Stream updates

[aranud 0]

I never see alert from the LiveGrid...

 

Example :

It is red and not alert why ? (ok it is old screenshot but it is for example) :

hxxp://www.wilderssecurity.com/attachments/rogue-jpg.233515/

 

Or a green rogue (lol) : hxxp://www.wilderssecurity.com/attachments/crazy-jpg.233484/

 

For stream update  :

(i try to explain, i am not english), i have a sample not detected.

i send a zip protected at samples eset com.

 

But i must wait the next update for the detection..., with an other antivirus , without a update, he can detect because the server send sample per sample without wait for the update.

 

For example :

 

Dear Arnaud XXX,

Thank you for your submission.
The detection for this threat will be included in our next signature update, expected version: 12315.

Regards,

ESET Malware Response Team

 

 

So there is not real cloud detection or stream update if i must wait the update 12315 for the detection.

Edited October 1, 2015 by aranud

[shocked 60]

I never see alert from the LiveGrid...

 

Example :

It is red and not alert why ? (ok it is old screenshot but it is for example) :

hxxp://www.wilderssecurity.com/attachments/rogue-jpg.233515/

 

Or a green rogue (lol) : hxxp://www.wilderssecurity.com/attachments/crazy-jpg.233484/

 

For stream update  :

(i try to explain, i am not english), i have a sample not detected.

i send a zip protected at samples eset com.

 

But i must wait the next update for the detection..., with an other antivirus , without a update, he can detect because the server send sample per sample without wait for the update.

 

For example :

 

Dear Arnaud XXX,

Thank you for your submission.

The detection for this threat will be included in our next signature update, expected version: 12315.

Regards,

ESET Malware Response Team

 

 

So there is not real cloud detection or stream update if i must wait the update 12315 for the detection.

 

nod32 av v6 is way too old. where did you dig up those images?

[Marcos 5,074]

1, You are using ESS v6 beta which is too old. As a beta, it may not be stable enough or suffer from bugs that were fixed in the final version. Please install the latest v9 beta or v8 8.0.319.

2, The file shown in the screen shot is old; it's not supposed to be detected by LiveGrid but by a standard signature. If not detected even with detection of potentially unwanted / unsafe applications enabled, submit it to samples[at]eset.com.

3, LiveGrid provides stream updates for files that are blocked in cloud. You can check if a file is detected upon download as web protection checks files against cloud every time. The other protection modules rely on stream LiveGrid updates.

[aranud 0]

This is an example I know the pictures are old. But since the first version of LiveGrid from today Eset 9, I have never seen an alert.

Who has seen one really ?

[SweX 871]

I have seen them during testing. The notification will say "blocked object" or "suspicious object blocked" IIRC - and since it is a "cloud block" it won't have a threat name connected to it yet.

 

You should note that the file reputation (and colors, red, orange and green) you see in the LiveGrid window in the GUI for example is NOT used for live detections.

 

There was a bug which was fixed around 6-12 months ago via a module update where some "bad" files was marked green/known safe, it mostly affected new fresh samples, and these screenshots was taken before this bug was resolved.

 

I posted this last year, maybe it's close to what you have in mind: https://forum.eset.com/topic/51-future-changes-to-eset-smart-security/?p=17761

 

 

@Marcos, to clarify for readers. If I understand right, these so called "stream updates" are delivered during the hourly VSD update checks even if no new VSD is downloaded at that time ? Or are they be pushed out independently of the hourly VSD update check ? Does the RRM (Rapid Response Module) play a role here ?

Edited October 1, 2015 by SweX

[Marcos 5,074]

@Marcos, to clarify for readers. If I understand right, these so called "stream updates" are delivered during the hourly VSD update checks even if no new VSD is downloaded at that time ? Or are they be pushed out independently of the hourly VSD update check ? Does the RRM (Rapid Response Module) play a role here ?

 

Nope, they are downloaded in shorter intervals as every minute matters when speaking about response to newly emerging threats. RRM has no relation to these stream updates.

[aranud 0]

I am not really good english

 

Example with video : https://www.youtube.com/watch?v=65vaepaaxcA

Example with picture :

 

So if i take this update :

hxxp://virusradar.com/en/update/info/12342

12342 Oct-01-2015, 20:10 CEST (UTC/GMT +02:00)

 

At 20:08 CEST time, my eset can detect 98/99% malwares of this update ?

Edited October 1, 2015 by aranud

[SweX 871]

 

@Marcos, to clarify for readers. If I understand right, these so called "stream updates" are delivered during the hourly VSD update checks even if no new VSD is downloaded at that time ? Or are they be pushed out independently of the hourly VSD update check ? Does the RRM (Rapid Response Module) play a role here ?

 

Nope, they are downloaded in shorter intervals as every minute matters when speaking about response to newly emerging threats. RRM has no relation to these stream updates.

 

Right, that's what I thought, but it's good to know for certain and also have a reference when people ask questions

 

@aranud, someone else must answer your question cause I don't understand what your screenshot is showing.

The "stream updates" is downloaded to your computer in short intervals as they are pushed out, independently from the VSD updates.