Author Topic: MCShield (MCS)  (Read 12543 times)

0 Members and 1 Guest are viewing this topic.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5348
  • Spartan Warrior
Re: MCShield (MCS)
« Reply #15 on: February 03, 2017, 03:02:46 AM »
Thanks Magna.  Your opinion counts far more than mine ever could.
Windows 10 Home 64-bit 1809 Avast Internet Security version 19.6.2383 (build 19.6.4546.494)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: MCShield (MCS)
« Reply #16 on: February 03, 2017, 02:39:36 PM »
Thanks Magna.
My comments were in the way of asking MCShield effectiveness if it is used side-by-side with Avast on the cloud.
We do support layered defense, just that, from time to time, we must rethink or move on from a particular layer due to technology changes.
The best things in life are free.

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3157
  • There's a kind of hope for me!
Re: MCShield (MCS)
« Reply #17 on: April 02, 2019, 07:51:34 PM »
Hi,

I'm using MCS since years on all of my machines. Some days ago, after I've put one of my USB sticks into a slot of one of my W8 machines, MCS scanned that stick and detected s.th. malicious and deleted it.
After i had a look at the log (see screenshot [excuse for German]), I didn't know nothing for I couldn't find a name of the data, which was deleted.
As I didn't get any answer in the German board, Asyn lead me to this thread and I hope, there comes an answer, which includes reason and name of the deleted data.

=Snake=
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.7.0[NS,ABP,MBBE], TB 60.6.1, MCS, CC 5.57, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline Pako7

  • Sr. Member
  • ****
  • Posts: 267
  • 9 years with Avast and i still recommend it
Re: MCShield (MCS)
« Reply #18 on: April 03, 2019, 07:29:50 PM »
Iv been using MC Shield for a year now ..but my friends been on my case because they say its been abandoned though i love it soo much ..

they have been comparing it with Smadav ...mind if you guys can tell me which one is better
Best Regard
Pako7

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35857
Re: MCShield (MCS)
« Reply #19 on: April 03, 2019, 07:46:25 PM »
Iv been using MC Shield for a year now ..but my friends been on my case because they say its been abandoned though i love it soo much ..

they have been comparing it with Smadav ...mind if you guys can tell me which one is better
According to the Smadav website, it is a antivirus that use signature detection


MCShield is not a antivirus, it is a special tool that only target those malwaretypes that try to jump disk when you plug in a USB storage device.

It does this by behaviour and dont need signatures, there is a limited amount of tricks they can use to jump and all are known.
The few signatures MCShield containe are there to avoid false positives

Those malwaretypes that MCShield dont target will be targeted by your installed antivirus


Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pako7

  • Sr. Member
  • ****
  • Posts: 267
  • 9 years with Avast and i still recommend it
Re: MCShield (MCS)
« Reply #20 on: April 03, 2019, 08:04:46 PM »
Ouch they really dont now because they seem to be using it hand in hand with Avast since they thought it only scans usb ...

on its dashboard it states that is an usb scanner ,,..unless its been updated anyway il warn them tomorrow
Best Regard
Pako7

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31546
  • malware fighter
Re: MCShield (MCS)
« Reply #21 on: April 03, 2019, 11:25:50 PM »
I am still happy with VoodooShield on my comp.
Detected quite a few things/issues, that would have slipped by from my attention,
running silently in the background,
and that I now willingly had to run or block.

Works like a sort of second op when installing things..
Quite came to like that little devil of a blue shield tool sitting
there in the right hand corner of the desktop screen just over the time and date,

Anyone, using this too?

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5899
  • When you think you know, Think Again
Re: MCShield (MCS)
« Reply #22 on: April 04, 2019, 12:18:46 AM »
I am still happy with VoodooShield on my comp.
Detected quite a few things/issues, that would have slipped by from my attention,
running silently in the background,
and that I now willingly had to run or block.

Works like a sort of second op when installing things..
Quite came to like that little devil of a blue shield tool sitting
there in the right hand corner of the desktop screen just over the time and date,

Anyone, using this too?

pol

Been using it a loooong time. Follow the forum. https://calendarofupdates.org/index.php?board=21.0
Dan (dev) is working on releasing version 5 beta, don't know when :)
***HP ENVY 15K LT W10 Pro 1903 64Bit/750GB HD/16GB Ram/Avast Premier 19.6.2383 /VS 5.01/ASB/Mbam/Secureline b. 5.4/SANDBOXIE/Prey Project
**HP Compaq 8510p LT W10 Pro 1903 64Bit/1TB HD/8GB Ram/Avast Premier BETA 19.7.2384 /VS 5.01/ASB beta/Secureline b 5.4/SANDBOXIE/Prey Project 
     
*Dell Inspiron XPsp4 PRO 32Bit/Avast(since 2000)18.8.2356/OSA/WP/Comodo FW 3.14/Secureline/Comodo IceDragon v.40
<LAYERED SECURITY SOFTWARE PROTECTION

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3157
  • There's a kind of hope for me!
Re: MCShield (MCS)
« Reply #23 on: April 04, 2019, 10:59:49 AM »
Hi,

I'm using MCS since years on all of my machines. Some days ago, after I've put one of my USB sticks into a slot of one of my W8 machines, MCS scanned that stick and detected s.th. malicious and deleted it.
After i had a look at the log (see screenshot [excuse for German]), I didn't know nothing for I couldn't find a name of the data, which was deleted.
As I didn't get any answer in the German board, Asyn lead me to this thread and I hope, there comes an answer, which includes reason and name of the deleted data.

