Jump to content

will livegrid work with delayed updates?


tbsky

Recommended Posts

Hi:

    I use delayed update for maximum stability. but start from last week we are attacked by some kind of phishing mails. it includes a word doc virus about invoice, and that doc file changed every day. nod32 normally detect it after one day. livegrid doesn't detect it. upload the file to "virustotal" for scan, their nod32 engine also  can not  detect it (but will detect it tomorrow). I wonder  if the "delayed update" can co-work with  livegrid?

Link to comment
Share on other sites

  • Administrators

Yes but it won't help in case of malicious documents. There's not much sense in using delayed updates. ESET is known for having least false positives and the risk of getting infected by new malware is much bigger that the chance of encountering a serious FP with regular updates.

For bigger clients we also offer an additional service ESET Dynamic Threat Defense which analyzes suspicious files in a cloud sandbox environment, provides the result back to the client and shares the result with other machines in the organization. For instance, EDTD enables ESET Mail Security on MS Exchange server to hold emails with suspicious attachments for a while until the attachment is evaluated by EDTD and then the appropriate action is taken on the attachment or email.

Link to comment
Share on other sites

18 hours ago, Marcos said:

Yes but it won't help in case of malicious documents. There's not much sense in using delayed updates. ESET is known for having least false positives and the risk of getting infected by new malware is much bigger that the chance of encountering a serious FP with regular updates.

For bigger clients we also offer an additional service ESET Dynamic Threat Defense which analyzes suspicious files in a cloud sandbox environment, provides the result back to the client and shares the result with other machines in the organization. For instance, EDTD enables ESET Mail Security on MS Exchange server to hold emails with suspicious attachments for a while until the attachment is evaluated by EDTD and then the appropriate action is taken on the attachment or email.

indeed ESET have very few false positives. that's what I love most. you can prevent new malware by good human behavior, but you can not prevent the damage from false positive. in fact I had zero false positive since I use  delayed update. I am very satisfied with the setting. 

In my current case I don't think regular update will help. since both livegrid and virustotal  won't detect it. only Macfee and sometime Microsoft can detect the virus at the beginning. Microsoft is know to have high FP, I don't know about Macfee. but it detect the virus every time from virustotal engine.

you said  "it won't help in case of malicious documents". do you mean livegrid didn't detect document, only local virus signature will do the work?

PS: as usual, virus from yesterday is detected by nod32 now. but today we still get new viruses, and they will be detected tomorrow. I don't know when will this stopped...

 

 

 

Edited by tbsky
Link to comment
Share on other sites

  • Administrators
12 minutes ago, tbsky said:

you said  "it won't help in case of malicious documents". do you mean livegrid didn't detect document, only local virus signature will do the work?

Correct.

Quote

PS: as usual, virus from yesterday is detected by nod32 now. but today we still get new viruses, and they will be detected tomorrow.

You cannot have delayed updates and the same detection capabilities as with current modules at the same time. By using delayed updates you trade off detection of current malware for increased protection from FPs.

 

Quote

I don't know when will this stopped...

It's not possible to stop receiving new malware by email. You'd need to change your email address and use it only in communication with persons who will never get infected.

Link to comment
Share on other sites

18 minutes ago, Marcos said:

It's not possible to stop receiving new malware by email. You'd need to change your email address and use it only in communication with persons who will never get infected.

I don't know if you have heard about the virus of my case. one of our business partner was infected by some kind of malware. all the outlook email content and contacts are stolen.  someone use the email content and contact address to attach the virus. they only send to specific email address in the contact, so the general email RBL won't block the infected mail server ip address soon.

and they change the virus file every day. very annoying.

 

 

 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...