Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEP not able to detect virus but K******ky does???

Migration User

Migration UserAug 30, 2009 09:34 AM

Thanks Rick you gave me another idea.
Migration User

Migration UserDec 08, 2009 09:45 AM

Thanks Bijay for this POC

  • 1.  SEP not able to detect virus but K******ky does???

    Posted Aug 27, 2009 12:08 PM

    Hi everyone,

        I don't know if I should ask this but I'm confused and don't how to explain this. I installed SEP on a test machine and K********ky(another AV engine) on another test machine. Both machs are connected to the internet. I tried to attach a usb media on the mach installed w/ SEP, it doesn't seem to have any any virus or what. But when I attached it to the mach w/ K*****ky installed in it, it prompts and signals that there is a virus on the usb media. How can you explain this? My client asks me how come Symantec wasn't able to detect it but the other brand does? Need fruitful advice. Thanks.  


  • 2.  RE: SEP not able to detect virus but K******ky does???
    Best Answer

    Posted Aug 27, 2009 12:18 PM
     First of all what did Kaspersky detect? Did it detect a Autorun.inf file did it really detect a threat?

    Well AV signatures differ for all AV companies...If there would have been a forum for Kaspersky similar posts would be there as well..
    Why Symantec detect and kaspersky doesn't detect..


  • 3.  RE: SEP not able to detect virus but K******ky does???

    Posted Aug 27, 2009 12:29 PM
     Hmm is that so? Alright, I'll try to get the info, as of now I'm not onsite. Get back to you as when I have the details the soonest time. Thanks!


  • 4.  RE: SEP not able to detect virus but K******ky does???

    Posted Aug 28, 2009 09:56 AM
    At any given time there are viruses out there that any AV product you pick will detect that none of the others will.   Also is it possable that Kapersky was giving a false positive?  Did you send the file over to Symantec for them to look at?  If not you should and see what they say.   I know for here with our email we have multiple layers of protection from multiple vendors with Symantec being the last in the chain and I have things that reach the Symantec layer from time to time which means they got past McCafee and Trend.


  • 5.  RE: SEP not able to detect virus but K******ky does???

    Posted Aug 30, 2009 09:34 AM
    Thanks Rick you gave me another idea.


  • 6.  RE: SEP not able to detect virus but K******ky does???

    Posted Dec 08, 2009 06:51 AM
     Indead . I have to deal with that problem from time to time (actualy today) .
    Kaspersky AND McAfee detected autorun trojans several times and in fact there are real infections , that are NOT dectected by SEP11
    (Kaspersy : Trojan.Win32.Autorun.fs / McAfee : Generic Dropper.ea) !
    The anoying thing is to make sure , that they are removed from the PC,  is to deinstall SEP and to install McAfee .
    On USB sticks you may just delete the autorun.inf file and the RECYCLER folder ( unhide files folders/unhyde System files) .
    To avoid further infection make a autorun.inf folder . On XP use regedit to disable Explorer autoplay policy .

    I' m still waiting that Symantec takes this threat more seriously .



  • 7.  RE: SEP not able to detect virus but K******ky does???

    Posted Dec 08, 2009 07:39 AM
    Different Av has different engines and the detection level is  also different. They work upon different technology. The infection which has been detected by Kaspersky may not be suspicious with Symantec or other. If you really want to test both the AVs go to the NSS labs reports.




  • 8.  RE: SEP not able to detect virus but K******ky does???

