Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Beta - Avast => Topic started by: RejZoR on June 04, 2016, 07:07:48 PM
-
Anyone from avast! team willing to drop few words about this feature? How does it work, is it functioning yet in 2267 beta build and so on?
-
I'm also interested in more info here. Thanks.
-
I'm also interested in more info here. Thanks.
Same here.
Although for now its known that its cloud-based analysis of some sort. Would be interesting to see which file types it can check and
if its working together with some other component like FileRep.
-
Hi,
in general CyberCapture is cloud analysis of new/unique/unknown files. When we detect a new file on user's computer we send it to our cloud for further and deeper analysis. We run it in our "NG" farm to watch how it behaves, we test it against our extended VPS, and few via other checks and at the end we got a result if the file is clean or not. Then this message is delivered back to the client.
During the analysis the file stays locked, but user can delete it or run anyway (this is not recommended)
The analysis might take few hours, but we work hard to deliver the result asap.
This feature can be disabled via Settings->General.
-
Is it requied a specific RAM?@MartinZ
-
Is it requied a specific RAM?@MartinZ
Why would it require system RAM when the analysis is done in the cloud.
-
Hi,
in general CyberCapture is cloud analysis of new/unique/unknown files. When we detect a new file on user's computer we send it to our cloud for further and deeper analysis. We run it in our "NG" farm to watch how it behaves, we test it against our extended VPS, and few via other checks and at the end we got a result if the file is clean or not. Then this message is delivered back to the client.
During the analysis the file stays locked, but user can delete it or run anyway (this is not recommended)
The analysis might take few hours, but we work hard to deliver the result asap.
This feature can be disabled via Settings->General.
You could add "Run in sandbox until analysis is complete" in paid versions where sandbox is available. This way people can still run apps safely in sandbox (if it runs in it).
Also, "hours" might be a bit to long to be honest. I know there is a limitation on tat since all 230 million something systems will be sending stuff to you and not processing it individually on local PC's, but still. 30 minutes would be somewhat reasonable, anything above this and users will just run stuff without waiting for verdict.
-
Agree Rejzor, we try to decide asap, and in fact in large portion of files we are able to decide in matter of minutes but some files need more time, for now.
@Be Secure, no extra requirements on user's PC
-
Agree Rejzor, we try to decide asap, and in fact in large portion of files we are able to decide in matter of minutes but some files need more time, for now.
@Be Secure, no extra requirements on user's PC
+1.
-
Agree Rejzor, we try to decide asap, and in fact in large portion of files we are able to decide in matter of minutes but some files need more time, for now.
@Be Secure, no extra requirements on user's PC
Are you able to display approximate wait time in a CyberCatch scan dialog as the file is being processed/waiting in the processing queue? This would be nice, sort of like VirusTotal has when you're waiting for analysis to complete. People are less impatient if they can see rough expected wait time over waiting with no idea whether it'll be in a minute or 3 hours...
-
Hi RejZoR,
analysis time can be specific for each sample. Imagine case (which is not that rare) of sample "hiding" malicious activity after i.e. 2 minutes of running after execution.
Milos
-
Yes we will display a usual time needed for analysis, calculated from the last 24h. But as Milos said some files might take longer. It will be just indicative, not precise.