Forum Support > Software Problems and Questions
Univeral AV not always catching files when they are already detected on virustot
(1/1)
jlo31:
Hi,
Firstly I wanted to say thank you for what seems a great, effective product.
My question is though when testing it with some live malware sometimes the universal AV does not detect the file when virustotal scanners (inc Sophos, bitdefender and eset etc) do detect the file. So why is it since universal AV scanner uses these same engines are they not detected? Here is an example of a file not detected https://www.virustotal.com/en/file/8588df376e110cc493c03db784c750c2210d7f83c8afe08fff96659c37f2a6b9/analysis/
The file is always blocked for not being on the whitelist and it tells me how many detections from VirusTotal so file is still blocked but just wondered why Universal AV does not always kick in....It does on some files but not with others.
Is there a delay adding the defs to your scanner or does it work differently.
Thanks
James
hendy:
--- Quote from: jlo31 on April 06, 2015, 08:01:14 AM ---Hi,
Firstly I wanted to say thank you for what seems a great, effective product.
My question is though when testing it with some live malware sometimes the universal AV does not detect the file when virustotal scanners (inc Sophos, bitdefender and eset etc) do detect the file. So why is it since universal AV scanner uses these same engines are they not detected? Here is an example of a file not detected https://www.virustotal.com/en/file/8588df376e110cc493c03db784c750c2210d7f83c8afe08fff96659c37f2a6b9/analysis/
The file is always blocked for not being on the whitelist and it tells me how many detections from VirusTotal so file is still blocked but just wondered why Universal AV does not always kick in....It does on some files but not with others.
Is there a delay adding the defs to your scanner or does it work differently.
Thanks
James
--- End quote ---
When application whitelisting prompted you, first it will check against our database at the server, if we don't have the sample file yet, then VirusTotal will be used.
The uploading and scanning of a new sample file is not immediate.
jlo31:
Ok thanks for the reply.
Is there anything I can do to get the samples to you or do they automatically upload to you when I scan a new unknown file and get the virus total prompt?
hendy:
--- Quote from: jlo31 on April 10, 2015, 06:33:42 PM ---Ok thanks for the reply.
Is there anything I can do to get the samples to you or do they automatically upload to you when I scan a new unknown file and get the virus total prompt?
--- End quote ---
Currently the server will request the sample from the client machine if it does not have the same file yet, but this is not immediate.
In the future, we may implement a feature that allow user to decide to upload the file if they want to.
jlo31:
Ok great. Thanks for the reply.
Navigation
[0] Message Index
Go to full version