This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Please add to Application Control

Would it be possible to add DEALPLY UPDATER to App control options to allow us to block this malicious add on ?

I am aware that it is classed as a PUA - But I keep on seeing various devices infected by DEALPLY that, obviously somehow gets through AV and needs blocking ..

Thanks



This thread was automatically locked due to age.
Parents
  • Hello Weeboo,

    you say that it is not detected as PUA, in other words - PUA detection is enabled, sometimes it is caught but a variant of it is nevertheless on some devices?
    While Application Control has a different purpose than PUA blocking they rely on the same detection data. Please use the Submit a Sample page - Sample File can be used to report missed (i.e. not detected as Dealply) executables, you can also request that it is added to Application Control.

    Christian

Reply
  • Hello Weeboo,

    you say that it is not detected as PUA, in other words - PUA detection is enabled, sometimes it is caught but a variant of it is nevertheless on some devices?
    While Application Control has a different purpose than PUA blocking they rely on the same detection data. Please use the Submit a Sample page - Sample File can be used to report missed (i.e. not detected as Dealply) executables, you can also request that it is added to Application Control.

    Christian

Children
  • Christian,

    I believe that the DEALPLY PUA did get through AV protection - however I have already CLEANED IT - So this time, I am unable to submit a sample !

    How do I capture it - should it reappear ?

    And it WAS detected as DEALPLY - Which confuses and concerns me !

  • Hello Weeboo,

    On-Access scanning normally just blocks PUAs and you see them as Cleanable in the console. Detection might also be a side-effect of a limited (and "invisible") scan that is performed in response to some other detection or simply a folder access with Explorer. It doesn't necessarily mean that the software was about to execute. Just disable scanning for PUAs and you can easily capture it.

    Such PUAs might also be embedded in self-extracting packages or archives, only detected by deeper inspection (thus the downloads aren't blocked) or when the file is opened/run.

    Christian