Author Topic: MCShield (MCS)  (Read 45223 times)

0 Members and 1 Guest are viewing this topic.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: MCShield (MCS)
« Reply #15 on: February 03, 2017, 03:02:46 AM »
Thanks Magna.  Your opinion counts far more than mine ever could.
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: MCShield (MCS)
« Reply #16 on: February 03, 2017, 02:39:36 PM »
Thanks Magna.
My comments were in the way of asking MCShield effectiveness if it is used side-by-side with Avast on the cloud.
We do support layered defense, just that, from time to time, we must rethink or move on from a particular layer due to technology changes.
The best things in life are free.

Offline =Snake=

  • Still using Avast Free!
  • Maybe Bot
  • ***
  • Posts: 17412
Re: MCShield (MCS)
« Reply #17 on: April 02, 2019, 07:51:34 PM »
Hi,

I'm using MCS since years on all of my machines. Some days ago, after I've put one of my USB sticks into a slot of one of my W8 machines, MCS scanned that stick and detected s.th. malicious and deleted it.
After i had a look at the log (see screenshot [excuse for German]), I didn't know nothing for I couldn't find a name of the data, which was deleted.
As I didn't get any answer in the German board, Asyn lead me to this thread and I hope, there comes an answer, which includes reason and name of the deleted data.

=Snake=
Desktops: AMD LE1620, W7 ult SP1 [x86] | IP-4, XP pro SP3[x86] | Intel Celeron, W7 ult SP1 [x86] | AMD-Athlon 1800+, XP pro SP3, [x86] in WL |
Laptops:   HP G72 , W10 Home [x64]  v22H2 (Build 19045.2728) | Acer Aspire ES1-131, W10 Home [x64] v1511 (Build 10586.1106)|
Firefox ESR [AOS,NS,uBO,uMatrix],Thunderbird,MCShield,CCleaner,Defraggler,MBAM Free,MBAE, Avast Free Antivirus|

Offline Pako7

  • Poster
  • *
  • Posts: 427
  • 18 years with Avast and i still recommend it
Re: MCShield (MCS)
« Reply #18 on: April 03, 2019, 07:29:50 PM »
Iv been using MC Shield for a year now ..but my friends been on my case because they say its been abandoned though i love it soo much ..

they have been comparing it with Smadav ...mind if you guys can tell me which one is better
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: MCShield (MCS)
« Reply #19 on: April 03, 2019, 07:46:25 PM »
Iv been using MC Shield for a year now ..but my friends been on my case because they say its been abandoned though i love it soo much ..

they have been comparing it with Smadav ...mind if you guys can tell me which one is better
According to the Smadav website, it is a antivirus that use signature detection


MCShield is not a antivirus, it is a special tool that only target those malwaretypes that try to jump disk when you plug in a USB storage device.

It does this by behaviour and dont need signatures, there is a limited amount of tricks they can use to jump and all are known.
The few signatures MCShield containe are there to avoid false positives

Those malwaretypes that MCShield dont target will be targeted by your installed antivirus



Offline Pako7

  • Poster
  • *
  • Posts: 427
  • 18 years with Avast and i still recommend it
Re: MCShield (MCS)
« Reply #20 on: April 03, 2019, 08:04:46 PM »
Ouch they really dont now because they seem to be using it hand in hand with Avast since they thought it only scans usb ...

on its dashboard it states that is an usb scanner ,,..unless its been updated anyway il warn them tomorrow
WinXP ProSP3/ Core2Duo E8300/ 16GB Ram/ avast! Premire 20.3.2405 (Build 20.3.5200.561) / Chromium Edge Version 81.0.416.72 (Official build) (64-bit), Avast Cleanup ,avast! mobile security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: MCShield (MCS)
« Reply #21 on: April 03, 2019, 11:25:50 PM »
I am still happy with VoodooShield on my comp.
Detected quite a few things/issues, that would have slipped by from my attention,
running silently in the background,
and that I now willingly had to run or block.

