Author Topic: Databases in the UAV are behind the same databases in VirusTotal.  (Read 243 times)

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 14
  • Kudos +1/-0
Title says most of what I have to say. What's up with that? How often to the databases in the UAV get updated?

I've noticed that a new model version of APEX usually comes out once every couple of days sometimes as much as once a day.

I guess it doesn't matter much to a whitelisting AV because that's the whole point. It doesn't need prior knowledge of a threat and now that APEX exists it's even less of an issue. But it would be helpful if the databases in the cloud were updated more often. once every hour would be the ideal. but once every 6 to 8 hours would also be more acceptable.

I get that it would be more pressure on the servers, but what's the point of having all these databases if you're not going to keep them up to date?
« Last Edit: March 07, 2020, 08:30:30 AM by GrDukeMalden »
VoodooShield(Paid)|
SecureAPlus(Paid,Pro)|
ComodoFW(free)|
HitmanPro.Alert!(Paid)|
I fiddle with whitelisting software.

Offline Clem

  • Newbie
  • *
  • Posts: 4
  • Kudos +0/-0
Re: Databases in the UAV are behind the same databases in VirusTotal.
« Reply #1 on: March 10, 2020, 11:11:04 AM »
This should be a non-issue in the near future when we no longer show specific engines in our SAP client.

Thanks for your valuable feedback! As you rightfully point out, Application Whitelisting is the core of SecureAPlus and serves as a catch-all first line of defense. Furthermore, our AI-trained APEX does not require such frequent updates to maintain strong detection rates against malware across the board. With the combination of these two components, rest assured that SecureAPlus delivers reliable protection – consequently, we are looking to scale back the UAV in the near future.

Regarding the virus signatures database – the UAV database is updated daily.
However, our results may differ from VirusTotal as we may use a different product version.
Can I check with you what is the AVs you noticed are behind VirusTotal database?

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 14
  • Kudos +1/-0
Re: Databases in the UAV are behind the same databases in VirusTotal.
« Reply #2 on: March 26, 2020, 11:24:25 AM »
This should be a non-issue in the near future when we no longer show specific engines in our SAP client.

Thanks for your valuable feedback! As you rightfully point out, Application Whitelisting is the core of SecureAPlus and serves as a catch-all first line of defense. Furthermore, our AI-trained APEX does not require such frequent updates to maintain strong detection rates against malware across the board. With the combination of these two components, rest assured that SecureAPlus delivers reliable protection – consequently, we are looking to scale back the UAV in the near future.

Regarding the virus signatures database – the UAV database is updated daily.
However, our results may differ from VirusTotal as we may use a different product version.
Can I check with you what is the AVs you noticed are behind VirusTotal database?
Sorry it took so long for me to get back to you. It really just depends on when the signatures for certain threats came out at each antivirus vendor's headquarters I suppose.

Also, please don't get rid of those databases. It serves as another layer of protection and a thing that the user can look at and say "oh...so this is malware" and know with certainty that the thing they're being alerted about is a threat. I understand that renting these databases costs money and updating them more often would be more stress on the servers and your datacenter's bandwidth, but having all of those databases is what makes SecureAPlus out perform comodo when it comes to positive detections.
« Last Edit: May 26, 2020, 10:12:42 AM by GrDukeMalden »
VoodooShield(Paid)|
SecureAPlus(Paid,Pro)|
ComodoFW(free)|
HitmanPro.Alert!(Paid)|
I fiddle with whitelisting software.

Offline k1t4

  • Newbie
  • *
  • Posts: 2
  • Kudos +0/-0
Re: Databases in the UAV are behind the same databases in VirusTotal.
« Reply #3 on: April 20, 2020, 05:54:58 PM »
Hi,
this post was what i was looking for...
so if i understand correctly (and hope staff will reply on it!)  UV databases are 1 day aprox behind AV headquarters databases (correct me if i wrong).
In my opinion 1-2 days can be an acceptable delay with the "original" databases, cause in  typical normal user scenario is rly difficult to be infected with zero day malware (and others security layers of SAP can block eventually). More delay (1 week?) in other hand can be a security problem, and if so i highly suggest u to think about to just use apex and point all to it. Reading other security forums (malwaretips,etc) i found this argument a grey zone, and clarify about it can help to improve the popularity of software, and eventually find weakness that can be mitigate.
Regards
« Last Edit: April 20, 2020, 07:08:33 PM by chrimi88 »

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 14
  • Kudos +1/-0
Hi,
this post was what i was looking for...
so if i understand correctly (and hope staff will reply on it!)  UV databases are 1 day aprox behind AV headquarters databases (correct me if i wrong).
In my opinion 1-2 days can be an acceptable delay with the "original" databases, cause in  typical normal user scenario is rly difficult to be infected with zero day malware (and others security layers of SAP can block eventually). More delay (1 week?) in other hand can be a security problem, and if so i highly suggest u to think about to just use apex and point all to it. Reading other security forums (malwaretips,etc) i found this argument a grey zone, and clarify about it can help to improve the popularity of software, and eventually find weakness that can be mitigate.
Regards

They seem to have taken my suggestions to heart. I've seen the other databases pop up in "threat detected" prompts more often during testing
« Last Edit: May 27, 2020, 08:36:44 AM by GrDukeMalden »
VoodooShield(Paid)|
SecureAPlus(Paid,Pro)|
ComodoFW(free)|
HitmanPro.Alert!(Paid)|
I fiddle with whitelisting software.