=Snake=
Excuse my not mentioning, that I was really sure, that the USB stick was empty. But now I feel insecure and want to know, what MCS was working on.
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.7.0[NS,ABP,MBBE], TB 60.6.1, MCS, CC 5.57, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35857
Re: MCShield (MCS)
« Reply #24 on: April 04, 2019, 04:11:04 PM »
Quote
MCS scanned that stick and detected s.th. malicious and deleted it.
I dont see that name in the log/screenshot you posted ?

If quarantined you can restore and upload to virustotal and check
MCShield usually give MD5 on the file it detect, if you have that you can search it on VT to see if it has been scanned there before and referesh the scan result

If deleted then it is gone



Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3157
  • There's a kind of hope for me!
Re: MCShield (MCS)
« Reply #25 on: April 04, 2019, 06:13:08 PM »
Quote
MCS scanned that stick and detected s.th. malicious and deleted it.
1. I dont see that name in the log/screenshot you posted ?
2. If quarantined you can restore and upload to virustotal and check
3. MCShield usually give MD5 on the file it detect, if you have that you can search it on VT to see if it has 
    been scanned there before and referesh the scan result
4. If deleted then it is gone
1: I didn't see any either and that made me nervous.
2: Nothing quarantined.
3: MD5 is in my screenshot under F:\System Volume Information\WPSettings.dat
                                                                     (MD5: 586717e89d779e4e7c678257dfcec986)
    But it means nothing to me.
4: Detected and deleted right away. 1 malicious file!
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.7.0[NS,ABP,MBBE], TB 60.6.1, MCS, CC 5.57, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81644
  • No support PMs thanks
Re: MCShield (MCS)
« Reply #26 on: April 04, 2019, 08:53:25 PM »
@ =Snake=
3:  the MD5 is a unique identifier for the file.  Even if the name was changed but nothing else, the MD5 would be the same. 

It may be possible to do a search on virustotal for that MD5 to see if it has been scanned before and what the results were.  I know it is possible to do a search on VT for a files SHA-256 unique identifier, I have done that before, but don't know about MD5 unique identifier.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.6.2383 (build: 19.6.4546.508)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35857
Re: MCShield (MCS)
« Reply #27 on: April 04, 2019, 09:04:56 PM »
Quote
I have done that before, but don't know about MD5 unique identifier.
you can search MD5 / SHA-1 / SHA-256



Quote
3: MD5 is in my screenshot under F:\System Volume Information\WPSettings.dat
                                                                   (MD5:586717e89d779e4e7c678257dfcec986)
https://www.virustotal.com/#/search/586717e89d779e4e7c678257dfcec986

Not scanned before so no result




« Last Edit: April 04, 2019, 09:08:46 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3157
  • There's a kind of hope for me!
Re: MCShield (MCS)
« Reply #28 on: April 04, 2019, 09:26:10 PM »
@ =Snake=
3:  the MD5 is a unique identifier for the file.  Even if the name was changed but nothing else, the MD5 would be the same. 

It may be possible to do a search on virustotal for that MD5 to see if it has been scanned before and what the results were.  I know it is possible to do a search on VT for a files SHA-256 unique identifier, I have done that before, but don't know about MD5 unique identifier.
Thanks for your declarations. I never used VT before.
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.7.0[NS,ABP,MBBE], TB 60.6.1, MCS, CC 5.57, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |

Offline =Snake=

  • ..... minden elfelejtettem.
  • Massive Poster
  • ****
  • Posts: 3157
  • There's a kind of hope for me!
Re: MCShield (MCS)
« Reply #29 on: April 04, 2019, 09:29:21 PM »
Quote
I have done that before, but don't know about MD5 unique identifier.
you can search MD5 / SHA-1 / SHA-256

Quote
3: MD5 is in my screenshot under F:\System Volume Information\WPSettings.dat
                                                                   (MD5:586717e89d779e4e7c678257dfcec986)
https://www.virustotal.com/#/search/586717e89d779e4e7c678257dfcec986

Not scanned before so no result
Thanks, too, for your further declarations and the VT link. Am I right, that it doesn't matter, with which machine I start the VT scan?
Main: AMD LE1620, W7ult SP1 | MS-7091, P4, XP pro SP3 || AMD_Athlon 1800+ (W7ult SP1 + XP pro SP3, FFesr 45.9, TB 45.8, CC 5.11) |
Laptops: Acer Aspire V5-591G, W10 Home[x64] v1809 (Build 17763.437) | HPI_2020M, W8.1 pro[x64] | Amilo Xi2428, W8.1 pro | MD95400, W7ult SP1 | MD97400, XP pro SP3 |
FFesr 60.7.0[NS,ABP,MBBE], TB 60.6.1, MCS, CC 5.57, MBAM, FW (W7+XP): CIS 3.14[FW,D+], AV (W8.1, W7+XP): Avast Free 2015.10.4.2233 |