A closer analysis of DE-Cleaner from Symantec

I was curious about how the DE-Cleaner of Symantec works, so I downloaded the software and give it a closer look.
I did not dissemble it or anything similar… I simply performed a little black box testing.

So, I started it without any internet connection. The result was: no scanning was possible. DE-Cleaner requires an Internet connection.
This is an indication that the software is an in-the-cloud scanner. After seeing this, I searched on the website botfrei.de more details.
And I found them… yes, indeed the Symantec De-Cleaner needs an Internet connection. This is why the file has the size of only 6 MB – because it contains no signatures.

After allowing it to connect to the Internet through the Avira Firewall, I let it scan a folder.
And the results were: MANY FALSE POSITIVES which should have been easily skipped.

Let’s take one of them, which is the software I bought for preparing myself for the exam CompTIA Project+ which I took in July.

I don’t know how you see it, but I find not enough infos to say that the software is suspicious.

I think that the guys from Symantec have still a lot of work ahead to do with their in the cloud solution based on file reputation.

Another interesting issue I’ve found is the fact that the cleaner scans only executable files. This is normal for a file reputation scanner. Any other solution which scans for signatures will unpack archives and scan inside container files for malware. This tool only searches the signatures.
I wonder how they scan for rootkits 🙂

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: