Jump to content

About antivirus protection on OA++


kalemba
 Share

Recommended Posts

Hello everybody , first of all i tell you that this evening buy OA++ .

Ihave made some tests and i am litlle confused , why it does NOT haave any kind of reaction

with Eicar test file , what happened with REAL threats or more dangers malware ?

I am very interested of this aspect because i am one of those who fight with antimalware and i am looking closed on that problems .

Link to comment
Share on other sites

Hi Kalemba :)

Which eicar file are you using? The executable .com version or the .com.txt version which isn't executable?

OA ++ integrates the Emsisoft and Ikarus scanning engines into it's HIPS to scan Unknown programs when they try to run to help ensure that they are not malicious. It doesn't scan files on read/write/access etc, like a traditional AV does so it doesn't flag infected files that aren't able to be executed (because they have to be executed to do any damage). On demand or scheduled scans will however flag non-executable files that are infected.

Link to comment
Share on other sites

I'm not sure exactly how you performed your tests? For testing OA++ on-execution protection, you need to execute (run) the Eicar file at which point you should get a red popup from OA saying that the file is infected. Eicar.com is the only eicar file which can be run as the others are not executable files. Are you running the Eicar.com file and not getting this alert from OA?

Link to comment
Share on other sites

Hi kalemba,

Saving eicar.com to your computer won't generate an alert from OA ++ because there is no execution of the file happening at this point. If you go to where you have saved eicar.exe and double click it, you should see an alert from OA about an infected file wanting to run, at which point you can choose to Block it from running or Delete it :)

Link to comment
Share on other sites

And thank you for support ! Right now i tried to Run eicar.com not to test and OA+++

had NO reaction , NO popup appear !

Hi kalemba,

How did you run it?

If you did not get an Alert - you should see Eicar's message about printing.

Did you get that message?

It has to be run from DOS box.

It can be properly tested on 32bit platform

On x64 you will get system message about incompatibility since Eicar is 16bit Application

But anyway, even on x64 if you run eicar.exe (not <>.com) you can get an Alert

eicarx64test.th.png

This performed using EAM though, but as far as I know there shouldd not be much difference.

Guys will correct me if I am wrong

Run some better tests like “TrojanSimulator”

My regards

Link to comment
Share on other sites

I've just been reading several threads on this subject.

So... OA++ doesn't give you a "tradictional AV protection"?

What is it doing there then? You could use free apps like MBAM, HitmanPro and so on.

If you have a Bidirectional FW and a full fledged HIPS, then you just add a basic free AV like MSE or Avira..

Or I'm missing something here?

Regards,

Jose.

Link to comment
Share on other sites

OA ++ integrates the Emsisoft and Ikarus scanning engines into it's HIPS to scan Unknown programs when they try to run to help ensure that they are not malicious. It doesn't scan files on read/write/access etc, like a traditional AV does so it doesn't flag infected files that aren't able to be executed (because they have to be executed to do any damage). On demand or scheduled scans will however flag non-executable files that are infected.
Link to comment
Share on other sites

That's not an answer my Slav mate.
Hi again Jose_Lisbon

You are digressing from the main question asked here.

You just stated that the protection is not sufficient, which is not the conclusion that can be made.

The case is not solved yet. The original poster still didn't reply about "Execution" test, etc.

Then, as it was said before on-demand scan is working;

"onExecution" protection is basically very sufficient method;

Scanning files during download and stopping downloads is mainly waste of time, moreover that can be misleading (hope one of the other threads that you've read was this one)

My regards

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...