App Review Kaspersky Security Cloud Free vs Ransominator (default settings)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
fabiobr

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
564
Thanks to application control custom rules, document files were protected in my test.

Advanced disinfection starts, restart the system and all things rolled back.

Cloud Detection:

2020-04-26 (5).png
 
Last edited:
  • Like
Reactions: Mercenary, miguelang611, toto_10 and 9 others
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Vitali Ortzi said:
Same as SEP default will be blocked by app control / system lockdown
Click to expand...
For the purposes of this test, I don't consider an application control feature to be the same as detection and blocking of this attack.

Yes, application whitelisting and reputation control are part of your layered protection, but this is specifically intended to be a test of a ransomware encrypting mechanism. Blocking the POC from running in the first place is not successfully identifying malicious behavior the way we want our dynamic behavior blockers to do so.
 
  • Like
Reactions: Mercenary, toto_10, SeriousHoax and 5 others
Vitali Ortzi

Vitali Ortzi

Level 22
Verified
Top Poster
Well-known
Dec 12, 2016
1,149
MacDefender said:
For the purposes of this test, I don't consider an application control feature to be the same as detection and blocking of this attack.

Yes, application whitelisting and reputation control are part of your layered protection, but this is specifically intended to be a test of a ransomware encrypting mechanism. Blocking the POC from running in the first place is not successfully identifying malicious behavior the way we want our dynamic behavior blockers to do so.
Click to expand...
well Sonar/bloodhound always sucked
 
  • Like
Reactions: stefanos
Brahman

Brahman

Level 17
Verified
Top Poster
Well-known
Aug 22, 2013
834
An average user need not get into panic mode on seeing these kind of videos because the file will get blocked by Kaspersky before it reaches an average user. But at the same time it also reminds us to have a locked down state in our systems while opening attachments or unknown files.
 
  • Like
Reactions: Mercenary, toto_10, Protomartyr and 6 others
M

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
JoyousBudweiser said:
An average user need not get into panic mode on seeing these kind of videos because the file will get blocked by Kaspersky before it reaches an average user. But at the same time it also reminds us to have a locked down state in our systems while opening attachments or unknown files.
Click to expand...
I’ll go one step further and say to simply not take risks that you don’t have to take! We can feel warm and cozy that we have advanced and well tested AV software and layers of protection but it’s easy to become overconfident. Zero day exploits exist. Modern exploits have demonstrated attackers know how to chain a bunch of exploits together to defeat layers of security.
 
  • Like
Reactions: Mercenary, toto_10, Protomartyr and 5 others
Xjoker

Xjoker

Level 1
Feb 19, 2020
38
Vitali Ortzi said:
This sample isn't special but ones like fun.bat/exe test in the hub did surprise me and some signed sample i tested
But don't think you are safe i few samples i tested bypassed wise vector
Click to expand...

The same can be said for all the antiviruses out there. You can bypass any of them (except comodo IMHO). But in general WV has a very very good detection rate and a powerful behavior blocker!
 
  • Like
Reactions: Vitali Ortzi, harlan4096, Protomartyr and 2 others
Xjoker

Xjoker

Level 1
Feb 19, 2020
38
  • Like
Reactions: toto_10, roger_m, bayasdev and 3 others
E

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Xenofon said:
In my opinion AVAST can be bypassed even in HM.
Click to expand...
yes it can but when you combine it with syshardener with proper settings, it would be very hard to bypass HM aggressive (not moderate mode)
Hardened mode only support .exe files so other extensions can easily bypass it. Syshardener will block most scripts and vectors that can bypass HM
I have used and tested avast for 3 years. There was only 1 bypass, which was a PUP
 
  • Like
  • +Reputation
Reactions: toto_10, roger_m, stefanos and 6 others
Xjoker

Xjoker

Level 1
Feb 19, 2020
38
Evjl's Rain said:
yes it can but when you combine it with syshardener with proper settings, it would be very hard to bypass HM aggressive (not moderate mode)
Hardened mode only support .exe files so other extensions can easily bypass it. Syshardener will block most scripts and vectors that can bypass HM
I have used and tested avast for 3 years. There was only 1 bypass, which was a PUP
Click to expand...

Totally agree with you! In case you add syshardener it is almost impossible to bypass it, but it's the same for the other antiviruses as well.
 
  • Like
Reactions: toto_10, roger_m, harlan4096 and 2 others
E

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Xenofon said:
Totally agree with you! In case you add syshardener it is almost impossible to bypass it, but it's the same for the other antiviruses as well.
Click to expand...
I agree. However, there are few AVs which offer something like HM, especially for free.
Kaspersky has TAM
Some AV have HIPS, but this generates too many prompts, does not automatically allow if the file is safe (n)
Windows has Smartscreen, which works almost exactly the same as HM but a file must be downloaded from a web browser or Smartscreen won't check it
Comodo has autosandbox, reputation-based
.......
 
  • Like
Reactions: Mercenary, toto_10, roger_m and 7 others
Xjoker

Xjoker

Level 1
Feb 19, 2020
38
Evjl's Rain said:
I agree. However, there are few AVs which offer something like HM, especially for free.
Kaspersky has TAM
Some AV have HIPS, but this generates too many prompts, does not automatically allow if the file is safe (n)
Windows has Smartscreen, which works almost exactly the same as HM but a file must be downloaded from a web browser or Smartscreen won't check it
Comodo has autosandbox, reputation-based
.......
Click to expand...

Agree about the HM in AVAST, it must be the only av offering such an option for free! As far as I know Kaspersky 2021 won't have TAM anymore. :)
 
Last edited:
  • Like
Reactions: toto_10, roger_m, stefanos and 3 others

Similar threads

Xeno1234
    • Like
    • +Reputation
    • Thanks
App Review Kaspersky Premium
Replies
12
Views
3,701
Written Reviews - Security and Privacy
rooney49
rooney49
Guilhermesene
    • Like
    • Applause
Hot Take [Tutorial] Update Kaspersky when starting the system automatically
Replies
9
Views
831
Kaspersky
Jonny Quest
Jonny Quest
RoboMan
    • Like
    • +Reputation
    • Applause
  • Sticky
Hot Take RoboMan's Kaspersky 2023 Light & Solid Settings
Replies
55
Views
8,245
Kaspersky
petok
P

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top