Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Advanced In-The-Wild Malware Test results for March 2025
Message
<blockquote data-quote="Trident" data-source="post: 1124105" data-attributes="member: 99014"><p>They use no signatures whatsoever, they rely on hash-based detection which appears to only cover executable files. I would assume they at least use fuzzy hashes, but it may as well be SHA256 or MD5 values.</p><p></p><p>Then they use Infrared which is heuristics and ML-based detection again, for executable files. The behavioural blocking and rollback only deals with untrusted processes, unless someone goes and manually includes a variety of LOLBins under the monitored list. I’ve executed a wide variety of threats and have never seen the bespoke rollback in action, everything was just active in memory.</p><p></p><p>The evasion shield is there on business products but is again, heuristics based, for example, it would be triggered if obfuscation (gibberish) is present. Whilst Webroot for a home user could potentially be OK (though arguably home users can do a lot better and cheaper), in the context of advanced attacks it’s comic to bring up Webroot <img class="smilie smilie--emoji" loading="lazy" alt="🙂" title="Slightly smiling face :slight_smile:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f642.png" data-shortname=":slight_smile:" /></p></blockquote><p></p>
[QUOTE="Trident, post: 1124105, member: 99014"] They use no signatures whatsoever, they rely on hash-based detection which appears to only cover executable files. I would assume they at least use fuzzy hashes, but it may as well be SHA256 or MD5 values. Then they use Infrared which is heuristics and ML-based detection again, for executable files. The behavioural blocking and rollback only deals with untrusted processes, unless someone goes and manually includes a variety of LOLBins under the monitored list. I’ve executed a wide variety of threats and have never seen the bespoke rollback in action, everything was just active in memory. The evasion shield is there on business products but is again, heuristics based, for example, it would be triggered if obfuscation (gibberish) is present. Whilst Webroot for a home user could potentially be OK (though arguably home users can do a lot better and cheaper), in the context of advanced attacks it’s comic to bring up Webroot 🙂 [/QUOTE]
Insert quotes…
Verification
Post reply
Top
