Author Topic: CyberCapture  (Read 106342 times)

0 Members and 1 Guest are viewing this topic.

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: CyberCapture
« Reply #45 on: June 24, 2016, 04:25:52 AM »
@Vlk

I have one more concern or question about CyberCapture, regarding AV-C and AV-TEST. Will their testing methodologies adapt to how your product works? I mean, if results are sometimes returned in 2 hours time, will they wait for a verdict and flag it as miss or hit based on that or how will they operate with it now? I mean, before it was very clear verdict with NG since it took just few seconds and tester could instantly see what happened. With CyberCapture, that changes drastically. And it would be nice to see realistic scores in tests based on how it actually operates.
2 hour is too much for them and for us also.If it is between 15-20 minutes(Max 25) then it will be more realistic.For solution you can make more NG system environment in your lab it will divide the workload. :)
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline TrueIndian

  • Poster
  • *
  • Posts: 433
Re: CyberCapture
« Reply #46 on: June 24, 2016, 05:30:44 AM »
Well I am sure in time this feature will be a big part of avast! because of their huge user base it will be easy to detect new threats quickly.  :)

I want to see this feature applied to all infection vectors especially to usb,p2p,mail and unkown files resident on user machine if there are any.
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

REDACTED

  • Guest
Re: CyberCapture
« Reply #47 on: June 24, 2016, 06:12:49 AM »
@Vlk

I have one more concern or question about CyberCapture, regarding AV-C and AV-TEST. Will their testing methodologies adapt to how your product works? I mean, if results are sometimes returned in 2 hours time, will they wait for a verdict and flag it as miss or hit based on that or how will they operate with it now? I mean, before it was very clear verdict with NG since it took just few seconds and tester could instantly see what happened. With CyberCapture, that changes drastically. And it would be nice to see realistic scores in tests based on how it actually operates.
2 hour is too much for them and for us also.If it is between 15-20 minutes(Max 25) then it will be more realistic.For solution you can make more NG system environment in your lab it will divide the workload. :)
+1
« Last Edit: June 28, 2016, 05:52:50 AM by Dragon Rider »

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6710
  • Trust only what you test yourself!
Re: CyberCapture
« Reply #48 on: June 25, 2016, 01:34:20 AM »
CyberCapture vs. Free Business Edition...

If the free business edition provides USB protection then why can't CyberCapture do the same thing?"
Assuming the free business edition uses cloud technology to protect against USB infections.
Also, doesn't the free business edition use the cloud to scan individual files?
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: CyberCapture
« Reply #49 on: June 25, 2016, 03:34:03 AM »
CyberCapture was bypassed by Ransomware. :(Is there any info about Ransomware protection? I thought it(Ransomware) block by CyberCapture but wrong.
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: CyberCapture
« Reply #50 on: June 25, 2016, 03:24:01 PM »
CyberCapture was bypassed by Ransomware.
Evidence (link) please ;)
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: CyberCapture
« Reply #51 on: June 25, 2016, 03:43:18 PM »
And it would be nice to see realistic scores in tests based on how it actually operates.
+1 I would love to see results being published.

avast! has once again proven it has one of the best communities in the world.
And it's one of our major power. And we know that we need to change somehow "faster", "drastically".
We're listen to this need and will do our best to recover and keep this perception of "best community".
The best things in life are free.

Offline Andrey,pro

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5013
  • Things happen
Re: CyberCapture
« Reply #52 on: June 25, 2016, 04:36:05 PM »
Seems to me there is no need to upload every file.
Get the hash from a file.
Upload it to the avast server.
If it is unknown upload the file.
If it is known, there is no need to upload the file.
Seems to me much better for people with a low bandwidth and especially for those who have a data limit.
Hello,
yes, if we don't have the file (prevalence = 0) then we upload it to our servers. Other users with same hash don't upload the file.

Milos
Hello Milos,

One user from Russia reported it isn't the truth. After checking the file it was checked again the next time. For more inforrmation, please read this topic (in Russian): https://forum.avast.com/index.php?topic=187696.0

Update: I found that the first picture was from a FileRep and the Second - from CyberCapture.
« Last Edit: June 26, 2016, 01:50:48 PM by Andrey,pro »

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: CyberCapture
« Reply #53 on: June 25, 2016, 04:42:35 PM »
CyberCapture was bypassed by Ransomware.
Evidence (link) please ;)
Ok.I have some screenshot of that Ransomware that was block by ZAM.After that i send it to Viruslab.And now it is blocked as a malware-gen.

VT: https://www.virustotal.com/en/file/5a7fa97c7450e7404abc8fb910f99019193e30cf2c7303996c7d19efebfc650b/analysis/
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: CyberCapture
« Reply #54 on: June 25, 2016, 05:58:28 PM »
After that i send it to Viruslab. And now it is blocked as a malware-gen.
So, it did not pass CyberCapture.
Of course, CyberCapture needs to get the malware (file) to analyze it.
Having 230 million sensors spread all over the world, zero-second protection will be achieved when a file with prevalence 0 (unknown) reaches CyberCapture.
The best things in life are free.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9404
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #55 on: June 25, 2016, 06:02:48 PM »
It did fail. He sent it manually to virus lab. CyberCapture is suppose to lock the file from execution, send the sample to cloud, analyze it there and return the verdict. And verdict in this case was apparently "not malware". Or it didn't even trigger CyberCapture because it was executed from local drive and not as download, which ENTIRELY bypasses CyberCapture...
Visit my webpage Angry Sheep Blog

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: CyberCapture
« Reply #56 on: June 25, 2016, 06:08:02 PM »
It did fail. He sent it manually to virus lab. CyberCapture is suppose to lock the file from execution, send the sample to cloud, analyze it there and return the verdict. And verdict in this case was apparently "not malware". Or it didn't even trigger CyberCapture because it was executed from local drive and not as download, which ENTIRELY bypasses CyberCapture...
+1.Got my point. ;)
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: CyberCapture
« Reply #57 on: June 25, 2016, 06:11:16 PM »
CyberCapture is suppose to lock the file from execution, send the sample to cloud, analyze it there and return the verdict.
Which is the origin of the file? HTTPS scanning?

And verdict in this case was apparently "not malware".
The verdict is not instantaneous.

Or it didn't even trigger CyberCapture because it was executed from local drive and not as download, which ENTIRELY bypasses CyberCapture...
No, I really disagree technically. This is not bypass. The technology was not bypassed. It is just, by now, limited. Not every file triggers CyberCapture. And not triggering is NOT, technically, bypassing.
CyberCapture will evolve in next months and its limitations (the origin of the file) will be narrowed.
The best things in life are free.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9404
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #58 on: June 25, 2016, 06:44:40 PM »
Bypass, evasion, not being detected, same thing, end result is user being infected. At the end of the day, I frankly don't care how you call it.

I'd need Be Secure to confirm whether it triggered CyberCapture and the verdict was "CLEAN" or it didn't even trigger it...
Visit my webpage Angry Sheep Blog

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1793
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: CyberCapture
« Reply #59 on: June 26, 2016, 02:19:49 AM »
please also remember shared infections of LAN and similar it's not just removal drives, USBs, optical media and web urls and email ;)

seen some randomware latterly going thru LAN attack vectors
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive