This is not surprising... the 94 out of 125 files that WV classified as malicious were not filtered or inspected in anyway... I simply counted them as a correct verdict. However, I inspected the files that WV missed to ensure they were 1) valid executables and 2) malicious, and this was after I scanned the malpack for duplicates. This actually works in WV's favor, but I believe it is the only fair way to run the test. So the test was not up to lab standards, but it was pretty close . But anyway, this would explain why some of the files are not valid executables (and did not execute). Basically, they are files that WV determined to be malicious and I counted them as a correct verdict without inspecting them further.I think this might be helpful:
I'll try execute some of the PUPs in this archive, as I am curious.
So, after a scan 15 files were left, 110 were removed.
I tried to execute them, only 3 seem to be working:
One of them is scam software (Re-image).
View attachment 249529View attachment 249530View attachment 249531View attachment 249532View attachment 249534View attachment 249535
Everything else crashes immediately.
I also downloaded these samples and tested WD, AVG and Emsisoft. WD has the highest detection rate among this, followed by Emsisoft and AVG. It detected 119 out of 125, 6 files were left. So, 95.2% detection. The PUP's are classified accurately as well. After checking on VT, it seems even overall among all the big guns WD has the best detection rate for this pack. These are very old samples though, from 2017.Here are the samples used in the WV PUP test, feel free to install them on your computer.
Please let me know if you understand the distinction.
My test was with AVG earlier and 15 files remained, not sure how many remain now. Some of them may have matched more than one signature.Some results that i've done:
Malwarebytes Free: 118 out of 125
Avast Premium: 132 out of 125 <---
G Data AV: 115 out of 125
FortiClient: 88 out of 125 <---
Don't look at the numbers in the scan window. Check how many files are left behind. Btw, I did submit undetected samples to Avast. So some change may happen.Avast Premium: 132 out of 125 <---
Same here.My test was with AVG earlier and 15 files remained
Most of the files remaining after AVG scan won't execute, with the exception of few that look like Chinese/Turkish game clients and might not even be a PUP (just like SAP is far cry from ClipBanker). One was removed by IDP (Behavioural Blocker), majority just gives an error on execution.After on demand scan without execution? Since when Comodo started to have good signatures!
Right. I noticed that too. Since these are very old samples, all AVs I think detected the obvious malicious/pup samples. The remainders are either broken or not worthy enough for them to create signatures. Some products are more or less aggressive about PUPs hence the difference.Most of the files remaining after AVG scan won't execute, with the exception of few that look like Chinese/Turkish game clients and might not even be a PUP. One was removed by IDP (Behavioural Blocker), majority just gives an error on execution.
COMODO uses reputation, doesn't it?
One of them is a fully legit, but not too popular game client, named Alawar: Alawar - WikipediaYeah. Scan was made with clood lookup enabled @McMcbrad
View attachment 249587