Video Arcabit Internet Security 2022

Source
https://www.youtube.com/watch?v=vpY8rMoMZKc
Video created by
Shadowra

Shadowra

Level 17
Thread author
Verified
Malware Tester
Sep 2, 2021
831
Hello and welcome to the Arcabit test!
Arcabit is a Polish company, very well known in Poland!
It is beginning to make a reputation for itself worldwide.

The product is easy to use and offers many features.
It also offers an "Application Control" mode (which will not be activated in this test) which allows to block unknown applications.
Arcabit uses its own engine and that of Bitdefender, however, the editor renames the definitions of Bitdefender.

In terms of protection, Arcabit is very good!
It blocked all malicious URLs!
On the pack, the machine is infected by PUPs (Arcabit detects several times files containing the adware Conduit), nothing dramatic.
Some remnants of Trojans are present in the number of 3, but not active, it is easily removable.

RAM Usage : Light
Phishing Test : 1/5 (4 undetected)
Malware URL test : 8/8 (2 dead)
Fake crack : 1/1 (detected)
Malware Pack : Remaining 146 out of 1102 files.

Result :
- Arcabit : 0 (The interceptor repeatedly detects a Conduit file)
- Hitman Pro : 9 (PUP files, not active)
- NPE : 6 (PUP detection)
- ESET : 12 (PUP detection and 3 Trojan files, not active)


Recommand ? => YES

@KonradPL request
 

Shadowra

Level 17
Thread author
Verified
Malware Tester
Sep 2, 2021
831
I instantly recgonized the detection names, so it uses the BItdefender SDK/API for both signatures and zero day protection using the Bitdefender Cloud, so like a lot of these AV's using outsourced engines I see little point using it over actually using, say, Bitdefender.

Yes, however I noticed that Arcabit / ArcaVir renames the Bitdefender definitions.
Why? I don't know....
 

Mahesh Sudula

Level 17
Verified
Top poster
Well-known
Sep 3, 2017
821
Yes, however I noticed that Arcabit / ArcaVir renames the Bitdefender definitions.
Why? I don't know....
Noticed this behaviour , they just rebrand their signature definition with BD. It is just BD engine AV / Their own engine once in blue moon picks up some PUP's

Observed similar style PUP detection as well.

1647635840145.png
 

Asterixpl

Level 6
Mar 19, 2022
294
Arcabit is a decent Polish package for computer protection. Programmers are constantly improving the operation of the program.

The program uses Bitdefender databases as well as its proprietary detection engine

MKS VIR and ARCABIT are the same


I currently have MKS VIR installed
 
Last edited:

kC77

Level 4
Aug 16, 2021
188
Never heard about this but gave it a spin today on the test VM, a few new samples added to the pack, includeing some BLACKGUARD so now at around 1100 samples

Firstly annoying were the amount of pop ups which i tried to silent by putting into "silent" mode, and also "game mode" but they kept popping up....

It did miss a few things, and allowed applications to trigger my IDS
arcabit-IDS3.jpg

due to the annoyance of the pop ups i couldn't really monitor process explorer. I was fighting to close the pop up's to try and see what was happening, but just gave up in the end. it was when my gateway IDS started flagging malware command & control & agent tesla activity detected that I knew it was comprimised.

after it ran the execution batch, i checked the samples folder and there were still 900+ objects it hadn't deleted, very confusing as in the options I had set to "Delete" and when i tried to manually delete them it popped up the alerts all over again, a quick glance at startup and nothing had been added, and apart from a installer and a putty thing running, there didnt seem to be too much left
arcabit-post.png

I gave up and shut the VM down, If they ever fix the silent/game mode/pop ups i may give it another test in future. (or is there something else apart from silent mode in options/game mode I can do to stop the pop ups?)

I didn't give it a great amount of time testing.... but due to the amount of outgoing malicious traffic flagged during the test, something bad happened! but in the end looking at startup and exactly what was left running, it didn't appear all that bad!
Its certainly better than ESET/G-Data/Sophos's tests..... if they could just fix the pop ups to actually stay silent.

if anyone's bored enough is a gif of the test gif of arcabit test 1 - (84.5mb)

also important to note this test was at default settings......
I may retest with MAX as it got so close to 100%
 

Attachments

  • arcabit-IDS2.jpg
    arcabit-IDS2.jpg
    195.2 KB · Views: 25
Last edited:

kC77

Level 4
Aug 16, 2021
188
Well this was very unexpected and anyone using this software may be at risk if you have changed from the default settings!

retested this(twice to be sure)
enabled the extra features.. application control, and set the heuristics to highest (at the start of the gif ill share here you will see the settings i changed... i also found the option to diable the pop ups....) but basically with harder settings in place.... the system was totally and utterly compromised....
take a look at the amount of threat connections to outside on my IDS threat MAP, i had 177 alerts within 2 minutes (the pink dot shows the location/country and the number is the amount of intrusion detections)
arcabit-map.jpg

as seen in the gif below, after the last test I also ran currports from nirsoft to visually see the samples connecting..
what im blown away with though is how by enabling what i'd think are more secure settings, how the protection of this software goes to basically ZERO.

Now it did make it to the end of the test, and there is drive wiper malware in this set, so it blocked some things......

GIF - test 2 - Arcabit Max settings (total fail) 76.1mb download

my only advice if you do use this software, LEAVE AT DEFAULT SETTINGS!!!!!!!!!!!!!

(just to be sure it wasnt a bug, i reset the machine and tested again with the same settings (but didnt use game mode option) and exactly the same happened.
 

kC77

Level 4
Aug 16, 2021
188
well this is an unrealistic test hammering a product with 1000 samples, this wont happen to you!
also possibly something is different with the trial version? if this was my only AV from these tests i would revert to default settings.

In my tests it performed a LOT better on default settings (1st test) and totally failed the 2nd & 3rd retest when enabling app control, disable pop ups and high heuristics.

If you have support with them reach out.... if they get a version for me to retest id be happy to try it