We would like to put stress on the fact that alerts with action requests (simply "alerts") coming from different modules of Outpost 7.5 are unified as Firewall, Anti-Malware and Proactive Protection are deeply integrated with SmartDecision technology.
Alert for process/file activity is marked by one of the following colors:
- Red - untrusted files
- Yellow – suspicious files
- Green – processes and/or files from trusted sources with active digital signatures
In these circumstances one more feature of Outpost Pro 7.5 becomes of a great importance, it is an ability to automatically submit suspicious files for analysis directly from Outpost action request window. This feature has been recently mentioned by our users in the blog.
This feature is already enabled by default in the configuration of Outpost Pro 7.5 public beta version, the size of the file should not exceed 20MB. To adjust settings please go to General – ImproveNet tab in the product settings.
All further improvements of SmartDecision technology are coming in Release Candidate expected on May 17.
Natalia Solovyeva
Agnitum Ltd.
9 comments:
Congratulations on your new job Natalia.
Does the user hear anything back after a suspected file is submitted to Agnitum?
mr goryakin , where are?
Suspected files are added to the queue to be additionally checked, it is not very standard procedure. You will be notified.
Regarding Pavel, he is back to his family's company.
most users like comodo for sanbox features.
for start outpost sandbox can be exist in outpost antimalware subtree.and ask of the user for run , suspisious files in OSS snadbox
Does the submit function ALWAYS send the full contents of a file for analysis or does it hash (SHA512, WHIRLPOOL or whatever strong hash you use) the file and send the hash first as to check for already uploaded files and save bandwidth?
Does it send log files with the file?
some parts in outpost firewalls or security suite in first run have low performance.
-process activity > some times last 5 or 7 second for show process and show modules.
one algorithm for this problem:if system is not busy , oss search all process and modules in behind and caching.
-antimalware scane > after complete system scane with oss antimalwares, in the next oss summon, reducing oss speed performance.
i think caching methods have problem.
How is or how will someone be notified (since it sounds like the standards are still being thought out)? If from the email the license key is tied to that is 1+ years- a lot can happen in that time and emails may change. Not to mention those that may complain about privacy issues.
May want to add a details section that can expanded out and has a checkbox for if feedback is requested (To please those with Privacy issues) and a place to put an email that may or may not be populated from license key or previous submit.
The situation is different for automatic submit (when you just press OK to send the file to our viruslab, and it will be sent anonimously through ImproveNet) and manual submit (when you open http://www.agnitum.com/support/submit_files.php and you're asked to leave your email if you want to get the feedback).
Regarding manual submit, you will be notified. Automatical feedback is impossible - you will just see that checked file won't be submitted anymore.
alexy, your feedback to support team was already heard, but we definitely need the log file from you to explore how this could happen. The algorithm remains the same, the detection may depend only of the settings applied. Please help us to solve your problem by sending additional information to Agnitum Support www.agnitum.com/support/
Post a Comment