TrendMicro's submission process sucks !

D

David H. Lipman

When I submit an infector to McAfee's Webimmune for a sample that up-to-date VirusScan won't
flag, I can expect an EXTRA.DAT from anywhere from a few minutes to 48 hours (36hrs for
Adware) and the next week's DAT revision will contain the detection.

I submitted a SDbot variant (wburgm.exe) to TrendMicro on 11/12/04 and a month later
TrendMicro still does not have a pattern File released that detects it.

The last time I went through a similar process with TrendMicro was with a SpyBot variant.
It took over three weeks and the only reason It was detected was because I called the
company (using my professional persona) and bitched.

Dave
 
O

optikl

David said:
When I submit an infector to McAfee's Webimmune for a sample that up-to-date VirusScan won't
flag, I can expect an EXTRA.DAT from anywhere from a few minutes to 48 hours (36hrs for
Adware) and the next week's DAT revision will contain the detection.

I submitted a SDbot variant (wburgm.exe) to TrendMicro on 11/12/04 and a month later
TrendMicro still does not have a pattern File released that detects it.

The last time I went through a similar process with TrendMicro was with a SpyBot variant.
It took over three weeks and the only reason It was detected was because I called the
company (using my professional persona) and bitched.

Dave
Click to expand...

I have a support issue on PCC 2005 (Wi-Fi Detection module) and I can't
seem to get the requisite attention. Any names I might try to get some
assistance?
 
M

Mal

David said:
When I submit an infector to McAfee's Webimmune for a sample that up-to-date VirusScan won't
flag, I can expect an EXTRA.DAT from anywhere from a few minutes to 48 hours (36hrs for
Adware) and the next week's DAT revision will contain the detection.

I submitted a SDbot variant (wburgm.exe) to TrendMicro on 11/12/04 and a month later
TrendMicro still does not have a pattern File released that detects it.

The last time I went through a similar process with TrendMicro was with a SpyBot variant.
It took over three weeks and the only reason It was detected was because I called the
company (using my professional persona) and bitched.

Dave
Click to expand...


Yep had a very similar experience with a web submitted threat (a spybot
I think) which was a cpl of months ago. The submission has even now
disappeared from my online trend profile...

Have added another couple of submissions over the last couple of days of
some backdoors and keyloggers. Will be interesting to see if they're
actually examined and added to their defs.

Makes me wonder if they even check the web submission queue!
 
D

David H. Lipman

Sorry, I have no contacts with them :-(

Where's Dave Perry these days ?

Dave



| David H. Lipman wrote:
| > When I submit an infector to McAfee's Webimmune for a sample that up-to-date VirusScan
won't
| > flag, I can expect an EXTRA.DAT from anywhere from a few minutes to 48 hours (36hrs for
| > Adware) and the next week's DAT revision will contain the detection.
| >
| > I submitted a SDbot variant (wburgm.exe) to TrendMicro on 11/12/04 and a month later
| > TrendMicro still does not have a pattern File released that detects it.
| >
| > The last time I went through a similar process with TrendMicro was with a SpyBot
variant.
| > It took over three weeks and the only reason It was detected was because I called the
| > company (using my professional persona) and bitched.
| >
| > Dave
| >
| >
|
| I have a support issue on PCC 2005 (Wi-Fi Detection module) and I can't
| seem to get the requisite attention. Any names I might try to get some
| assistance?
 
O

optikl

David said:
Sorry, I have no contacts with them :-(

Where's Dave Perry these days ?

Dave
Click to expand...

That's ok, Dave. I'll just continue to savage them on their lack of
customer focus until I get the answer I think I deserve :).
 
O

optikl

Mal said:
Yep had a very similar experience with a web submitted threat (a spybot
I think) which was a cpl of months ago. The submission has even now
disappeared from my online trend profile...

Have added another couple of submissions over the last couple of days of
some backdoors and keyloggers. Will be interesting to see if they're
actually examined and added to their defs.

Makes me wonder if they even check the web submission queue!
Click to expand...

Like most vendors who brag about the wonderful support they offer,
theirs is the cheap, unskilled (intellectually) labor one finds in 3rd
world wannabe vibrant economies, like the Philippines. I suspect they
are lucky to find anyone with an education beyond secondary level, based
on response to my emails that I have received. One response was so lame,
they offered me the previous version of PCC (which does not contain the
module I was having issues with-Wi Fi detection) to see if I still
experienced the problem :).
 
J

John Coutts

When I submit an infector to McAfee's Webimmune for a sample that up-to-date VirusScan won't
flag, I can expect an EXTRA.DAT from anywhere from a few minutes to 48 hours (36hrs for
Adware) and the next week's DAT revision will contain the detection.

I submitted a SDbot variant (wburgm.exe) to TrendMicro on 11/12/04 and a month later
TrendMicro still does not have a pattern File released that detects it.

The last time I went through a similar process with TrendMicro was with a SpyBot variant.
It took over three weeks and the only reason It was detected was because I called the
company (using my professional persona) and bitched.

Dave
Click to expand...
******************* REPLY SEPARATER ********************
In my experience, none of the anti-virus manufacturers do a very good job with
backdoor trojans. I suppose that part of the reason is that there are so many
variants. SARC for example classifies two different SpyBot worms that I
submitted to them as Generic W32.Spybot, when in actual fact they are quite
different. The description provided on the SARC web site doesn't match the
behaviour of either of them.

J.A. Coutts
 
T

Theo

When I submit an infector to McAfee's Webimmune for a sample that
up-to-date VirusScan won't flag, I can expect an EXTRA.DAT from
anywhere from a few minutes to 48 hours (36hrs for Adware) and the
next week's DAT revision will contain the detection.

I submitted a SDbot variant (wburgm.exe) to TrendMicro on 11/12/04 and
a month later TrendMicro still does not have a pattern File released
that detects it.

The last time I went through a similar process with TrendMicro was
with a SpyBot variant. It took over three weeks and the only reason It
was detected was because I called the company (using my professional
persona) and bitched.

Dave
Click to expand...

A submissive AV program... just what we need. And I was considering
buying that one :p
 
D

David H. Lipman

I sent you pertinent info Optikl !

Dave :)



| David H. Lipman wrote:
| > Sorry, I have no contacts with them :-(
| >
| > Where's Dave Perry these days ?
| >
| > Dave
|
| That's ok, Dave. I'll just continue to savage them on their lack of
| customer focus until I get the answer I think I deserve :).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Kaspersky submission screwup ! 3

Top