Panda Antivirus Adaptive Defense 360

Panda Antivirus Adaptive Defense 360

No Comments

We recently tested Panda Antivirus Adaptive Defense as a continuance to a previous review of NGAV products. Does Panda live up to its claims? Is it the future of Antivirus? It has it’s ups and downs but overall I think the issues we experienced can be fixed. It’s headed in the right direction and overall the interface is designed well for a modern protection platform.

Panda’s current version is 7. x and the product is Adaptive Defense 360. From the marketing on the website, you get the feeling that it’s not your average ‘Panda’ but it’s next-generation, sexy, and ready to eradicate even the most virulent samples.

During the test, I exchanged 178 emails with the vendor over a period of fewer than 90 days. I’ve learned a great deal through direct experience of its stability and effectiveness. It’s been my experience that you’d better test the heck out of these products. Not only with detection but the basic administration features as well. There can be bugs lurking that may not impact you on the security side but potentially impair your ability to control and manage endpoints. I went ahead and dug in using my basic Dell models and hoped for the best. Keep in mind that the things I don’t ‘like’ are bugs that can be resolved – not necessarily fatal issues. Here’s my evaluation…

*** Update 8/13 – Panda is aware of this blog and actively working to fix any of the issues I found. They’ve allocated folks from Product Management, Engineering and other teams to help improve response.

A few things to note:

1. My blog recommends products on occasion but has nothing for sale
2. Bugs like to come out when I’m around so careful if I sign up for a demo
3. I don’t drink the kool-aid so I look forward to lifting the marketing curtain

Machines Tested:

Dell Latitude E6440, E5470, E5480
Dell XPS 8390 (Desktop)
Dell Inspiron (7000 Series)
Windows 7 and Windows 10

Things we liked: 

  • Support is light speed and much more responsive than BitDefender. We received prompt responses and consistent service from all of the techs. They responded appropriately to our concerns. Many times it was just a matter of reproducing the issues and gathering the right data. Panda can trigger a ‘PSINFO’ tool to gather support data without you having to send any technical information to support. In comparison, I’ve waited days and days for BitDefender support to reply. Even when they do it’s not with any urgency. If you call there is typically no way to speak to anyone live at BitDefender until they call you back. Panda is easy to get on the phone and called me often when I was available before the afternoon time.
  • Panda recently implemented anti-tampering. I’ve been advocating for this across a number of products. In Barkly, I could simply stop any of the AV processes, execute malcode and start them again. Panda protected its services even in the services.msc snap-in.
  • EDR function traced the source of execution back to a file on many virus samples we tested. We’d get an alert within 0-15 minutes that showed which process executed a particular piece of code and where it connected to. Very useful and is focused on the context of that execution. Liked this better than the fancy tree in other EDR products. It’s better to be able to alert on this in an e-mail format without needing to access the console.
  • Deployment tools were adequate in that there were no major issues with installing, uninstalling or deploying the files. Minimal interruption or notices to the machine when pushing it down with a script. Removal from the console happens in under 15 minutes on most machines.
  • Panda’s support is phenomenal despite us having many bugs with it on our particular platform that was available to test. They responded quickly and with haste. During our support they offered access to an early release version of Panda AD360 8.x as a way to get past known issues on v7.

Issues we worked with support on:

  • Crashing/Bluescreens – Panda caused many bug checks on my machines with the driver NNSPRV.SYS, and by many I mean over a dozen on multiple machines. The key for some was that they were running Intel Proset Drivers for Wireless on a slightly older version but I can not fully confirm that’s the cause. The crashes continued until we were put on an early release of version 8.0 that seemed to alleviate them. At the time though this was not a general release. Every dump had references to Panda drives in it when the crashes occurred and they happened often.

  • Performance Issues/Hangups – Machine slowdowns on several boxes that include severe delays opening applications. This happened several more times in the last few months with the most recent being on my own machine while I was using it. I captured video of this and called in to offer an impacted machine to Panda. They were unavailable to gather any data and did not recommend any steps to take on the machine at that time. I had to remove the product and could not wait until ‘tomorrow’ to find out what I needed to do. That issue is still not identified or resolved. The burden was on me to prove that this is an issue even though I’ve captured live video of it happening multiple times. Panda was using 10,000 handles on PSANHOST.EXE when the issue occurs. Chrome tabs were completely hung up and simple applications like Notepad.exe took more than a minute to open. The issue was immediately resolved by removing the AV – which by the way was so hung up it took about 30 minutes. After the removal, we could immediately surf the web, and open up applications.
  • Service instability – Panda services were crashing on version 7.x-8.x randomly. We detected this in the monitoring of its services, and the issue impacts the latest version. Support requested that we manually gather using a dump tool for them to access the issue. The main service controlling Panda crashes and says ‘The Panda Endpoint Administration Agent service terminated unexpectedly’ on these machines. There is no fix or explanation for this issue, and it’s separate from the ones shown above. We don’t know why the service keeps crashing off or what to do next. Even if we did, we believe that this ‘broken agent’ issue leads to decreased security for those endpoints when they aren’t able to update or communicate properly. A lot of time being spent manually reinstalling agents to fix this issue.
  • Upgrade Issues – Panda also failed to upgrade from v7 to v8 automatically on around 25% of the computers creating a situation where it was ‘broken’ and not functional. There was, of course, a fix or method for support to help us but it was manual, involved remoting into each machine and again the upgrade just didn’t work without any explanation. Many of the computers have rebooted numerous times and get repeatedly prompted to ‘Upgrade Panda’ when they’ve accepted that menu over and over. Meanwhile, the agents did not have full protection because the install was technically broken between versions.

 (Panda Support)

  • Dropper Detection / Kill Chain Issues – None of the files I opened with Malicious Word Macros were detected until the actual payload ran. Panda did not detect many files on-access but only once they ran and down the line in the attack chain. It will stop the PowerShell command from running but only at the point of execution. A little too close for comfort especially when many other tools see the evil in the Macro’s and malware code embedded in the document. Out of a dozen files of so I got live from the internet, none of the droppers triggered an alert until they tried something fishy. Panda was quick about adding them as a generic type of alert when I sent in samples. There is no automated system or method to submit samples to Panda w/o manually opening an e-mail ticket. Panda’s ‘EDR’ type execution report fails to correlate the malicious .doc I opened and only ‘sees’ the Powershell. But what ran the command? What were the parameters?

 ( Panda Support)

  • False Positives – We found that Panda would trigger on innocuous Windows 10 processes like those that update the Windows Store applications. In some cases it labeled them as ‘potentially malicious’ and in lock mode, it halted execution while it could determine if they were true positive malicious. This wasn’t the only ‘system’ type file and we encountered many more with Nvidia and a driver from Intel.
  • Web Filtering / Phishing – Many of the Malware and Phishing URLs I attempted to visit wasn’t classified by the software. During my investigation of the ‘Master Angler’ story this month I had Panda running and it never blocked any of the URLs. I submitted a URL to Panda with my blog and they added that single address but no others that were obviously running off that same IP. After reporting many of these URLs to Panda I realized that the phishing protection was outsourced to Cyren and not using its own threat intelligence.
  • Buggy Alerting- Malware alerts were configured for the web and alerted directly from the IP via SMTP to my e-mail server kind of strange. Not only that but there were still variables in the e-mail that was unresolved like {ExtendedUrlMalwareinfo}. The other issue was that I’d get tons of duplicates with the same information may be 5-10 e-mails in a blast from a single machine visiting a site. It says ‘Virus deleted’ but I couldn’t find anything malicious on some of these sites.

  • Console Outages –  Web console has issues on several occasions with server-side errors that prevented me from logging in. At this exact moment I keep logging in but it tells me for security reasons my session is timed out

  • Cookie Alarm – Panda sent alerts for cookies detected on machines and I couldn’t turn it off. There was no way to whitelist or otherwise exclude this extra noise.



Dell Kace Secure Browser Tool – Freeware Security Tool for Firefox

Dell's new Kace secure browser.

Dell Kace Secure Browser Tool – Freeware Security Tool for Firefox

No Comments

The Dell Kace Secure Browser tool is said to use a kind of re-direction so that browser activity is shifted to an alternate area of the computer to isolate and contain harmful code. The 10MB security software, available for download from Dell’s Kace site, is based on the current Firefox browser and Adobe Flash and Reader Plug-Ins. Dell’s application is integrated with a STAND ALONE version of Firefox 3.6 which can

operates identical to the regular Firefox browser.

The security tool also lets the user create what are called whitelists and blacklists of Web sites allowed to be visited. In a managed environment, the Dell Kace browser security software can be included as a managed application with the Dell Kace K1000 v5.1 Management Appliance, typically used in mid- to large enterprises.

