As the title says, I wanted to test how download insight works and what kind of downloads it analyzes.
So I visited a known malicious site, which popups a fake message about flash plugin run, where it has a button to run it.
When you click the run button, java RE starts, and I noticed that some executable files have created in /Appdata folder, and one of them is scheduled at startup.
I don't know any more details, I suppose that a .vbs run first and creates those files, but in Norton History, Download Insight didn't have any activity.
Though, I have read here that download insight scans all files downloaded (except archives?), whether they have downloaded with user approval or not.
As the title says, I wanted to test how download insight works and what kind of downloads it analyzes.
So I visited a known malicious site, which popups a fake message about flash plugin run, where it has a button to run it.
When you click the run button, java RE starts, and I noticed that some executable files have created in /Appdata folder, and one of them is scheduled at startup.
I don't know any more details, I suppose that a .vbs run first and creates those files, but in Norton History, Download Insight didn't have any activity.
Though, I have read here that download insight scans all files downloaded (except archives?), whether they have downloaded with user approval or not.
Depending on the portal, Download Insight will either scan a file on download completion or on file execution. Download Insight provides a reputation-based analysis of a file's potential for being unsafe - it does not detect specific malware. Driveby downloads would be blocked by IPS or Auto-Protect, in cases where the attack and/or payload were known to be malicious. SONAR and other heuristics components would look for malware-like characteristics in files not recognized by signature detection. Rather than inviting Java exploits onto your system, you can easily try Download Insight with known safe installers from legitimate vendors, such as Adobe or Mozilla.