Jump to content

Stream updates


Recommended Posts

I never see alert from the LiveGrid...

 

Example :

It is red and not alert why ? (ok it is old screenshot but it is for example) :

hxxp://www.wilderssecurity.com/attachments/rogue-jpg.233515/

 

Or a green rogue (lol) : hxxp://www.wilderssecurity.com/attachments/crazy-jpg.233484/

 

For stream update  :

(i try to explain, i am not english), i have a sample not detected.

i send a zip protected at samples eset com.

 

But i must wait the next update for the detection..., with an other antivirus , without a update, he can detect because the server send sample per sample without wait for the update.

 

For example :

 

Dear Arnaud XXX,

Thank you for your submission.
The detection for this threat will be included in our next signature update, expected version: 12315.

Regards,

ESET Malware Response Team

 

 

So there is not real cloud detection or stream update if i must wait the update 12315 for the detection.

Link to post
Share on other sites

I never see alert from the LiveGrid...

 

Example :

It is red and not alert why ? (ok it is old screenshot but it is for example) :

hxxp://www.wilderssecurity.com/attachments/rogue-jpg.233515/

 

Or a green rogue (lol) : hxxp://www.wilderssecurity.com/attachments/crazy-jpg.233484/

 

For stream update  :

(i try to explain, i am not english), i have a sample not detected.

i send a zip protected at samples eset com.

 

But i must wait the next update for the detection..., with an other antivirus , without a update, he can detect because the server send sample per sample without wait for the update.

 

For example :

 

Dear Arnaud XXX,

Thank you for your submission.

The detection for this threat will be included in our next signature update, expected version: 12315.

Regards,

ESET Malware Response Team

 

 

So there is not real cloud detection or stream update if i must wait the update 12315 for the detection.

 

nod32 av v6 is way too old. where did you dig up those images?

Link to post
Share on other sites
  • Administrators

1, You are using ESS v6 beta which is too old. As a beta, it may not be stable enough or suffer from bugs that were fixed in the final version. Please install the latest v9 beta or v8 8.0.319.

2, The file shown in the screen shot is old; it's not supposed to be detected by LiveGrid but by a standard signature. If not detected even with detection of potentially unwanted / unsafe applications enabled, submit it to samples[at]eset.com.

3, LiveGrid provides stream updates for files that are blocked in cloud. You can check if a file is detected upon download as web protection checks files against cloud every time. The other protection modules rely on stream LiveGrid updates.

Link to post
Share on other sites

This is an example I know the pictures are old. But since the first version of LiveGrid from today Eset 9, I have never seen an alert.

Who has seen one really ?

Link to post
Share on other sites

I have seen them during testing. The notification will say "blocked object" or "suspicious object blocked" IIRC - and since it is a "cloud block" it won't have a threat name connected to it yet.

 

You should note that the file reputation (and colors, red, orange and green) you see in the LiveGrid window in the GUI for example is NOT used for live detections.

 

There was a bug which was fixed around 6-12 months ago via a module update where some "bad" files was marked green/known safe, it mostly affected new fresh samples, and these screenshots was taken before this bug was resolved.

 

I posted this last year, maybe it's close to what you have in mind: https://forum.eset.com/topic/51-future-changes-to-eset-smart-security/?p=17761

 

 

@Marcos, to clarify for readers. If I understand right, these so called "stream updates" are delivered during the hourly VSD update checks even if no new VSD is downloaded at that time ? Or are they be pushed out independently of the hourly VSD update check ? Does the RRM (Rapid Response Module) play a role here ?

Link to post
Share on other sites
  • Administrators

@Marcos, to clarify for readers. If I understand right, these so called "stream updates" are delivered during the hourly VSD update checks even if no new VSD is downloaded at that time ? Or are they be pushed out independently of the hourly VSD update check ? Does the RRM (Rapid Response Module) play a role here ?

 

Nope, they are downloaded in shorter intervals as every minute matters when speaking about response to newly emerging threats. RRM has no relation to these stream updates.

Link to post
Share on other sites

I am not really good english

 

Example with video : https://www.youtube.com/watch?v=65vaepaaxcA

Example with picture :

post-7184-0-97316800-1443736379_thumb.png

 

So if i take this update :

hxxp://virusradar.com/en/update/info/12342

12342 Oct-01-2015, 20:10 CEST (UTC/GMT +02:00)

 

At 20:08 CEST time, my eset can detect 98/99% malwares of this update ?

Link to post
Share on other sites

 

@Marcos, to clarify for readers. If I understand right, these so called "stream updates" are delivered during the hourly VSD update checks even if no new VSD is downloaded at that time ? Or are they be pushed out independently of the hourly VSD update check ? Does the RRM (Rapid Response Module) play a role here ?

 

Nope, they are downloaded in shorter intervals as every minute matters when speaking about response to newly emerging threats. RRM has no relation to these stream updates.

 

Right, that's what I thought, but it's good to know for certain and also have a reference when people ask questions :)

 

@aranud, someone else must answer your question cause I don't understand what your screenshot is showing.

The "stream updates" is downloaded to your computer in short intervals as they are pushed out, independently from the VSD updates.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...