and your product?

 

[DardiM]

- don't see anywhere an "exit" possibility.

Thanks for your feedback!
- Forsure! We'll add this in the next release
- Right now it's scanning only specific critical area on the system as well as realtime monitoring for every new PE file landing on your endpoint. A custom manual scan will be added very soon, it's on our roadmap

- One specific setting or clicking casually everywhere? Could you see whether it's something you can replicate?
- File/Folder exclusion will be added soon as well - right now it's only "monitoring" and not blocking/removing anything. However they are clearly FPs, we'll get them addressed as soon as possible

Again, thanks very much for your support and help!

"- One specific setting or clicking casually everywhere? Could you see whether it's something you can replicate?"

When I 'play' with these options (ON/OFF) on the right side.
I say 'play' because I put them ON / OFF in a way to test : with several combination and "speed" (Like certain users do ).

I tested this to see, from the programmer point of view, how a user can "disturb" this program (And then how to protect the program from this behavior). Here, for example, a new click on same button should be "disable" until the operation/function that are made/running by the first click are ended. To avoid conflicts. Same things between the two option possible conflicts with some combination.

 

[Deepviz]

- don't see anywhere an "exit" possibility.


"- One specific setting or clicking casually everywhere? Could you see whether it's something you can replicate?"

When I 'play' with these options (ON/OFF) on the right side.
I say 'play' because I put them ON / OFF in a way to test : with several combination and "speed" (Like certain users do ).

I tested this to see, from the programmer point of view, how a user can "disturb" this program (And then how to protect the program from this behavior). Here, for example, a new click on same button should be "disable" until the operation/function that are made/running by the first click are ended. To avoid conflicts. Same things between the two option possible conflicts with some combination.
View attachment 106925

Thanks for the feedback! We will look into it and we'll get this fixed as soon as possible! Thanks!

 

[Mops21]

Hi @Deepviz

I have some Questions about your program

1. Will it be free or paid after the Beta/RC testing
2. Any infos for the multilanguage Version of it
3. Wich Engines did you use. Can you add the Engines to virustotal, virscan.org, herdprotect, metascan and to virusimmune and to opswat please

With best Regards
Mops21