    Posted Dec 08, 2009 09:14 AM
    Antivirus             Version                Last Update                       Result
    a-squared 4.5.0.24 2009.09.13 Worm.Win32.Taterf!IK
    AhnLab-V3 5.0.0.2 2009.09.13 -
    AntiVir 7.9.1.14 2009.09.11 TR/Drop.Agent.ahdz
    Antiy-AVL 2.0.3.7 2009.09.11 Trojan/Win32.OnLineGames.gen
    Authentium 5.1.2.4 2009.09.12 W32/Trojan3.ANS
    Avast 4.8.1351.0 2009.09.12 Win32:Kavos
    AVG 8.5.0.412 2009.09.13 Win32/Heur
    BitDefender 7.2 2009.09.13 Trojan.PWS.OnlineGames.KBWR
    CAT-QuickHeal 10.00 2009.09.12 TrojanGameThief.OnLineGames.u
    ClamAV 0.94.1 2009.09.13 Trojan.Magania-10360
    Comodo 2304 2009.09.13 -
    DrWeb 5.0.0.12182 2009.09.13 Trojan.PWS.Wsgame.4983
    eSafe 7.0.17.0 2009.09.10 Suspicious File
    eTrust-Vet 31.6.6733 2009.09.11 Win32/Frethog.DKA
    F-Prot 4.5.1.85 2009.09.12 W32/Trojan3.ANS
    F-Secure 8.0.14470.0 2009.09.13 Trojan-PSW:W32/OnlineGames.gen!E
    Fortinet 3.120.0.0 2009.09.13 W32/Pws.AK!tr
    GData 19 2009.09.13 Trojan.PWS.OnlineGames.KBWR
    Ikarus T3.1.1.72.0 2009.09.13 Worm.Win32.Taterf
    Jiangmin 11.0.800 2009.09.13 Trojan/PSW.OnLineGames.wsa
    K7AntiVirus 7.10.843 2009.09.12 Trojan-GameThief.Win32.OnLineGames.uvyg
    Kaspersky 7.0.0.125 2009.09.13 -
    McAfee 5739 2009.09.12 Generic PWS.ak
    McAfee+Artemis 5739 2009.09.12 Generic PWS.ak
    McAfee-GW-Edition 6.8.5 2009.09.13 Heuristic.LooksLike.Win32.SuspiciousPE.L
    Microsoft 1.5005 2009.09.13 Worm:Win32/Taterf.B
    NOD32 4421 2009.09.13 Win32/PSW.OnLineGames.NMY
    Norman 6.01.09 2009.09.11 OnLineGames.IAPV
    nProtect 2009.1.8.0 2009.09.12 -
    Panda 10.0.2.2 2009.09.13 W32/Autorun.IUY
    PCTools 4.4.2.0 2009.09.11 -
    Prevx 3.0 2009.09.13 High Risk Cloaked Malware
    Rising 21.46.61.00 2009.09.13 Trojan.PSW.Win32.GameOL.ztk
    Sophos 4.45.0 2009.09.13 Mal/EncPk-IE
    Sunbelt 3.2.1858.2 2009.09.12 Worm.Win32.AutoRun
    Symantec 1.4.4.12 2009.09.13 Infostealer.Gampass
    TheHacker 6.3.4.4.402 2009.09.12 Trojan/OnLineGame.gen
    TrendMicro 8.950.0.1094 2009.09.13 WORM_AUTORUN.DPF
    VBA32 3.12.10.10 2009.09.11 Trojan-GameThief.Win32.OnLineGames.uvyg
    ViRobot 2009.9.12.1932 2009.09.12 Trojan.Win32.PSWIGames.108730
    VirusBuster 4.6.5.0 2009.09.12 Worm.Taterf.AFM


  • 9.  RE: SEP not able to detect virus but K******ky does???

    Posted Dec 08, 2009 09:15 AM
    Antivirus Version Last Update Result
    a-squared 4.5.0.41 2009.11.10 Email-Worm.Win32.Brontok.ab!IK
    AhnLab-V3 5.0.0.2 2009.11.06 -
    AntiVir 7.9.1.61 2009.11.10 Worm/Sohaned.BP
    Antiy-AVL 2.0.3.7 2009.11.10 -
    Authentium 5.2.0.5 2009.11.10 W32/Sality.AJ
    Avast 4.8.1351.0 2009.11.10 Win32:AutoIt-FK
    AVG 8.5.0.423 2009.11.10 Win32/Tanatos.J
    BitDefender 7.2 2009.11.10 Win32.Sality.2.OE
    CAT-QuickHeal 10.00 2009.11.10 W32.Sality.R
    ClamAV 0.94.1 2009.11.10 Worm.Autorun-1782
    Comodo 2904 2009.11.10 -
    DrWeb 5.0.0.12182 2009.11.10 Win32.Sector.5
    eTrust-Vet 35.1.7113 2009.11.10 -
    F-Prot 4.5.1.85 2009.11.10 W32/Sality.AJ
    F-Secure 9.0.15370.0 2009.11.09 Win32.Sality.2.OE
    Fortinet 3.120.0.0 2009.11.10 W32/Sality.AA
    GData 19 2009.11.10 Win32.Sality.2.OE
    Ikarus T3.1.1.74.0 2009.11.10 Email-Worm.Win32.Brontok.ab
    Jiangmin 11.0.800 2009.11.10 Trojan/Genome.dqq
    K7AntiVirus 7.10.892 2009.11.09 -
    Kaspersky 7.0.0.125 2009.11.10 -
    McAfee 5797 2009.11.09 W32/Sality.gen
    McAfee+Artemis 5797 2009.11.09 W32/Sality.gen
    McAfee-GW-Edition 6.8.5 2009.11.10 Heuristic.BehavesLike.Win32.ModifiedUPX.I
    Microsoft 1.5202 2009.11.10 Virus:Win32/Sality.AM
    NOD32 4591 2009.11.10 Win32/Sality.NAO
    Norman 6.03.02 2009.11.09 W32/Sality.AO
    nProtect 2009.1.8.0 2009.11.10 -
    Panda 10.0.2.2 2009.11.09 W32/Sohanat.HL.worm
    PCTools 7.0.3.5 2009.11.10 Malware.Sality
    Prevx 3.0 2009.11.10 -
    Rising 22.21.01.07 2009.11.10 -
    Sophos 4.47.0 2009.11.10 Mal/Sality-A
    Sunbelt 3.2.1858.2 2009.11.10 Win32.Sality.ek (v)
    Symantec 1.4.4.12 2009.11.10 W32.Sality.AE
    TheHacker 6.5.0.2.064 2009.11.09 -
    TrendMicro 9.0.0.1003 2009.11.10 PE_SALITY.EK
    VBA32 3.12.10.11 2009.11.09 Virus.Win32.Sality.2
    ViRobot 2009.11.10.2029 2009.11.10 Win32.Sality.J
    VirusBuster 4.6.5.0 2009.11.09 Trojan.DR.Agent.OIDA


