Currently I am testing Avast Free latest very often. And I test on real system i.e no VM, XP SP3 32 Eng.
Can anyone explain what these detections are or how these scans work?
Today I tested Avast 2 times.
Both the times, after rightclick scan (PUP enabled) & execution of the malware (PUP enabled), some malware were not detected. After 5 mins I executed the malware that were not detected & now few were detected as FileMetaGen. After 5 mins again I executed the remaining few malware & all were detected as FileString, only one was not detected.
Now I dont know if these detections were due to streaming updates
OR
Evo-Gen, FileMetaGen, FileRep, FileString detections are like live scans i.e suspicious/unknown samples are uploaded & scanned by autoscan/autoanalyzers & found malicious detections are sent to the users so these detections were there.
It’s dangerous to do testing on your productive system… what would you do it it got infected with a sample a cryptolocker and it wasn’t detected by the anti-virus?
Sorry dont have the samples now as after test I reverted to clean state of the system with Comodo Time Machine & deleted the snapshot of the test.
But I will do a test soon & if the same scenario happens, will post the VT links here.
By the way, dont know how the samples were detected after 5 mins as asked in my first post, but one thing I forgot to mention that when I first ran the samples those undetected were running in the memory. After 5 mins when I ran the undetected samples again as I have mentioned in my first post few were detected, & those few detected the second time 2 were already running in the memory from the first run but they were not detected & they should be detected, right?
Dont know if you will understand what I mean so let me explain with example.
First run - Undetected samples - A & B active in the memory.
Second run - After 5 mins I ran A & B from the folder again & they were detected. But A & B already active in the memory from the first run were not detected/terminated/quarantined, etc… Whereas they should also be quarantined/blocked, etc… by Avast, right?
Could test avast again and keep me posted with the results on deepscreen and others here.Really interested on how it does.This time before you go out executing the files wait for a while to see if the connection goes off in between.
I know what you mean.These backend detectors are getting tough to understand now. :o
Tested 120 latest malware pack on malwaretips.
Avast latest, PUP enabled
XP SP3 32 Real System i.e no VM
Todays test was shocking. I dont if Avast new technology is stable?
Scan detected 96/120
24 executed, few detected, couple didn’t run, few missed. I didn’t got a single Deepscreen scan popup, strange? Finally a ransomware 21.exe infected & restarted the system & blocked system boot.
I tested 21.exe with both Hardened mode, Moderate & Aggressive & no alert, strange? & same as above, ransomware infected the system.
For all test I had kept update GUI interface opened & connection was established.
For every test I reverted the system to clean state & did the test.
I dont understand, why no Deepscreen & Hardened alert was there?
Hello,
some of detections are alerted only on execute: Evo-gen, and cloud detections (with “FileRep” in name). Updates of Evo-gen detection are delivered in stream updates.
Malware - 2014-03-02 PZ pack from malwaretips.
After scan 19 remaining.
Executed 19 - Same results as previous test i.e few evo-gen detection, no Deepscreen scan, no Hardened alert.