Just Messin Around: PandaAV Pro, Katana, Immunet (No Clam)

[VeeekTor]

So Katana, and Immunet are suppose to run along side any security software, so I chose to run them with Panda AV Pro.

The only other thing I run is Zemana Antilogger.

Backup with Acronis TrueImage 2018

*Seems to be running fine, set exclusions in each.

 

[RoboMan]

 

[VeeekTor]

LOL What's that mean.

 

[bribon77]

I do not understand .... but I like it.

 

[HarborFront]

So Katana, and Immunet are suppose to run along side any security software, so I chose to run them with Panda AV Pro.

The only other thing I run is Zemana Antilogger.

Backup with Acronis TrueImage 2018

*Seems to be running fine, set exclusions in each.

Hi

Just to check something on Panda AV Pro since you are using it. When you carry out a complete system scan did you notice it says your drive(s) is vaccinated? When I tested with the Panda Free AV it states so.

If yes, what do you mean by that? If you remove Panda AV from your system does the drive(s) remain vaccinated or you need to 'unvaccinate' before removing the Panda software? Is there such an 'unvaccinate' feature in Panda AV Pro? There's none in the free version.

Thanks

 

[Sunshine-boy]

Goods config.
You can also tweak those settings in Preventive protection level(Integrity of running, Integrity of user files hosts file Low-level disk access drivers and Critical Windows objects )for better security.
I like Dr.web and especially this spider agent(katana)
Dr.web behavior blocker is user dependent and it's not like other beahviror blockers you have to config it and then decides for allow or block a file like an HIPS.

 

[HarborFront]

Goods config.
You can also tweak those settings in Preventive protection level(Integrity of running, Integrity of user files hosts file Low-level disk access drivers and Critical Windows objects )for better security.
I like Dr.web and especially this spider agent(katana)
Dr.web behavior blocker is user dependent and it's not like other beahviror blockers you have to config it and then decides for allow or block a file like an HIPS.

But Dr Web Katana was tested against malware and it didn't perform well. You can check out some youtube videos to see its performance

 

[Sunshine-boy]

Because they didn't tweak it and they tested it in default settings.
You have to run it in the safest LVL and it will ask you about everything(not everything, only those parameters I mentioned).

 

[HarborFront]

Because they didn't tweak it and they tested it in default settings.
You have to run it in the safest LVL and it will lask you about everything.

You mean in Paranoid mode? Even then it didn't perform well....if I'm not wrong as shown in one of the videos. It has a BB but not as great as that one by Emsisoft if you ask me

 

[Sunshine-boy]

Yes, paranoid mode and Dr.web provide you with interactive control over loading of drivers and automatic running of programs.
I guess it can beat most of those NSA malware that needs to run a Driver IMAO

 

[Sunshine-boy]

Emsi behavior blocker is better but dr.web works in a different way, its like hips.

 

[Parsh]

Just to check something on Panda AV Pro since you are using it. When you carry out a complete system scan did you notice it says your drive(s) is vaccinated? When I tested with the Panda Free AV it states so.
If yes, what do you mean by that? If you remove Panda AV from your system does the drive(s) remain vaccinated or you need to 'unvaccinate' before removing the Panda software? Is there such an 'unvaccinate' feature in Panda AV Pro? There's none in the free version.
Thanks

AFAIK the drive vaccination (NTFS support included) done by Panda AV is mere blocking of autoruns from those drives when mounted. When you uninstall the product, the drives should be un-vaccinated automatically.
Since it uses this simple method, the vaccination itself does not provide protection from lnk exploits , conficker method etc. and most of these should be covered by other AV modules.

 

[HarborFront]

AFAIK the drive vaccination (NTFS and other common formats) done by Panda AV is mere blocking of autoruns (autorun.inf) from those drives when mounted. When you uninstall the product, the drives should be un-vaccinated automatically.
Since it uses this simple method, the vaccination itself does not provide protection from lnk exploits , conficker method etc. and most of these should be covered by other AV modules.

So it's different from the Panda USB Vaccine whereby if you need to unvaccinate the USB device you either have to reformat it or go through a tedious procedure of removing the vaccination?

Thanks

 

[Parsh]

So it's different from the Panda USB Vaccine whereby if you need to unvaccinate the USB device you either have to reformat it or go through a tedious procedure of removing the vaccination?

Thanks

I have not tried that procedure with Panda AV, so I cannot comment on that. I have it in my VM though, will check it today.
However there's a workaround you can find for un-vaccination without formatting, easy for USBs.

 

[HarborFront]

I have not tried that procedure with Panda AV, so I cannot comment on that. I have it in my VM though, will check it today.
However, there's a workaround you can find for un-vaccination without formatting, easy for USBs.

Yup. That's the tedious procedure I referred to

 

[HarborFront]

AFAIK the drive vaccination (NTFS support included) done by Panda AV is mere blocking of autoruns from those drives when mounted. When you uninstall the product, the drives should be un-vaccinated automatically.
Since it uses this simple method, the vaccination itself does not provide protection from lnk exploits , conficker method etc. and most of these should be covered by other AV modules.

Can you confirm this piece of info say from Panda's website? Thanks

 

[Parsh]

Can you confirm this piece of info say from Panda's website? Thanks

I don't have my machine to check the exact options Panda AV provides, but here are some official details on Panda's Computer & USB vaccination and this should redress my assumption from above:

Computer vaccination
By vaccinating the computer you completely disable the AutoPlay feature, so that no program on any USB/CD/DVD drive will be automatically run, regardless of whether those drives or devices have been previously vaccinated.

USB drive vaccination
By vaccinating a USB device, the vaccine blocks file Autorun.inf permanently to stop malware from spreading automatically. When a vaccine is applied to a USB drive, the file Autorun.inf is permanently blocked, preventing it from being read, deleted or modified. Once the vaccine has been satisfactorily applied, it will prevent Windows from automatically running any malware found on a USB drive. After vaccination, the USB drive will continue to work properly, but no multimedia files it might contain will run automatically.
It is important to bear in mind that USB drive vaccination is an irreversible process. Under extremely unlikely conditions, certain applications might stop working correctly. In any event, if your USB device doesn't contain the file Autorun.inf , it is completely safe to vaccinate it.

USB drive vaccination option blocks the Autorun.inf file. Reading/writing this file is blocked and it shouldn't autorun (& infect) when you open your drive for accessing the files therein.
In short, computer vaccination can be undone but individual USB vaccination cannot be, except with the 2 methods we know (from above posts).