  • 10.  RE: SEP not able to detect virus but K******ky does???

    Posted Dec 08, 2009 09:15 AM
    Antivirus Version Last Update Result
    a-squared 4.5.0.41 2009.11.04 Email-Worm.Win32.Brontok.ab!IK
    AhnLab-V3 5.0.0.2 2009.11.04 -
    AntiVir 7.9.1.53 2009.11.04 Worm/Sohaned.BP
    Antiy-AVL 2.0.3.7 2009.11.04 -
    Authentium 5.2.0.5 2009.11.04 W32/Sality.AJ
    Avast 4.8.1351.0 2009.11.03 Win32:AutoIt-FK
    AVG 8.5.0.423 2009.11.04 Win32/Tanatos.J
    BitDefender 7.2 2009.11.04 Win32.Sality.2.OE
    CAT-QuickHeal 10.00 2009.11.04 W32.Sality.R
    ClamAV 0.94.1 2009.11.04 Worm.Autorun-1782
    Comodo 2837 2009.11.04 Virus.Win32.Sality.Gen
    DrWeb 5.0.0.12182 2009.11.04 Win32.Sector.5
    eSafe 7.0.17.0 2009.11.04 Win32.WormSohaned.Bp
    eTrust-Vet 35.1.7101 2009.11.04 -
    F-Prot 4.5.1.85 2009.11.04 W32/Sality.AJ
    F-Secure 9.0.15370.0 2009.11.04 Win32.Sality.2.OE
    Fortinet 3.120.0.0 2009.11.04 W32/Sality.AA
    GData 19 2009.11.04 Win32.Sality.2.OE
    Ikarus T3.1.1.74.0 2009.11.04 Email-Worm.Win32.Brontok.ab
    Jiangmin 11.0.800 2009.11.04 -
    K7AntiVirus 7.10.888 2009.11.04 -
    Kaspersky 7.0.0.125 2009.11.04 -
    McAfee 5791 2009.11.03 W32/Sality.gen
    McAfee+Artemis 5791 2009.11.03 W32/Sality.gen
    McAfee-GW-Edition 6.8.5 2009.11.04 Heuristic.BehavesLike.Win32.ModifiedUPX.I
    Microsoft 1.5202 2009.11.04 Virus:Win32/Sality.AM
    NOD32 4573 2009.11.04 Win32/Sality.NAO
    Norman 6.03.02 2009.11.04 W32/Sality.AO
    nProtect 2009.1.8.0 2009.11.04 -
    Panda 10.0.2.2 2009.11.03 W32/Sohanat.HL.worm
    PCTools 7.0.3.5 2009.11.04 Malware.Imaut
    Prevx 3.0 2009.11.04 -
    Rising 21.54.24.00 2009.11.04 Trojan.Win32.Autoit.ev
    Sophos 4.47.0 2009.11.04 Mal/Sality-A
    Sunbelt 3.2.1858.2 2009.11.04 Win32.Sality.ek (v)
    Symantec 1.4.4.12 2009.11.04 W32.Imaut.E
    TheHacker 6.5.0.2.060 2009.11.04 -
    TrendMicro 9.0.0.1003 2009.11.04 PE_SALITY.EK
    VBA32 3.12.10.11 2009.11.03 Virus.Win32.Sality.2
    ViRobot 2009.11.4.2021 2009.11.04 Win32.Sality.J
    VirusBuster 4.6.5.0 2009.11.04 Trojan.DR.Agent.OIDA


  • 11.  RE: SEP not able to detect virus but K******ky does???

