kalemba

CLOSED About antivirus protection on OA++

Recommended Posts

Hello everybody , first of all i tell you that this evening buy OA++ .

Ihave made some tests and i am litlle confused , why it does NOT haave any kind of reaction

with Eicar test file , what happened with REAL threats or more dangers malware ?

I am very interested of this aspect because i am one of those who fight with antimalware and i am looking closed on that problems .

Share this post


Link to post
Share on other sites

Hi Kalemba :)

Which eicar file are you using? The executable .com version or the .com.txt version which isn't executable?

OA ++ integrates the Emsisoft and Ikarus scanning engines into it's HIPS to scan Unknown programs when they try to run to help ensure that they are not malicious. It doesn't scan files on read/write/access etc, like a traditional AV does so it doesn't flag infected files that aren't able to be executed (because they have to be executed to do any damage). On demand or scheduled scans will however flag non-executable files that are infected.

Share this post


Link to post
Share on other sites

I'm not sure exactly how you performed your tests? For testing OA++ on-execution protection, you need to execute (run) the Eicar file at which point you should get a red popup from OA saying that the file is infected. Eicar.com is the only eicar file which can be run as the others are not executable files. Are you running the Eicar.com file and not getting this alert from OA?

Share this post


Link to post
Share on other sites

Hi kalemba,

Saving eicar.com to your computer won't generate an alert from OA ++ because there is no execution of the file happening at this point. If you go to where you have saved eicar.exe and double click it, you should see an alert from OA about an infected file wanting to run, at which point you can choose to Block it from running or Delete it :)

Share this post


Link to post
Share on other sites

And thank you for support ! Right now i tried to Run eicar.com not to test and OA+++

had NO reaction , NO popup appear !

Hi kalemba,

How did you run it?

If you did not get an Alert - you should see Eicar's message about printing.

Did you get that message?

It has to be run from DOS box.

It can be properly tested on 32bit platform

On x64 you will get system message about incompatibility since Eicar is 16bit Application

But anyway, even on x64 if you run eicar.exe (not <>.com) you can get an Alert

eicarx64test.th.png

This performed using EAM though, but as far as I know there shouldd not be much difference.

Guys will correct me if I am wrong

Run some better tests like “TrojanSimulator”

My regards

Share this post


Link to post
Share on other sites

I've just been reading several threads on this subject.

So... OA++ doesn't give you a "tradictional AV protection"?

What is it doing there then? You could use free apps like MBAM, HitmanPro and so on.

If you have a Bidirectional FW and a full fledged HIPS, then you just add a basic free AV like MSE or Avira..

Or I'm missing something here?

Regards,

Jose.

Share this post


Link to post
Share on other sites

Hi Jose_Lisbon,

Why such conclusion was made by you from what you've read here ... and other threads? :unsure:

My regards

Share this post


Link to post
Share on other sites
OA ++ integrates the Emsisoft and Ikarus scanning engines into it's HIPS to scan Unknown programs when they try to run to help ensure that they are not malicious. It doesn't scan files on read/write/access etc, like a traditional AV does so it doesn't flag infected files that aren't able to be executed (because they have to be executed to do any damage). On demand or scheduled scans will however flag non-executable files that are infected.

Share this post


Link to post
Share on other sites
That's not an answer my Slav mate.
Hi again Jose_Lisbon

You are digressing from the main question asked here.

You just stated that the protection is not sufficient, which is not the conclusion that can be made.

The case is not solved yet. The original poster still didn't reply about "Execution" test, etc.

Then, as it was said before on-demand scan is working;

"onExecution" protection is basically very sufficient method;

Scanning files during download and stopping downloads is mainly waste of time, moreover that can be misleading (hope one of the other threads that you've read was this one)

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.