Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
My Communities
Communities
All Communities
Enterprise Software
Mainframe Software
Symantec Enterprise
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
Members
Endpoint Protection
View Only
Community Home
Threads
Library
Events
Members
Back to discussions
Expand all
|
Collapse all
sort by most recent
sort by thread
Symantec please fix this: Easily Bypassing Antivirus Detection
Migration User
Jun 03, 2010 01:58 PM
This might be of interest. http://www.room362.com/blog/2010/6/2/av-bypass-made-stupid.html
Thomas K
Jun 03, 2010 02:05 PM
Have you tested this against SEP 11? I have forwarded this on to Security Response. Thomas
Migration User
Jun 03, 2010 04:19 PM
I have not, but the author is reachable via the provided link.
Migration User
Jun 04, 2010 12:20 AM
The new exe has a different fingerprint and this can be accomplished lots of different ways. Thats ...
Migration User
Jun 05, 2010 09:43 PM
What zero said is right, you can even test by checking the MD5's yourself. This is part of the reason ...
1.
Symantec please fix this: Easily Bypassing Antivirus Detection
0
Recommend
Migration User
Posted Jun 03, 2010 01:58 PM
Reply
Reply Privately
Options Dropdown
This might be of interest.
http://www.room362.com/blog/2010/6/2/av-bypass-made-stupid.html
2.
RE: Symantec please fix this: Easily Bypassing Antivirus Detection
0
Recommend
Thomas K
Posted Jun 03, 2010 02:05 PM
Reply
Reply Privately
Options Dropdown
Have you tested this against SEP 11? I have forwarded this on to Security Response.
Thomas
3.
RE: Symantec please fix this: Easily Bypassing Antivirus Detection
0
Recommend
Migration User
Posted Jun 03, 2010 04:19 PM
Reply
Reply Privately
Options Dropdown
I have not, but the author is reachable via the provided link.
4.
RE: Symantec please fix this: Easily Bypassing Antivirus Detection
0
Recommend
Migration User
Posted Jun 04, 2010 12:20 AM
Reply
Reply Privately
Options Dropdown
The new exe has a different fingerprint and this can be accomplished lots of different ways.
Thats why you have Truscan, PTP, IPS etc.
If the new exe is distributed widely enough it will end up in the normal signatures and be detected.
Z
5.
RE: Symantec please fix this: Easily Bypassing Antivirus Detection
0
Recommend
Migration User
Posted Jun 05, 2010 09:43 PM
Reply
Reply Privately
Options Dropdown
What zero said is right, you can even test by checking the MD5's yourself. This is part of the reason why all the AV's have trouble with zero day threats. However any good AV will catch it through heuristic detection. Yet another reason why old AV's are not capable of protection against current threats.
Grant-
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Copyright 2019. All rights reserved.
Powered by Higher Logic