Author Topic: FLAW In Protection: VBS malware and deepscreen  (Read 11653 times)

0 Members and 1 Guest are viewing this topic.

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: FLAW In Protection: VBS malware and deepscreen
« Reply #15 on: August 26, 2014, 07:16:18 PM »
Dave they could use dyna rules and stuff they like they do for other files.They should be adding dyna rules for these type of VBS malware.First all they need to have deepscreen working on vbs files.
« Last Edit: August 26, 2014, 07:23:28 PM by True Ind »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: FLAW In Protection: VBS malware and deepscreen
« Reply #16 on: August 26, 2014, 07:24:23 PM »
Dave they could use dyna rules and stuff they like they do for other files.

It doesn't really matter what they could use - Personally I'm against creating rules when there is meant to be a script scanning function built in to avast.

Creating a rule would also require an underlying routine to cater for .vbs instead of/as well as .exe's in deepscreen.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: FLAW In Protection: VBS malware and deepscreen
« Reply #17 on: August 26, 2014, 07:26:56 PM »
Dave I think avast reputation service already has enough no of files in whitelist.Regardless not having rules/trigger for deepscreen for a major threat gate is a flaw.

Script scanning function?? Those are based on the AV database and these are polymorphic viruses and this wouldnt cut it because these change everday like rootkits.This makes some sense I guess.

And from previous experiences avast is not the quickest or smartest to pick the newer varients quickly either instead we have some proactive analysis system.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: FLAW In Protection: VBS malware and deepscreen
« Reply #18 on: August 26, 2014, 11:47:14 PM »
I have not mentioned reputation services or whitelisting of files in any of my replies.

I'm clearly stating the the supposed script scanning of avast should be scanning these scripts in the same way that they did when there was a Script Shield. This scanned scripts on both the web pages and scripts run locally.

Deepscreen to date hasn't been the beast it is meant to be, perhaps we will see more of in beta2. As I have mentioned those that have set Hardened Mode to Aggressive are essentially bypassing deepscreen. So any Rule if it were to have rules wouldn't be effective if the Hardened Mode were set to Aggressive.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: FLAW In Protection: VBS malware and deepscreen
« Reply #19 on: August 27, 2014, 03:54:27 AM »
Dave neither hardened mode nor deepscreen blocks targets vbs extension files which they should be doing now because if this usb malware.I have done some deep testing on this before making this topic.

Nothing to argue on deepscreen improvements in beta2.I have full faith in the developers that they are surely making deepscreen worthy.
« Last Edit: August 27, 2014, 04:07:08 AM by True Ind »

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: FLAW In Protection: VBS malware and deepscreen
« Reply #20 on: August 28, 2014, 05:48:29 AM »
Also its not just vbs format.There are many other formats like *.js that are not targeted by deepscreen.

I have been testing this with different file format and so far .vbs and .js are not targeted.