Outpost Security Suite PRO AV?

[dadkins]

The AV/AM/??? part of this new Security Suite needs user adjustable settings - BAD!

Also, the AV/AM/??? part needs to scan items *AS* they are being downloaded.

Eicar is not even noticed until I actually click on the saved file? *NOT* good!

Avast will not allow the file to be downloaded! Killed in it's tracks!
This lets the download complete and still does nothing!

Let me know when y'all give it some serious steroids!

Thanks anyways!

[Manny Carvalho]

As long as you have real time monitoring turned on the EICAR test virus will be detected when its downloaded. It least it does so for me.

Having two AV programs in real time mode is not recommended since they may interfere or crash your system. Make sure the AM plugin is monitoring real time, turn off Avast and try again please.

[dadkins]

I had everything turned on, nothing happened when I downloaded the file.
As soon as I clicked on it, Outpost noticed it.
If I right clicked the folder and scanned, Outpost noticed it.

Avast was uninstalled and the awsclear was ran prior to installing OSSP.
No other AV was installed when I was running OSSP.
It did not detect the file as it was downloaded.

*IF* I Open the file instead of Save it Outpost would see it.
I don't usually Open files when downloading.

Avast doesn't allow malware to be even downloaded. as soon as I click on something "bad", avast kills the connection.

Thanks anyways!
David

[jaaa]

I was very surprised when saw that OP cant scan ports (network scanning) with antimalware plugin...
My question goes to Outpost developers ... When? or/and does will be?
Also goes to "real-time" (on access) , archives "2nd... level" scanning ...

I think that Agnitum going in wrong direction...

Heuristic developing for instance can be step in right direction and also (opinion) can be done within yet established technology Agnitum already using in OPv.4 (correct me if I am wrong).

BTW. I cant pass PCFlank leaktest , can someone confirm?

[minoka]

I passed all scans...PCFlank has never given the same results as ALL other scans have. Try another, please.

[jaaa]

Quote:

Originally Posted by minoka

I passed all scans...PCFlank has never given the same results as ALL other scans have. Try another, please.

Ms. minoka,
PCFlank leak test , not port scanner.

[minoka]

Sorry...reading too fast (:

[jaaa]

Quote:

Originally Posted by minoka

Sorry...reading too fast (:

Ms. minoka ,
please , could you try to test Outposts "OLE automation blocking" with that test (above)?

[dadkins]

Quote:

Originally Posted by Manny Carvalho

As long as you have real time monitoring turned on the EICAR test virus will be detected when its downloaded. It least it does so for me.

Having two AV programs in real time mode is not recommended since they may interfere or crash your system. Make sure the AM plugin is monitoring real time, turn off Avast and try again please.

Uhm no it won't!

From an email I just recieved:

"Thank you for e-mail.

This is by design. Outpost Security Suite Pro allows to copy malicious
files but does not allow to run them."

This negates me from ever using this!

Ok, I have to ask, why does it allow copying of malicious files?

I certainly HOPE that it doesn'y allow them to run, but allowing xxxxx even onto the system is not a very good idea, IMHO.

Thanks anyways!
David

[FadeToBlack]

Because the malicious files are harmless if they are not executed. Scanning on execution is a very good idea because otherwise it will scan files without any reason.

[dadkins]

Quote:

Originally Posted by FadeToBlack

Because the malicious files are harmless if they are not executed. Scanning on execution is a very good idea because otherwise it will scan files without any reason.

Like, what a good AV does?

KAV, NOD32, avast, Trend Micro... they all scan files *AS* they are downloading and will "stop" anything bad from getting on *our* machines.
Pretty sure, if you were able to get past the scanning, that they wouls ALSO prevent ??? from running.

It is better to just not allow things on the machine.

Question... say I decide to run a online scan, Housecall perhaps.
Housecall *WILL* see the "baddies" and delete them for me.
OSSP won't do nothing?

Panda would have a fit!
BitDefender wouldn't like it one bit, would it?

Ok, how come if *we* scan the folder with - eicar in it, OSSP does detect it and remove it?
If it is harmless as you say, why not just leave it alone?

