Author Topic: CyberCapture feature?  (Read 10762 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
CyberCapture feature?
« on: June 04, 2016, 07:07:48 PM »
Anyone from avast! team willing to drop few words about this feature? How does it work, is it functioning yet in 2267 beta build and so on?
Visit my webpage Angry Sheep Blog

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: CyberCapture feature?
« Reply #1 on: June 04, 2016, 07:17:10 PM »
I'm also interested in more info here. Thanks.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: CyberCapture feature?
« Reply #2 on: June 04, 2016, 07:37:26 PM »
I'm also interested in more info here. Thanks.

Same here.

Although for now its known that its cloud-based analysis of some sort. Would be interesting to see which file types it can check and
if its working together with some other component like FileRep.
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline MartinZ

  • Moderator
  • Advanced Poster
  • *
  • Posts: 1057
  • Product Manager
Re: CyberCapture feature?
« Reply #3 on: June 08, 2016, 04:39:15 PM »
Hi,

in general CyberCapture is cloud analysis of new/unique/unknown files. When we detect a new file on user's computer we send it to our cloud for further and deeper analysis. We run it in our "NG" farm to watch how it behaves, we test it against our extended VPS, and few via other checks and at the end we got a result if the file is clean or not. Then this message is delivered back to the client.

During the analysis the file stays locked, but user can delete it or run anyway (this is not recommended)

The analysis might take few hours, but we work hard to deliver the result asap.

This feature can be disabled via Settings->General.

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: CyberCapture feature?
« Reply #4 on: June 08, 2016, 06:00:47 PM »
Is it requied a specific RAM?@MartinZ
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: CyberCapture feature?
« Reply #5 on: June 08, 2016, 06:25:21 PM »
Is it requied a specific RAM?@MartinZ

Why would it require system RAM when the analysis is done in the cloud.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture feature?
« Reply #6 on: June 08, 2016, 09:40:59 PM »
Hi,

in general CyberCapture is cloud analysis of new/unique/unknown files. When we detect a new file on user's computer we send it to our cloud for further and deeper analysis. We run it in our "NG" farm to watch how it behaves, we test it against our extended VPS, and few via other checks and at the end we got a result if the file is clean or not. Then this message is delivered back to the client.

During the analysis the file stays locked, but user can delete it or run anyway (this is not recommended)

The analysis might take few hours, but we work hard to deliver the result asap.

This feature can be disabled via Settings->General.

You could add "Run in sandbox until analysis is complete" in paid versions where sandbox is available. This way people can still run apps safely in sandbox (if it runs in it).

Also, "hours" might be a bit to long to be honest. I know there is a limitation on tat since all 230 million something systems will be sending stuff to you and not processing it individually on local PC's, but still. 30 minutes would be somewhat reasonable, anything above this and users will just run stuff without waiting for verdict.
Visit my webpage Angry Sheep Blog

Offline MartinZ

  • Moderator
  • Advanced Poster
  • *
  • Posts: 1057
  • Product Manager
Re: CyberCapture feature?
« Reply #7 on: June 09, 2016, 10:44:38 AM »
Agree Rejzor, we try to decide asap, and in fact in large portion of files we are able to decide in matter of minutes but some files need more time, for now.

@Be Secure, no extra requirements on user's PC

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: CyberCapture feature?
« Reply #8 on: June 09, 2016, 01:07:16 PM »
Agree Rejzor, we try to decide asap, and in fact in large portion of files we are able to decide in matter of minutes but some files need more time, for now.

@Be Secure, no extra requirements on user's PC
+1.

PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture feature?
« Reply #9 on: June 09, 2016, 05:11:14 PM »
Agree Rejzor, we try to decide asap, and in fact in large portion of files we are able to decide in matter of minutes but some files need more time, for now.

@Be Secure, no extra requirements on user's PC

Are you able to display approximate wait time in a CyberCatch scan dialog as the file is being processed/waiting in the processing queue? This would be nice, sort of like VirusTotal has when you're waiting for analysis to complete. People are less impatient if they can see rough expected wait time over waiting with no idea whether it'll be in a minute or 3 hours...
Visit my webpage Angry Sheep Blog

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: CyberCapture feature?
« Reply #10 on: June 10, 2016, 09:39:34 AM »
Hi RejZoR,
analysis time can be specific for each sample. Imagine case (which is not that rare) of sample "hiding" malicious activity after i.e. 2 minutes of running after execution.

Milos

Offline MartinZ

  • Moderator
  • Advanced Poster
  • *
  • Posts: 1057
  • Product Manager
Re: CyberCapture feature?
« Reply #11 on: June 10, 2016, 03:05:53 PM »
Yes we will display a usual time needed for analysis, calculated from the last 24h. But as Milos said some files might take longer. It will be just indicative, not precise.