Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Any real-time software that uses non-traditional ways to find malware?
Message
<blockquote data-quote="danb" data-source="post: 916280" data-attributes="member: 62850"><p>I pretty much finished testing WD… as you guys know it is very difficult to test. Basically, it was designed to protect the computer, and not designed to test malpaks. I do not have the exact numbers because files were constantly being uploaded to the cloud for analysis, so a lot of times the initial static verdict would be clean, then later the file would be correctly classified as malware. So the initial static results were not all that great, but MS apparently has some pretty amazing malware analysis sandboxes because most files were correctly identified after the dynamic analysis in the cloud. The only issue is how many patient zeros will there be, especially when considering polymorphic malware. Like all security products, WD is a work in progress, and I love the direction they are heading... overall it is an amazing product.</p><p></p><p>BTW, I discovered a little trick while performing the tests that might help anyone testing WD in the future. Do you guys know how if you scan a lot of files with WD it becomes overwhelmed (because it was designed to protect the computer and not test malpaks)? I noticed that WD was not nearly as overwhelmed when it analyzed the files as they were moved from one folder to another. So I simply moved the files from one folder to another, then used Defender Control 1.6 to turn WD off and delete the infected files along with the WD Protection History, then turned WD back on with Defender Control, then moved the files again until all that remained were “clean” files. Then you can execute whatever is left over to perform dynamic analysis if you wish. If I would have waited for the WD scans, it would have taken many, many days.</p></blockquote><p></p>
[QUOTE="danb, post: 916280, member: 62850"] I pretty much finished testing WD… as you guys know it is very difficult to test. Basically, it was designed to protect the computer, and not designed to test malpaks. I do not have the exact numbers because files were constantly being uploaded to the cloud for analysis, so a lot of times the initial static verdict would be clean, then later the file would be correctly classified as malware. So the initial static results were not all that great, but MS apparently has some pretty amazing malware analysis sandboxes because most files were correctly identified after the dynamic analysis in the cloud. The only issue is how many patient zeros will there be, especially when considering polymorphic malware. Like all security products, WD is a work in progress, and I love the direction they are heading... overall it is an amazing product. BTW, I discovered a little trick while performing the tests that might help anyone testing WD in the future. Do you guys know how if you scan a lot of files with WD it becomes overwhelmed (because it was designed to protect the computer and not test malpaks)? I noticed that WD was not nearly as overwhelmed when it analyzed the files as they were moved from one folder to another. So I simply moved the files from one folder to another, then used Defender Control 1.6 to turn WD off and delete the infected files along with the WD Protection History, then turned WD back on with Defender Control, then moved the files again until all that remained were “clean” files. Then you can execute whatever is left over to perform dynamic analysis if you wish. If I would have waited for the WD scans, it would have taken many, many days. [/QUOTE]
Insert quotes…
Verification
Post reply
Top