Works like a sort of second op when installing things..
Quite came to like that little devil of a blue shield tool sitting
there in the right hand corner of the desktop screen just over the time and date,

Anyone, using this too?

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7170
  • When you think you know, Think Again
Re: MCShield (MCS)
« Reply #22 on: April 04, 2019, 12:18:46 AM »
I am still happy with VoodooShield on my comp.
Detected quite a few things/issues, that would have slipped by from my attention,
running silently in the background,
and that I now willingly had to run or block.

Works like a sort of second op when installing things..
Quite came to like that little devil of a blue shield tool sitting
there in the right hand corner of the desktop screen just over the time and date,

Anyone, using this too?

pol

Been using it a loooong time. Follow the forum. https://calendarofupdates.org/index.php?board=21.0
Dan (dev) is working on releasing version 5 beta, don't know when :)

Offline =Snake=

  • Still using Avast Free!
  • Maybe Bot
  • ***
  • Posts: 17412
Re: MCShield (MCS)
« Reply #23 on: April 04, 2019, 10:59:49 AM »
Hi,

I'm using MCS since years on all of my machines. Some days ago, after I've put one of my USB sticks into a slot of one of my W8 machines, MCS scanned that stick and detected s.th. malicious and deleted it.
After i had a look at the log (see screenshot [excuse for German]), I didn't know nothing for I couldn't find a name of the data, which was deleted.
As I didn't get any answer in the German board, Asyn lead me to this thread and I hope, there comes an answer, which includes reason and name of the deleted data.

=Snake=
Excuse my not mentioning, that I was really sure, that the USB stick was empty. But now I feel insecure and want to know, what MCS was working on.
Desktops: AMD LE1620, W7 ult SP1 [x86] | IP-4, XP pro SP3[x86] | Intel Celeron, W7 ult SP1 [x86] | AMD-Athlon 1800+, XP pro SP3, [x86] in WL |
Laptops:   HP G72 , W10 Home [x64]  v22H2 (Build 19045.2728) | Acer Aspire ES1-131, W10 Home [x64] v1511 (Build 10586.1106)|
Firefox ESR [AOS,NS,uBO,uMatrix],Thunderbird,MCShield,CCleaner,Defraggler,MBAM Free,MBAE, Avast Free Antivirus|

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: MCShield (MCS)
« Reply #24 on: April 04, 2019, 04:11:04 PM »
Quote
MCS scanned that stick and detected s.th. malicious and deleted it.
I dont see that name in the log/screenshot you posted ?

If quarantined you can restore and upload to virustotal and check
MCShield usually give MD5 on the file it detect, if you have that you can search it on VT to see if it has been scanned there before and referesh the scan result

If deleted then it is gone




Offline =Snake=

  • Still using Avast Free!
  • Maybe Bot
  • ***
  • Posts: 17412
Re: MCShield (MCS)
« Reply #25 on: April 04, 2019, 06:13:08 PM »
Quote
MCS scanned that stick and detected s.th. malicious and deleted it.
1. I dont see that name in the log/screenshot you posted ?
2. If quarantined you can restore and upload to virustotal and check
3. MCShield usually give MD5 on the file it detect, if you have that you can search it on VT to see if it has 
    been scanned there before and referesh the scan result
4. If deleted then it is gone
1: I didn't see any either and that made me nervous.
2: Nothing quarantined.
3: MD5 is in my screenshot under F:\System Volume Information\WPSettings.dat
                                                                     (MD5: 586717e89d779e4e7c678257dfcec986)
    But it means nothing to me.
4: Detected and deleted right away. 1 malicious file!
Desktops: AMD LE1620, W7 ult SP1 [x86] | IP-4, XP pro SP3[x86] | Intel Celeron, W7 ult SP1 [x86] | AMD-Athlon 1800+, XP pro SP3, [x86] in WL |
Laptops:   HP G72 , W10 Home [x64]  v22H2 (Build 19045.2728) | Acer Aspire ES1-131, W10 Home [x64] v1511 (Build 10586.1106)|
Firefox ESR [AOS,NS,uBO,uMatrix],Thunderbird,MCShield,CCleaner,Defraggler,MBAM Free,MBAE, Avast Free Antivirus|

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: MCShield (MCS)
« Reply #26 on: April 04, 2019, 08:53:25 PM »
@ =Snake=
3:  the MD5 is a unique identifier for the file.  Even if the name was changed but nothing else, the MD5 would be the same. 

