Parsh

Level 25
Verified
Trusted
Malware Hunter
I too had one hit as captured by Vector protection, on the day of introduction.
I do not have my Laptop with me right now, however as far as I remember, Heimdal Pro showed no details on the blocking.
Again if it blocks some safe traffic in a connection that would break some needed function, the only option will be to temporarily disable that protection. They need us to report any FPs without empowering us with the ability of adding exceptions.
 

Slyguy

Level 43
I too had one hit as captured by Vector protection, on the day of introduction.
I do not have my Laptop with me right now, however as far as I remember, Heimdal Pro showed no details on the blocking.
Again if it blocks some safe traffic in a connection that would break some needed function, the only option will be to temporarily disable that protection. They need us to report any FPs without empowering us with the ability of adding exceptions.
Agreed, we need more information on what is blocked. Did you check the logs in ProgramData folder?

The same machine that had one hit here, had another this evening already. Out of 10 machines, one is getting flagged by Vectorn. But I need more data to make an informed decision on what it could be.
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
Agreed, we need more information on what is blocked. Did you check the logs in ProgramData folder?
The log file in ProgramData folder shows the blocked IP addresses till date, mostly the WPS office connections.
However, the "Malware Engine" and "Malware Pattern Infections" show null. That Vectorn detection details isn't show here.

EDIT: Even the GUI now shows 0 entries in the "Vectorn Detections" tab. Did Heimdal just realize that he had been a bad boy by previously blocking some safe stuff?! :rolleyes:
 

Slyguy

Level 43
The log file in ProgramData folder shows the blocked IP addresses till date, mostly the WPS office connections.
However, the "Malware Engine" and "Malware Pattern Infections" show null. That Vectorn detection details isn't show here.

EDIT: Even the GUI now shows 0 entries in the "Vectorn Detections" tab. Did Heimdal just realize that he had been a bad boy by previously blocking some safe stuff?! :rolleyes:
Be careful with WPS office. I bought a lifetime license but had to abandon it. Fortinet caught malware being served via it's updater and it wasn't an FP.

I will be curious to see how Vectorn develops.
 

Parsh

Level 25
Verified
Trusted
Malware Hunter
Be careful with WPS office. I bought a lifetime license but had to abandon it. Fortinet caught malware being served via it's updater and it wasn't an FP.

I will be curious to see how Vectorn develops.
How can you be so sure about the malicious nature? It could be something like a tracking server... Was the IP blocked or the files served via the update were detected as malicious?
The exact link blocked recurrently is "kdl1.cache.wps. com" in my case.
 

Slyguy

Level 43
How can you be so sure about the malicious nature? It could be something like a tracking server... Was the IP blocked or the files served via the update were detected as malicious?
The exact link blocked recurrently is "kdl1.cache.wps. com" in my case.
This was last year, I dropped WPS back then. I wasn't too concerned with the blocked URL. What became worrisome to me was when Fortinet detected an inbound update as a malicious trojan dropper. I'm not talking Forticlient, I'm talking specifically a Fortigate 200B security appliance which isn't known to trigger false positives. I'm not implicating WPS in anything, it was a great product when I used it. But the fact it's Chinese added to the detection concern because we all know how things from China can (and often) compromise you.
 
Top