Author Topic: Univeral AV not always catching files when they are already detected on virustot  (Read 28054 times)

Offline jlo31

  • Newbie
  • *
  • Posts: 3
  • Kudos +0/-0
Hi,

Firstly I wanted to say thank you for what seems a great, effective product.

My question is though when testing it with some live malware sometimes the universal AV does not detect the file when virustotal scanners (inc Sophos, bitdefender and eset etc) do detect the file. So why is it since universal AV scanner uses these same engines are they not detected? Here is an example of a file not detected https://www.virustotal.com/en/file/8588df376e110cc493c03db784c750c2210d7f83c8afe08fff96659c37f2a6b9/analysis/

The file is always blocked for not being on the whitelist and it tells me how many detections from VirusTotal so file is still blocked but just wondered why Universal AV does not always kick in....It does on some files but not with others.

Is there a delay adding the defs to your scanner or does it work differently.


Thanks

James

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 351
  • Kudos +16/-0
Hi,

Firstly I wanted to say thank you for what seems a great, effective product.

My question is though when testing it with some live malware sometimes the universal AV does not detect the file when virustotal scanners (inc Sophos, bitdefender and eset etc) do detect the file. So why is it since universal AV scanner uses these same engines are they not detected? Here is an example of a file not detected https://www.virustotal.com/en/file/8588df376e110cc493c03db784c750c2210d7f83c8afe08fff96659c37f2a6b9/analysis/

The file is always blocked for not being on the whitelist and it tells me how many detections from VirusTotal so file is still blocked but just wondered why Universal AV does not always kick in....It does on some files but not with others.

Is there a delay adding the defs to your scanner or does it work differently.


Thanks

James
When application whitelisting prompted you, first it will check against our database at the server, if we don't have the sample file yet, then VirusTotal will be used.
The uploading and scanning of a new sample file is not immediate.

Offline jlo31

  • Newbie
  • *
  • Posts: 3
  • Kudos +0/-0
Ok thanks for the reply.

Is there anything I can do to get the samples to you or do they automatically upload to you when I scan a new unknown file and get the virus total prompt?

Offline hendy

  • SecureAPlus Developer
  • Sr. Member
  • *****
  • Posts: 351
  • Kudos +16/-0
Ok thanks for the reply.

Is there anything I can do to get the samples to you or do they automatically upload to you when I scan a new unknown file and get the virus total prompt?
Currently the server will request the sample from the client machine if it does not have the same file yet, but this is not immediate.
In the future, we may implement a feature that allow user to decide to upload the file if they want to.

Offline jlo31

  • Newbie
  • *
  • Posts: 3
  • Kudos +0/-0
Ok great. Thanks for the reply.