Jump to content
tbsky

will livegrid work with delayed updates?

Recommended Posts

Hi:

    I use delayed update for maximum stability. but start from last week we are attacked by some kind of phishing mails. it includes a word doc virus about invoice, and that doc file changed every day. nod32 normally detect it after one day. livegrid doesn't detect it. upload the file to "virustotal" for scan, their nod32 engine also  can not  detect it (but will detect it tomorrow). I wonder  if the "delayed update" can co-work with  livegrid?

Share this post


Link to post
Share on other sites

Yes but it won't help in case of malicious documents. There's not much sense in using delayed updates. ESET is known for having least false positives and the risk of getting infected by new malware is much bigger that the chance of encountering a serious FP with regular updates.

For bigger clients we also offer an additional service ESET Dynamic Threat Defense which analyzes suspicious files in a cloud sandbox environment, provides the result back to the client and shares the result with other machines in the organization. For instance, EDTD enables ESET Mail Security on MS Exchange server to hold emails with suspicious attachments for a while until the attachment is evaluated by EDTD and then the appropriate action is taken on the attachment or email.

Share this post


Link to post
Share on other sites
18 hours ago, Marcos said:

Yes but it won't help in case of malicious documents. There's not much sense in using delayed updates. ESET is known for having least false positives and the risk of getting infected by new malware is much bigger that the chance of encountering a serious FP with regular updates.

For bigger clients we also offer an additional service ESET Dynamic Threat Defense which analyzes suspicious files in a cloud sandbox environment, provides the result back to the client and shares the result with other machines in the organization. For instance, EDTD enables ESET Mail Security on MS Exchange server to hold emails with suspicious attachments for a while until the attachment is evaluated by EDTD and then the appropriate action is taken on the attachment or email.

indeed ESET have very few false positives. that's what I love most. you can prevent new malware by good human behavior, but you can not prevent the damage from false positive. in fact I had zero false positive since I use  delayed update. I am very satisfied with the setting. 

In my current case I don't think regular update will help. since both livegrid and virustotal  won't detect it. only Macfee and sometime Microsoft can detect the virus at the beginning. Microsoft is know to have high FP, I don't know about Macfee. but it detect the virus every time from virustotal engine.

you said  "it won't help in case of malicious documents". do you mean livegrid didn't detect document, only local virus signature will do the work?

PS: as usual, virus from yesterday is detected by nod32 now. but today we still get new viruses, and they will be detected tomorrow. I don't know when will this stopped...

 

 

 

Edited by tbsky

Share this post


Link to post
Share on other sites
12 minutes ago, tbsky said:

you said  "it won't help in case of malicious documents". do you mean livegrid didn't detect document, only local virus signature will do the work?

Correct.

Quote

PS: as usual, virus from yesterday is detected by nod32 now. but today we still get new viruses, and they will be detected tomorrow.

You cannot have delayed updates and the same detection capabilities as with current modules at the same time. By using delayed updates you trade off detection of current malware for increased protection from FPs.

 

Quote

I don't know when will this stopped...

It's not possible to stop receiving new malware by email. You'd need to change your email address and use it only in communication with persons who will never get infected.

Share this post


Link to post
Share on other sites
18 minutes ago, Marcos said:

It's not possible to stop receiving new malware by email. You'd need to change your email address and use it only in communication with persons who will never get infected.

I don't know if you have heard about the virus of my case. one of our business partner was infected by some kind of malware. all the outlook email content and contacts are stolen.  someone use the email content and contact address to attach the virus. they only send to specific email address in the contact, so the general email RBL won't block the infected mail server ip address soon.

and they change the virus file every day. very annoying.

 

 

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...