Author Topic: CyberCapture (Read 133506 times)

Be Secure · « **Reply #60 on:** June 26, 2016, 02:34:06 AM »

Quote from: RejZoR on June 25, 2016, 06:44:40 PM

Bypass, evasion, not being detected, same thing, end result is user being infected. At the end of the day, I frankly don't care how you call it.

I'd need Be Secure to confirm whether it triggered CyberCapture and the verdict was "CLEAN" or it didn't even trigger it...

It didn't even trigger CyberCapture.

Quote

CyberCapture will evolve in next months and its limitations (the origin of the file) will be narrowed.

Hope so.

RejZoR · « **Reply #61 on:** June 26, 2016, 06:59:02 AM »

But how did you obtain the sample? Downloaded from web or executed locally after unpacking it from archive? I think that may be a problem because I don't think avast! tracks files this thoroughly to know what arrived from web and what is local. If EXE gets downloaded and is unknown it'll CyberCapture it. If it arrives in a locked archive, you unpack it manually later on and execute the content, CyberCapture won't do anything, despite archive originating from web, because it couldn't do anything with it at the time.

Also, does CyberCapture even work if user decides to only install File System Shield and no Web Shield? One would think CyberCapture depends on Web Shield. Not installing it renders CyberCapture useless even if you have it ticked in the settings. Or does it?

Be Secure · « **Reply #62 on:** June 26, 2016, 07:18:42 AM »

Quote from: RejZoR on June 26, 2016, 06:59:02 AM

how did you obtain the sample? Downloaded from web or executed locally after unpacking it from archive?

Yes.Downloaded from web then executed locally.I have another Virus link and i PMed you the link pls try it yourself on wondows 7,because windows10 does not support this.VT-https://www.virustotal.com/en/file/879fc214c53f27097fa0a975046ff3a2435f602c8f64f1030c412ad14a656105/analysis/This will open CC but failed to block it.Say It clean.Send it to Viruslab.

Be Secure · « **Reply #63 on:** June 26, 2016, 07:25:08 AM »

Quote from: RejZoR on June 26, 2016, 06:59:02 AM

does CyberCapture even work if user decides to only install File System Shield and no Web Shield? One would think CyberCapture depends on Web Shield. Not installing it renders CyberCapture useless even if you have it ticked in the settings. Or does it?

Don't Know.Avast! Dev will answar this.

Milos · « **Reply #64 on:** June 27, 2016, 01:07:55 PM »

Quote from: Be Secure on June 26, 2016, 07:18:42 AM

Quote from: RejZoR on June 26, 2016, 06:59:02 AM
how did you obtain the sample? Downloaded from web or executed locally after unpacking it from archive?
Yes.Downloaded from web then executed locally.I have another Virus link and i PMed you the link pls try it yourself on wondows 7,because windows10 does not support this.VT-https://www.virustotal.com/en/file/879fc214c53f27097fa0a975046ff3a2435f602c8f64f1030c412ad14a656105/analysis/This will open CC but failed to block it.Say It clean.Send it to Viruslab.

Hello Be Secure,
what was the exact scenario you have tried? Can you describe step by step what did you do with the file, please?

Milos

Be Secure · « **Reply #65 on:** June 27, 2016, 01:22:11 PM »

Quote from: Milos on June 27, 2016, 01:07:55 PM

Quote from: Be Secure on June 26, 2016, 07:18:42 AM
Quote from: RejZoR on June 26, 2016, 06:59:02 AM
how did you obtain the sample? Downloaded from web or executed locally after unpacking it from archive?
Yes.Downloaded from web then executed locally.I have another Virus link and i PMed you the link pls try it yourself on wondows 7,because windows10 does not support this.VT-https://www.virustotal.com/en/file/879fc214c53f27097fa0a975046ff3a2435f602c8f64f1030c412ad14a656105/analysis/This will open CC but failed to block it.Say It clean.Send it to Viruslab.
Hello Be Secure,
what was the exact scenario you have tried? Can you describe step by step what did you do with the file, please?

Milos

1.Download a virus file from web.
2.executed it locally(Net was connected)and then the DeepScreen(Only word was changed.As you can see in pic.It was not even state that it was CC)apeared.
3.After scan it state that file is clean not infected but it was a infected exe file.
In short-Downloaded from web then executed locally and failed to protect.