    Posted Dec 08, 2009 09:17 AM
    a-squared 4.5.0.41 2009.11.06 Email-Worm.Win32.Brontok.ab!IK
    AhnLab-V3 5.0.0.2 2009.11.06 -
    AntiVir 7.9.1.59 2009.11.06 Worm/Sohaned.BP
    Antiy-AVL 2.0.3.7 2009.11.05 -
    Authentium 5.2.0.5 2009.11.06 W32/Sality.AJ
    Avast 4.8.1351.0 2009.11.06 Win32:AutoIt-FK
    AVG 8.5.0.423 2009.11.06 Win32/Tanatos.J
    BitDefender 7.2 2009.11.06 Win32.Sality.2.OE
    CAT-QuickHeal 10.00 2009.11.06 W32.Sality.R
    ClamAV 0.94.1 2009.11.06 Worm.Autorun-1782
    Comodo 2859 2009.11.06 -
    DrWeb 5.0.0.12182 2009.11.06 Win32.Sector.5
    eTrust-Vet 35.1.7106 2009.11.05 -
    F-Prot 4.5.1.85 2009.11.06 W32/Sality.AJ
    F-Secure 9.0.15370.0 2009.11.04 Win32.Sality.2.OE
    Fortinet 3.120.0.0 2009.11.06 W32/Sality.AA
    GData 19 2009.11.06 Win32.Sality.2.OE
    Ikarus T3.1.1.74.0 2009.11.06 Email-Worm.Win32.Brontok.ab
    Jiangmin 11.0.800 2009.11.06 -
    K7AntiVirus 7.10.889 2009.11.05 -
    Kaspersky 7.0.0.125 2009.11.06 -
    McAfee 5793 2009.11.05 W32/Sality.gen
    McAfee+Artemis 5793 2009.11.05 W32/Sality.gen
    McAfee-GW-Edition 6.8.5 2009.11.06 Heuristic.BehavesLike.Win32.ModifiedUPX.I
    Microsoft 1.5202 2009.11.05 Virus:Win32/Sality.AM
    NOD32 4578 2009.11.06 Win32/Sality.NAO
    Norman 6.03.02 2009.11.06 W32/Sality.AO
    nProtect 2009.1.8.0 2009.11.06 -
    Panda 10.0.2.2 2009.11.05 W32/Sohanat.HL.worm
    PCTools 7.0.3.5 2009.11.06 -
    Prevx 3.0 2009.11.06 -
    Rising 21.54.43.00 2009.11.06 Trojan.Win32.Autoit.ev
    Sophos 4.47.0 2009.11.06 Mal/Sality-A
    Sunbelt 3.2.1858.2 2009.11.06 Win32.Sality.ek (v)
    Symantec 1.4.4.12 2009.11.06 W32.SillyFDC
    TheHacker 6.5.0.2.062 2009.11.05 -
    TrendMicro 9.0.0.1003 2009.11.06 PE_SALITY.EK
    VBA32 3.12.10.11 2009.11.06 Virus.Win32.Sality.2
    ViRobot 2009.11.6.2025 2009.11.06 Win32.Sality.J
    VirusBuster 4.6.5.0 2009.11.05 Trojan.DR.Agent.OIDA


  • 12.  RE: SEP not able to detect virus but K******ky does???

    Posted Dec 08, 2009 09:18 AM
    all above are results from virustotal.

    I have got these threats which are not detected by kaspersky and all these results are within 2 months


  • 13.  RE: SEP not able to detect virus but K******ky does???

    Posted Dec 08, 2009 09:45 AM
     Thanks Bijay for this POC


  • 14.  RE: SEP not able to detect virus but K******ky does???

    Posted Apr 22, 2010 01:45 PM
    yes kav detects autorun.inf as virus while symantec don't and this file is present in most peoples pendrives now a days .

    I have seen thrice in last two months when Kav also failed to detect virus.