You see, the manual scan does see it as a threat, right?

So, why not have it scanned before it even gets on the machine?

[Paranoid2000]

Quote:

Originally Posted by dadkins

So, why not have it scanned before it even gets on the machine?

Because doing this requires an AV to check every file whenever it is written to or read from. If Outpost's AM plugin did this, it would require users to discard any other AV they were using since otherwise they would spend all their time scanning each other - you open file, AV starts check (accessing its files), AM checks AV's files (accessing its own in turn), AV checks AM's files, AM starts check of original file, AV checks AM's files (again), AM checks AV's files (again). This assumes that AV/AM hooks and routines do not conflict to the extent of causing more serious system issues (e.g. a BSOD).

Malware can do zilch until it is run - having it detected on download or execution makes no difference for security purposes. Scanning network traffic for malware is also of questionable use since this can be bypassed by encrypting traffic (e.g. https webpages).

[dadkins]

So, I should also have my own AV running?

Didn't someone in this very thread say that was a bad idea?
Isn't the whole idea of OSSP that it is one complete Suite?

After months of hard work, Agnitum releases a public beta of its first-ever comprehensive security product to protect home and small office users against the entire range of modern threats. With Outpost Security Suite Pro, you'll enjoy:

Safe Internet presence behind the best-of-breed personal firewall
Integrity of your personal data by having the Host Protection module preemptively block unauthorized program activity
360-degree protection against all forms of malware
Protection that is immune to unauthorized termination
Personalized, easily adoptable anti-spam for Outlook and Outlook Express users
Easy installation and auto-configuration for novice users

__________________________________________________ ______________

To ALL, humor me here...

Create a folder on your desktop and name it "Test".
Click this: http://www.eicar.org/download/eicar.com

... and save it to that Test folder. Nothing happens.

Ok, now... right click that same folder and scan it with OSSP. What happens now? Something "bad" is detected, right?

So, if that file is harmless if it doesn't get ran, why does OSSP *NOW* see it and quarrantine it?

Why not just keep it off the machine(like what an AV is supposed to do).

Y'all aren't making any sense here...
Not bad if it doesn't run, but if actually scanned with OSSP it *IS* bad?

Pick one! Can't be both!

See what I mean?

[Paranoid2000]

Quote:

Originally Posted by dadkins

So, I should also have my own AV running?

Without published results from a major AV review site (e.g. AV Comparatives) about the effectiveness of a new scanner, it is not possible to tell how effective it is. It is unlikely though that any new AV product is going to be as effective at detecting malware as the current market leaders, so I would certainly not advise anyone to ditch their AV.

Quote:

Originally Posted by dadkins

So, if that file is harmless if it doesn't get ran, why does OSSP *NOW* see it and quarrantine it?

You've just told it to scan the file, that's why...

Quote:

Originally Posted by dadkins

Why not just keep it off the machine(like what an AV is supposed to do).

As I said above, doing this would mean OSS would very likely conflict with other AVs. That means that people choosing to use OSS would have to either disable or uninstall them, which could mean sacrificing their protection if the AM plugin is not up to scratch.

With its current setup, you should be able to run the OSS malware scanner alongside an existing AV, thereby gaining an extra level of protection if your main AV misses an item.

[dadkins]

Ok, but as Manny posted(second post in this thread):
Having two AV programs in real time mode is not recommended since they may interfere or crash your system.

Tell me, is this or is this not a Suite WITH an AV?

Should I or should I not treat OSSP *AS* a security suite?

Will it or will it not conflict with my normal AV(avast)?

Who is right and who should I be listening to here?

All y'all are telling me(us) contradictory "facts" here.

YOU all have said that ??? is harmless if it doesn't run so OSSP doesn't see it as a threat... right?

Said by FadeToBlack:
"Because the malicious files are harmless if they are not executed. Scanning on execution is a very good idea because otherwise it will scan files without any reason."

Telling OSSP to scan a folder is *NOT* executing the file!

Paranoid is saying I *should* keep my AV... Manny says to lose(turn off) the AV.

Uhm, ok... sure!