An AV Question

View previous topic View next topic Go down

An AV Question

Post by arran on 13/5/2010, 10:51

I never use and AV so I haven't tested this.


In general can AV's intercept and block malware from running before the malware executes and runs? Because I have always wondered this.

Edit I'm talking about blacklisted files which AV's have in its data base.


SSJ you used to use Avira did you ever test the speed it intercepts malware from running?
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: An AV Question

Post by ssj100 on 13/5/2010, 11:05

I'm not too sure arran. I really only used Avira on-demand. Black-listing technology on-demand works perfectly with my security setup/approach. I now only use Hitman Pro, as I got sick of updating Avira haha.

I could test it for you though, and see if eg. Avira in real-time flags the virus faster than my SRP when it is executed!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: An AV Question

Post by arran on 13/5/2010, 11:29

Thanks SSj I have always wondered this, Its all about the speed AV's can intercept and block. If Malware can execute and run before your AV intercepts and block then its all over.

Thats if AV's do block Malware from Running? Or don't AV's block execution?

I'm gonna do some testing as well probably starting with Nod32.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: An AV Question

Post by ssj100 on 16/5/2010, 16:24

Tested Avira AntiVir and observed how fast it flagged some zero-day malware on execution.

Basically what I'm noticing is that Avira (and in my experience, all AV software in general) are able to successfully block the malware from executing if it detects it. I think this is simply because the AV real-time scanner analyses the file BEFORE it is allowed to execute. If it detects it as malware, then the file is unable to be executed unless you allow it.

Avira actually flags the file faster than my SRP blocks it simply because of this reason (it scans on READING and writing files).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: An AV Question

Post by Buster_BSA on 22/7/2010, 00:01

arran wrote:In general can AV's intercept and block malware from running before the malware executes and runs?

Sure, through monitor module.

Nowadays all av products have a memory resident module that scans every file that is executed in the system.
avatar
Buster_BSA
Member
Member

Posts : 87
Join date : 2010-07-21

View user profile

Back to top Go down

Re: An AV Question

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum