I just tested it against one sample "Trick bot' for which it didn't have signature
It blocked it successfully with dynamic detection "ML.PE.A" after 2-4 mins it's remnant was deleted and detected as "ML.PE.C".
Moreover they added some tamper protection..I did see it in action .
Ok with the improvements..however testing in the long run would give us more insight
That's good to hear! Hopefully someone will test it in the HUB and so we can get a bigger picture of it's new capabilities. Im also glad to hear about the tamper protection. That, along with the quarentine were it's 2 biggest issues in the previous version, glad to hear that that part has been addressed so far.
Those are some good suggestions. Aside from the AMSI integration (which according to a previous member they are looking to add it, so hopefully we will see it in the next major version) and the 2FA for the login screen, you can pretty much get these capabilities with going with the likes of OSA, VS, Syshardener, etc... I guess it really comes down to whether you are ok running an extra 3rd party program (ie: VS) along side SHP, or not? I agree that it would be nice to have everything built in to keep things simple, but that may never happen fully. I've ran VS and OSA (not at the same time) along side SHP without any issues in the past, so it is do able.I’ve kept it on my old machine. It flagged some executables that misused register shifts, I know they’re not malicious but interceptX static analysis looks quite strong.
That said, to install it in a new machine I’d want to see
1) something like WD’s protected folders , on top of the existing anti ransomware features
2) totp/u2f 2FA on their web dashboard
3) to be able to configure more real time protection, eg I’d want something like WD’s “Block at First Sight”.
5) ASR-like functionality in its behavior blocking
6) test files so that I can verify each advertised feature works as intended
7) block autorun, not just autoplay
8) Allow hardening of hips rules
All I’m asking is features that are there for free alternatives
Integration of mobile devices into the web dashboard would also be nice
As for adding a "Block at First Sight" feature, I believe with the latest version SHP already has this. If I am not mistaken (maybe @Andy Ful can confirm, as he is well versed in all things WD and W10 security) BAFS is Microsoft's version of cloud/ML capabilities. So in essence with the addition of "ML" in this version of SHP, technically it already has this capability.