1 2 3 Previous Next 22 Replies Latest reply on Nov 6, 2015 2:27 AM by ouyangx

    Too many missed detections

    ouyangx

      Recently I`ve been testing virus detection rates of mcafee internet security using samples from various sources, and submit the missed samples via getsusp

       

      But in the reply there`re a lot of reports indicating samples that should have been detected, but missed.

       

      The missed detections exist in various forms, but mostly begins with prefix "RDN", together with some other detections.

       

       

       

              | 08.ex_    | 91b62b6cb2700902ebdd994426be0850 | detected | fareit-fcg!91b62b6cb270   | Unknown        |

       

              | 23.ex_    | 73175263ed0ca60015a7cdf515ac1dfd | detected | genericr-ete!73175263ed0c | Unknown        |

       

              | 18.ex_    | 8fc4c25a70024b2398764abc87dbd697 | detected | rdn/generic pws.y         | TROJAN         |

       

              | 21.ex_    | fd80e978ee3b05ef226c686697343488 | detected | rdn/generic downloader.x  | TROJAN         |

       

              | 43.ex_    | 8afecc8e61fe3805fdd41d4591710976 | detected | rdn/generic.dx            | TROJAN         |

       

              | 45.ex_    | b5d6e82d9a2c83830774ae98ab1bd766 | detected | rdn/generic downloader.x  | TROJAN         |

       

              | 34.ex_    | ec30c5cbca734b6c0311e5f332558606 | detected | rdn/ransom                | assumed_dirty4 |

       

              | 48.ex_    | 63821a12980a9e6b11c3dd9b9e15230e | detected | trojan-fhhb!63821a12980a  | assumed_dirty4 |

       

              | 03.ex_    | 198daed0fe23f7317a8cfb97b171d97b | detected | rdn/generic backdoor      | TROJAN  |

       

              | 25.ex_    | 52299d477e0bea01a82da8142511b94d | detected | generic-fawt!52299d477e0b | TROJAN |

       

              | 09.ex_    | badf74e12ab1921d61b11d8ef924e3f9 | detected | generic-fawt!badf74e12ab1 | TROJAN |

       

              | 41.ex_    | 6ed422ec24ecc7afef56ba0ef3df3dfa | detected | rdn/pwcrack-winspy        | PUP     |

       

              | 29.ex_    | baa0c1b7c0da0e0e3c9b5c7d6e534ff7 | detected | generic-fawt!baa0c1b7c0da | TROJAN |

       

      So mcafee IS cannot detect a lot of malware even if mcafee think it can. And that will pose our PC into great danger.

       

      Plz fix it ASAP.

        • 1. Re: Too many missed detections
          Peacekeeper

          Pinged the getsusp guru

          1 of 1 people found this helpful
          • 2. Re: Too many missed detections
            exbrit

            It also depends on your definition of malware but all the ones above were detected.    But best wait for comments from someone at the labs.

            In all tests conducted by the media McAfee/Intel scored very highly.

            • 3. Re: Too many missed detections

              the data you shared doesn't support your claims - all the samples were detected?

              1 of 1 people found this helpful
              • 4. Re: Too many missed detections
                ouyangx

                my definition is the samples were detected using on-access or on-demand scan.

                 

                I`m not questioning the real detection rate, but it seems that MIS is not fully showing its capabilities on my PC.

                • 5. Re: Too many missed detections
                  ouyangx

                  the full reply from getsusp is like this:

                   

                          +-----------+----------------------------------+--------------+---------------- -----------+----------------+

                  | File Name | MD5                              | Findings     | Detection                 | Type           |

                  +-----------+----------------------------------+--------------+----------------- ----------+----------------+

                   

                          | 05.ex_    | 73b944b630898a695536cb0c3f826295 | not_detected | | TROJAN         |

                   

                          | 08.ex_    | 91b62b6cb2700902ebdd994426be0850 | detected | fareit-fcg!91b62b6cb270   | Unknown        |

                   

                          | 13.ex_    | 219c843cf84cc73f624779d12c997f1c | not_detected |                           | assumed_dirty4 |

                   

                          | 23.ex_    | 73175263ed0ca60015a7cdf515ac1dfd | detected | genericr-ete!73175263ed0c | Unknown |

                   

                          | 18.ex_    | 8fc4c25a70024b2398764abc87dbd697 | detected | rdn/generic pws.y         | TROJAN         |

                   

                          | 21.ex_    | fd80e978ee3b05ef226c686697343488 | detected | rdn/generic downloader.x  | TROJAN         |

                   

                          | 40.ex_    | 10991b454f1923aae00115b120bcd803 | not_detected |                           | assumed_dirty4 |

                   

                          | 32.ex_    | 6377b30d73687cf955d32f53cf42f52b | not_detected |                           | assumed_dirty4 |

                   

                          | 43.ex_    | 8afecc8e61fe3805fdd41d4591710976 | detected | rdn/generic.dx            | TROJAN         |

                   

                          | 44.ex_ | 9a367e46449bffa33227974bcc75c9fe | not_detected |                           | assumed_dirty4 |

                   

                          | 45.ex_    | b5d6e82d9a2c83830774ae98ab1bd766 | detected | rdn/generic downloader.x  | TROJAN         |

                   

                          | 37.ex_    | dfdbb12f24584e1c772059ee8fd0a43d | not_detected |                           | assumed_dirty4 |

                   

                          | 34.ex_    | ec30c5cbca734b6c0311e5f332558606 | detected | rdn/ransom                | assumed_dirty4 |

                   

                          | 31.ex_    | fc7668b98ff01a8841fd8eee6390daa9 | not_detected |                           | assumed_dirty4 |

                   

                          | 48.ex_    | 63821a12980a9e6b11c3dd9b9e15230e | detected | trojan-fhhb!63821a12980a  | assumed_dirty4 |

                   

                          | 47.ex_    | 7b84e05bf2045a64fba566dfb929d140 | not_detected | | Unknown        |

                   

                          | 46.ex_    | c9dc4e6c77498f5a45bb5dda9e23328f | not_detected |                           | assumed_dirty4 |

                   

                  +-----------+----------------------------------+--------------+---------------- -----------+----------------+

                   

                  All the samples I submitted are not detected on my PC, but the reply shows that there are some that should be detected already by Mcafee

                  • 6. Re: Too many missed detections

                    What you're seeing is the difference between signature based detection and behaviour based detection - since most malware is one time polymorphic, the chances of seeing the same signature twice is so low that it's hardly worth recording it.

                     

                    That's where behavioural detection comes in.

                    1 of 1 people found this helpful
                    • 7. Re: Too many missed detections
                      catdaddy

                      Are you referring to Quarantined Items, or Security History?

                      • 8. Re: Too many missed detections
                        ouyangx

                        There`re some samples that mcafee shows they should be detected right now are missed on my PC, according to the results frome getsusp above

                         

                        what else do you think do I need to provide to make this more clear?

                        • 9. Re: Too many missed detections
                          catdaddy

                          I see that SafeBoot offered his assistance, so having said this...His Product knowledge 'Dwarfs' mine.

                          1 2 3 Previous Next