Author Topic: Drep Detection  (Read 32133 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Drep Detection
« on: December 18, 2014, 10:33:45 AM »
Drep detection whenver i download an executable from my own website http://whatsapphubstatus.com . It a clean software i made by own. but why this detection occuring? can any body tell me how to avoid it?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6700
  • Trust only what you test yourself!
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: Drep Detection
« Reply #3 on: December 18, 2014, 04:28:10 PM »
Hi,
DomainRep is a new feature of Avast, so let me explain a bit. It blocks EXE files downloads if these conditions are *all* met:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet,
3. The file is not signed or Avast does not trust the signature.

Once one of these conditions are not met anymore, Avast will stop flagging the download. In other words, just wait until more people try to download the file, or digitally sign your files :-).
Honza

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88851
  • No support PMs thanks
Re: Drep Detection
« Reply #4 on: December 18, 2014, 05:10:42 PM »
Hi,
DomainRep is a new feature of Avast, so let me explain a bit. It blocks EXE files downloads if these conditions are *all* met:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet,
3. The file is not signed or Avast does not trust the signature.

Once one of these conditions are not met anymore, Avast will stop flagging the download. In other words, just wait until more people try to download the file, or digitally sign your files :-).
Honza

Isn't this a bit like the chicken and the egg (which came first) - how are you to download the file from the site if it hasn't met any of the conditions to build up a reputation of avast users.

The only way I can see this happening would be if the file was signed, otherwise the file and or domain name would remain blocked.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline abruptum

  • Massive Poster
  • ****
  • Posts: 2460
Re: Drep Detection
« Reply #5 on: December 18, 2014, 05:49:55 PM »
Is it possible to turn off DomainRep ?

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: Drep Detection
« Reply #6 on: December 18, 2014, 05:55:57 PM »
That's a nice feature considering the fact that avast will allow a file when doesnt meet even 1 of those situations even it meets the other two.Hopefully,we will see this being worked on in a week or so.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: Drep Detection
« Reply #7 on: December 18, 2014, 06:27:08 PM »
Metascan is doing the same with an executale download pre-scan but with real scan results, avast classification is a bit like the french law method, scan verdict is malign until proven benign, as suspects are guilty until their innocence has been proven above doubt. FPs could cumulate, on the other hand unknown malign executales are caught before they can infest.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Drep Detection
« Reply #8 on: December 18, 2014, 07:47:28 PM »
Hi,
DomainRep is a new feature of Avast, so let me explain a bit. It blocks EXE files downloads if these conditions are *all* met:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet,
3. The file is not signed or Avast does not trust the signature.

Once one of these conditions are not met anymore, Avast will stop flagging the download. In other words, just wait until more people try to download the file, or digitally sign your files :-).
Honza

Isn't this a bit like the chicken and the egg (which came first) - how are you to download the file from the site if it hasn't met any of the conditions to build up a reputation of avast users.

The only way I can see this happening would be if the file was signed, otherwise the file and or domain name would remain blocked.

I'm wondering the same thing actually...
Visit my webpage Angry Sheep Blog

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Drep Detection
« Reply #9 on: December 18, 2014, 08:59:26 PM »
Hi,
DomainRep is a new feature of Avast, so let me explain a bit. It blocks EXE files downloads if these conditions are *all* met:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet,
3. The file is not signed or Avast does not trust the signature.

Once one of these conditions are not met anymore, Avast will stop flagging the download. In other words, just wait until more people try to download the file, or digitally sign your files :-).
Honza

OK. So, what does this mean for sites like portal.nbed.nb.ca (My School Domain) in which Students can transfer files? The idea behind this sounds Fantastic, but there ought to be measures in place (Hopefully) in which I can manually add certain sites (Like that one) to a Whitelist?
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88851
  • No support PMs thanks
Re: Drep Detection
« Reply #10 on: December 18, 2014, 11:37:10 PM »
<snip quote>

OK. So, what does this mean for sites like portal.nbed.nb.ca (My School Domain) in which Students can transfer files? The idea behind this sounds Fantastic, but there ought to be measures in place (Hopefully) in which I can manually add certain sites (Like that one) to a Whitelist?

Essentially the school domain is more likely to be recognised as in point 2. so the remainder should fall into place as only one condition needs to be met to allow the download to take place.

I don't know if in placing the school domain in the URL exclusions would achieve that, not scanned.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Drep Detection
« Reply #11 on: December 19, 2014, 12:56:29 AM »
David, the thing is. That is how I transfer my Projects (Coding Projects) like EXE and .SLN files. There needs to be a way, in which I can have Avast! not auto scan and flag those items.

In case you're curious to why I do not use USB's at school. The security there sucks. There is nothing active short of Windows Firewall and Microsoft Security Essentials. (And since MCShield usually flags EXE and VB related files, I'd have to disable any security there).

Even aside from that.... Our local Technicians at school know jackcrap about how to remove an infection (Which is, slightly frustrating)....

1) The file, wouldn't be recognized by Avast!. (Even as it is now, most of the time they are still "flagged" by something, whether it be Hardened Mode, The Evo-Gen detections of something else)
2) The portal isn't very known. Most teachers don't even know about it, let alone to students.
3) None of my files are digitally signed.
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88851
  • No support PMs thanks
Re: Drep Detection
« Reply #12 on: December 19, 2014, 01:22:01 AM »
Lets put it this way, if this function is already in place as appears to be the case given this topic - then simply try downloading some of the files you have up there and see.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Drep Detection
« Reply #13 on: December 19, 2014, 01:45:03 AM »
Something must be satisfying avast!, because it's not currently complaining. (Although Chrome does).

VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Drep Detection
« Reply #14 on: December 19, 2014, 04:38:19 AM »
Hi,
DomainRep is a new feature of Avast, so let me explain a bit. It blocks EXE files downloads if these conditions are *all* met:
1. The file is not prevalent enough, ie. not enough Avast users launched the file yet,
2. The domain is not prevalent enough, ie. not enough Avast users downloaded (any) EXE files from the domain yet,
3. The file is not signed or Avast does not trust the signature.

Once one of these conditions are not met anymore, Avast will stop flagging the download. In other words, just wait until more people try to download the file, or digitally sign your files :-).
Honza

Isn't this a bit like the chicken and the egg (which came first) - how are you to download the file from the site if it hasn't met any of the conditions to build up a reputation of avast users.

The only way I can see this happening would be if the file was signed, otherwise the file and or domain name would remain blocked.

I'm wondering the same thing actually...
Same here. Also, can/should this be reported as FP (if proven clean) or not..??
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0