It may be possible to do a search on virustotal for that MD5 to see if it has been scanned before and what the results were.  I know it is possible to do a search on VT for a files SHA-256 unique identifier, I have done that before, but don't know about MD5 unique identifier.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: MCShield (MCS)
« Reply #27 on: April 04, 2019, 09:04:56 PM »
Quote
I have done that before, but don't know about MD5 unique identifier.
you can search MD5 / SHA-1 / SHA-256



Quote
3: MD5 is in my screenshot under F:\System Volume Information\WPSettings.dat
                                                                   (MD5:586717e89d779e4e7c678257dfcec986)
https://www.virustotal.com/#/search/586717e89d779e4e7c678257dfcec986

Not scanned before so no result




« Last Edit: April 04, 2019, 09:08:46 PM by Pondus »

Offline =Snake=

  • Still using Avast Free!
  • Maybe Bot
  • ***
  • Posts: 17412
Re: MCShield (MCS)
« Reply #28 on: April 04, 2019, 09:26:10 PM »
@ =Snake=
3:  the MD5 is a unique identifier for the file.  Even if the name was changed but nothing else, the MD5 would be the same. 

It may be possible to do a search on virustotal for that MD5 to see if it has been scanned before and what the results were.  I know it is possible to do a search on VT for a files SHA-256 unique identifier, I have done that before, but don't know about MD5 unique identifier.
Thanks for your declarations. I never used VT before.
Desktops: AMD LE1620, W7 ult SP1 [x86] | IP-4, XP pro SP3[x86] | Intel Celeron, W7 ult SP1 [x86] | AMD-Athlon 1800+, XP pro SP3, [x86] in WL |
Laptops:   HP G72 , W10 Home [x64]  v22H2 (Build 19045.2728) | Acer Aspire ES1-131, W10 Home [x64] v1511 (Build 10586.1106)|
Firefox ESR [AOS,NS,uBO,uMatrix],Thunderbird,MCShield,CCleaner,Defraggler,MBAM Free,MBAE, Avast Free Antivirus|

Offline =Snake=

  • Still using Avast Free!
  • Maybe Bot
  • ***
  • Posts: 17412
Re: MCShield (MCS)
« Reply #29 on: April 04, 2019, 09:29:21 PM »
Quote
I have done that before, but don't know about MD5 unique identifier.
you can search MD5 / SHA-1 / SHA-256

Quote
3: MD5 is in my screenshot under F:\System Volume Information\WPSettings.dat
                                                                   (MD5:586717e89d779e4e7c678257dfcec986)
https://www.virustotal.com/#/search/586717e89d779e4e7c678257dfcec986

Not scanned before so no result
Thanks, too, for your further declarations and the VT link. Am I right, that it doesn't matter, with which machine I start the VT scan?
Desktops: AMD LE1620, W7 ult SP1 [x86] | IP-4, XP pro SP3[x86] | Intel Celeron, W7 ult SP1 [x86] | AMD-Athlon 1800+, XP pro SP3, [x86] in WL |
Laptops:   HP G72 , W10 Home [x64]  v22H2 (Build 19045.2728) | Acer Aspire ES1-131, W10 Home [x64] v1511 (Build 10586.1106)|
Firefox ESR [AOS,NS,uBO,uMatrix],Thunderbird,MCShield,CCleaner,Defraggler,MBAM Free,MBAE, Avast Free Antivirus|