Jump to content

Anti-malware network questions


spywar
 Share

Recommended Posts

So will you make a way for us to be able to submit files directly to Emsisoft Anti Malware Network ?

 

edit: It would be good to have somehow an automated analysis system with web interface (online malware analyser) for us to be able to directly upload files then system will clasify everything it can as malware. All files not classified will be sent for manual process.

Link to comment
Share on other sites

Cloud signatures are a lot more aggressive than local signatures. They are only used if EAM is observing a malicious behavior to begin with, which allows us to be less concerned about false positives and release them early with only rudimentary QA, making them usually more current. Cloud signatures may end up as local signatures some time later, after they passed our usual QA processes.

Link to comment
Share on other sites

We usually apply rather complex statistical models to unknown files, allowing us to determine whether or not a file is malicious based on many different factors like location on the system, behavior on our client's machines, similarity to existing threads, user feedback, source, and so on.

Link to comment
Share on other sites

We usually apply rather complex statistical models to unknown files, allowing us to determine whether or not a file is malicious based on many different factors like location on the system, behavior on our client's machines, similarity to existing threads, user feedback, source, and so on.

And does this also apply for safe files (identified as unknown by the Anti Malware Network) ? Usually, how long does this process take ? thanks.

Link to comment
Share on other sites

Thanks.

Is it possible to know how many files get whitelisted automatically everyday ? I have correctly understood that any unknown files safe or bad, get a classification by Anti Malware Network depending on many factors (BTW, bad files are classified MUCH faster than white, just because of the similarity which should really be doing great....)

thanks again.

 

Last Q : How long does a detected file need to be added to local DB ? I mean they are TONS of Adware not detected by EAM but all classified as malware by AMN. I'm sure there is something to do here. I had no adware samples not detected by AMN as malware. 

Link to comment
Share on other sites

Around 2000 - 5000 files a day are being whitelisted at the moment. The number of files being blacklisted is a lot higher though (around 100k per day). Adware signatures for the most part will never be included in the local signature files, unless the adware shows malicious behavior and could be considered illegal in some countries.

  • Upvote 1
Link to comment
Share on other sites

Thanks again Fabian :)

 

So do you get samples from virustotal continuously ? 24/7 ? I see there is a product called MalAware which essentially relies on this database for scanning. Do you plan such a scan called Cloud Scan for the future of EAM ?

Link to comment
Share on other sites

Hi!

 

Take a look at this test on 22 samples pack from me

 

http://malwaretips.com/Thread-Malware-Pack-22-fresh-samples--16954?pid=127641#pid127641 (really fast)

 

I'm impressed by OA I must say...

 

Question is how can it identify something as malicious ? (dangerous) ? Does it look it up throught the Anti Malware Network database ? Cause I checked these files with isthisfilesafe.net and if I remember right all were caught as Malware. 

 

Thanks again for all those replies and also to the tester.

Link to comment
Share on other sites

Basically you don't have any plans on bringing the AMN even more in interaction with EAM ? It's really active with OA, nothing goes through and if one pass the OA's cloud lookup, Mamutu takes care of it....

 

I mean...even adware all all covered by AMN ! and if you take a look at some malware removal forums, you'll see ppl get infected a lot by Adware it would be pretty good to bring up this AMN to check every execution on EAM...But I bet you know better than me.

Link to comment
Share on other sites

I gathered 58 fresh samples

 

http://malwaretips.com/Thread-Malware-Pack-58-fresh-samples--17062?pid=128440#pid128440

 

Did a scan with EEK updated and left 9 samples

 

did submitted those 9 and also checked all of them one per one using SHA-1 value

 

http://malwaretips.com/Thread-Malware-Pack-58-fresh-samples--17062?pid=128447#pid128447

 

Pretty impressive and agressive.

Link to comment
Share on other sites

  • 4 months later...

Yes it is quite quite powerfull...I was just testing it with fresh MD5 values of fresh malware samples...Even safe samples are great covered.

"Around 2000 - 5000 files a day are being whitelisted at the moment"

so we can consider that AMN is whitelisting around 60 000 / 150 000 of new safe files each month then..

Link to comment
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...