Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Of LoLBins, 0-Days, ESET, and Microsoft Defender
Message
<blockquote data-quote="Trident" data-source="post: 1083505" data-attributes="member: 99014"><p>This is true for all AV implementations.</p><p></p><p>For example Trend Micro has decided for all unsigned files to trigger a warning that upon first attempt to run a file, serves as a block.</p><p>On the second attempt for execution, it includes “run anyway”.</p><p>Not everyone should follow, for example recent MS implementations are more aggressive, others monitor unsigned files’ behaviour more aggressively.</p><p></p><p>Bitdefender as of recently includes memory scanner to more efficiently detect packers.</p><p>Symantec/Norton have very vague implementations of memory scanning only looking at specific addresses for specific malware (detection denoted MemScan.xxx)</p><p>Symantec/Norton however are very aggressive towards new, custom packers.</p><p></p><p>The malware problem is very complex and whilst solutions to an extent overlap, complete copy and paste is not necessary, as long as the job is done.</p><p></p><p>It is the analogy that was once provided on this forum, “what is better, pants or skirt”?</p><p>Both are the same, some people consider pants appropriate, others go for skirt. As long as they are wearing clothes, all good… <img class="smilie smilie--emoji" loading="lazy" alt="👍🏻" title="Thumbs up: light skin tone :thumbsup_tone1:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f44d-1f3fb.png" data-shortname=":thumbsup_tone1:" /></p></blockquote><p></p>
[QUOTE="Trident, post: 1083505, member: 99014"] This is true for all AV implementations. For example Trend Micro has decided for all unsigned files to trigger a warning that upon first attempt to run a file, serves as a block. On the second attempt for execution, it includes “run anyway”. Not everyone should follow, for example recent MS implementations are more aggressive, others monitor unsigned files’ behaviour more aggressively. Bitdefender as of recently includes memory scanner to more efficiently detect packers. Symantec/Norton have very vague implementations of memory scanning only looking at specific addresses for specific malware (detection denoted MemScan.xxx) Symantec/Norton however are very aggressive towards new, custom packers. The malware problem is very complex and whilst solutions to an extent overlap, complete copy and paste is not necessary, as long as the job is done. It is the analogy that was once provided on this forum, “what is better, pants or skirt”? Both are the same, some people consider pants appropriate, others go for skirt. As long as they are wearing clothes, all good… 👍🏻 [/QUOTE]
Insert quotes…
Verification
Post reply
Top