Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
A Microsoft Defender Follow-up
Message
<blockquote data-quote="Andy Ful" data-source="post: 998319" data-attributes="member: 32260"><p>Some time ago I tested Defender against KnowBe4 Ran Simulator. It uses a folder of files (documents, pictures, etc.) that are supposed to be encrypted. To make the tests quicker, I decreased the number of files in this folder. I noticed that the Defender postinfection detection did not work - all files were encrypted. After many tests, I used the full set of files, and in several cases, Defender stopped the process of encryption before it ended (not all files were encrypted).</p><p>So, the efficiency of post-execution/post-infection detection can be also related to the damage made by the malware. But, it is hard to be sure without inspecting the sample. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite132" alt=":unsure:" title="Unsure :unsure:" loading="lazy" data-shortname=":unsure:" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 998319, member: 32260"] Some time ago I tested Defender against KnowBe4 Ran Simulator. It uses a folder of files (documents, pictures, etc.) that are supposed to be encrypted. To make the tests quicker, I decreased the number of files in this folder. I noticed that the Defender postinfection detection did not work - all files were encrypted. After many tests, I used the full set of files, and in several cases, Defender stopped the process of encryption before it ended (not all files were encrypted). So, the efficiency of post-execution/post-infection detection can be also related to the damage made by the malware. But, it is hard to be sure without inspecting the sample. :unsure: [/QUOTE]
Insert quotes…
Verification
Post reply
Top