Dell Security Tool – Virtualizing the Browser Against Security Threats

Download Kace Secure Browser (Runs on Seperate Firefox)


Dell's new Kace secure browser.

Trusteer Rapport – Protects Online Banking against Botnets

Trusteer Rapport – Protects Online Banking against Botnets

Rapport is a lightweight security software solution that protects web communication between enterprises, such as banks, and their customers and employees. The product is free for the customers of over 70 different banks, AND can also be downloaded independently of those services for FREE. You can protect any web site you choose outside of the network, and also use the tool with Chrome, IE and Firefox.

Rapport implements a completely new approach to protecting customers and employees. By locking down customer browsers and creating a tunnel for safe communication with the online website, Rapport prevents Man-in-the-Browser malware and Man-in-the-Middle attacks. Rapport also prevents phishing via website authentication to ensure that account credentials are passed to genuine sources only.

Rapport’s unique technology blocks advanced Trojans including Zeus, Silon, Torpig and Yaludle without the need to constantly update and chase the different variants of these Trojans. Its proprietary browser lockdown technology simply prevents unauthorized access to information that flows between customer and employee websites regardless of whether these attempts were generated by new or known Trojan variants. Rapport is also capable of preventing very targeted and under the radar phishing attacks.

Enterprises such as banks can easily configure the system to protect customers and employees and begin offering them Rapport software for quick download from their website. Following a simple one time installation process, Rapport begins securing browsers, works in the background and does not call for a change in user behavior – customers and employees can bank and use the internet as usual – thus enabling fast adoption. Rapport comes with a rich management application that enables enterprises to effectively trigger alerts, view and analyze data as well as manage security.

Rapport is focused on preventing online fraud committed by financial malware and differs from Anti-Virus because it:

* Locks down access to financial and private data instead of looking for malware signatures

* Communicates with your online banking website to provide feedback on security level and report unauthorized access attempts

* Allows for immediate action to be taken against changes in the threat landscape.


* Blocks Zeus, Torpig, Silent Banker and other Man-in-the-Browser attacks
* Blocks Keyloggers and screen grabbing
* Blocks Man-in-the Middle attacks
* Blocks Phishing attacks
* Works on both Windows and Mac
* Protects immediately upon install
* Complements other security software
* Transparent to customers and employees unless a threat is detected
* Delivers advanced reporting on current and new threats including zero-day attacks
* Comes with pre-packaged marketing tools and materials
* 24×7 support option


* Prevents wire and ACH fraud
* Protects against account takeover attacks
* Deployment within weeks, requires no change to enterprise applications
* Fast notification of threats affecting your customers and employees
* Fast adoption by customers using proven tools
* Added security with no change in user behavior
* Proactive rather than reactive to threats and incidents

Browser Lockdown – This technology specifically prevents unauthorized access to sensitive information in the browser. Before launching the browser, Rapport verifies its integrity, preventing unauthorized modifications to the browser’s executable. Rapport locks down all programmatic interfaces to sensitive information inside the browser while it is connected to a protected website. This prevents browser add-ons and other pieces of software from accessing login information, financial information and transactions based on customized policy created with the enterprise. Additionally, Rapport protects the browser’s memory and prevents any pieces of code injected into the browser’s memory from capturing or modifying sensitive information.

Keystroke Lockdown – Rapport prevents tampering and reading of data by encrypting sensitive information from the moment it is typed into the keyboard until it reaches the browser. Trusteer encrypts keystrokes very low in the operating system’s kernel and keeps them encrypted inside the kernel and user space to achieve this goal.

Communication Lockdown – This technology enables Rapport to verify the legitimacy of the website that the customer or employee is currently using, preventing the submission of sensitive information to fraudulent websites. What’s more, verification of a direct connection with the website and assurance of encryption are also confirmed to prevent Man-in-the-Middle attacks. This technology prevents many ACH FRAUD transactions and efforts of trojans such as Torpig & Zeus.

Actionable Intelligence – All policy violations, such as attempts to read password fields and change web page content are reported to the Trusteer cloud-based fraud analysis service. Trusteer’s team of fraud analysts works 24×7, analyzing information from customers all over the world in order to identify new attack patterns. Advanced automatic update mechanisms allow Trusteer to react immediately to new threats. Organizations are immediately alerted regarding new attacks as they occur, instead of days, weeks, and even months after the fact.

These are not the days of the Nimda Virus, so get protected!

PC users:

Mac users:

Ping web site