Milos · « **Reply #66 on:** June 27, 2016, 02:53:07 PM »

Thanks for the info. We will investigate the issue.

Milos

Be Secure · « **Reply #67 on:** June 27, 2016, 02:58:25 PM »

Quote from: Milos on June 27, 2016, 02:53:07 PM

Thanks for the info. We will investigate the issue.

Milos

Pls let me know.

Lisandro · « **Reply #68 on:** June 28, 2016, 02:48:04 AM »

Thanks for jumping Milos.

Vlk · « **Reply #69 on:** June 28, 2016, 04:03:21 AM »

The team has analyzed this scenario and found some bugs in the CyberCapture backend that might've been responsible for this. Fixes are on the way. Thanks for bringing this up by the way -- and please, if you see more issues (any misses in detection etc.), make sure to share them with us. We're committed to making CyberCapture a kick-ass thing and y'all's help is essential in this.

Thanks!
Vlk

Be Secure · « **Reply #70 on:** June 28, 2016, 04:13:25 AM »

Quote from: Vlk on June 28, 2016, 04:03:21 AM

The team has analyzed this scenario and found some bugs in the CyberCapture backend that might've been responsible for this. Fixes are on the way. Thanks for bringing this up by the way -- and please, if you see more issues (any misses in detection etc.), make sure to share them with us. We're committed to making CyberCapture a kick-ass thing and y'all's help is essential in this.

Thanks!
Vlk

I will.But CyberCapture needs a separate Section in the forum to report any kind off BUGS and improvments news on CC.@Vlk

Be Secure · « **Reply #71 on:** June 28, 2016, 08:09:32 AM »

Pls remove its limitations from(USB origin,VBS files,BAT)quickly.

DavidR · « **Reply #72 on:** June 28, 2016, 03:10:17 PM »

Quote from: Be Secure on June 28, 2016, 08:09:32 AM

Pls remove its limitations from(USB origin,VBS files,BAT)quickly.

I suggest we do what was said - by Vlk I believe - lets get the CyberCapture web downloads function sorted and bug free before adding additional entry point functionality.

bob3160 · « **Reply #73 on:** June 28, 2016, 03:13:06 PM »

Quote from: DavidR on June 28, 2016, 03:10:17 PM

Quote from: Be Secure on June 28, 2016, 08:09:32 AM
Pls remove its limitations from(USB origin,VBS files,BAT)quickly.

I suggest we do what was said - by Vlk I believe - lets get the CyberCapture web downloads function sorted and bug free before adding additional entry point functionality.

Considering that the internet is the source of the biggest danger, it needs to be tackled and concord first. Once that's done, then it's time to move on to the next largest
source of attack.

Be Secure · « **Reply #74 on:** June 28, 2016, 04:26:24 PM »

Quote from: bob3160 on June 28, 2016, 03:13:06 PM

Quote from: DavidR on June 28, 2016, 03:10:17 PM
Quote from: Be Secure on June 28, 2016, 08:09:32 AM
Pls remove its limitations from(USB origin,VBS files,BAT)quickly.

I suggest we do what was said - by Vlk I believe - lets get the CyberCapture web downloads function sorted and bug free before adding additional entry point functionality.
Considering that the internet is the source of the biggest danger, it needs to be tackled and concord first. Once that's done, then it's time to move on to the next largest
source of attack.

Yes.But VBS files,BAT files are net base threats and have to be analyzed by CC.

Author Topic: CyberCapture (Read 133506 times)

Be Secure

Re: CyberCapture

RejZoR

Re: CyberCapture

Be Secure

Re: CyberCapture

Be Secure

Re: CyberCapture

Milos

Re: CyberCapture

Be Secure

Re: CyberCapture

Milos

Re: CyberCapture

Be Secure

Re: CyberCapture

Lisandro

Re: CyberCapture

Vlk

Re: CyberCapture

Be Secure

Re: CyberCapture

Be Secure

Re: CyberCapture

DavidR

Re: CyberCapture

bob3160

Re: CyberCapture

Be Secure

Re: CyberCapture