Are antiviruses unimportant?
- Thread starter Dr. Wells
- Start date
- Feb 7, 2023
- 2,351
The fact that it is “behavioural” doesn’t have anything to do with the way it operates. It needs internet because some machine learning models are impossible to run on your machine, they would take days, weeks, months.
If you don’t understand the principles of protection, you should abstain from doing everything that you do.
They work the same way. One works with behaviour extracted through partial emulation, the other one works with behavioural features observed at runtime.
Also, try consolidating your replies in one post.
Don’t rush to reply, read and understand first.
- Sep 2, 2021
- 2,582
I've got a bit of time tonight, so I'll install Kaspersky and test it.
(I'll do the same with Bitdefender because I want to see it too).
- Aug 27, 2024
- 38
I also tested it with system watcher, internet was open and ksn was also connected but it did not block. But it's not recorded, if you want me to test sample with all modules and open internet, i will record it and send you after @Shadowra and @Khushal told me they tested my sample.
Another things with KSN or alternative of it is that they dont get digitally signed files, that's why if a virus really strongly fudded and signed, then KSN-like cloud technologies would ignore it.
i think offline behavioral protection should able to stop this virus, it's not complex. it's simple.
- Aug 27, 2024
- 38
- Feb 7, 2023
- 2,351
Different solutions have different ways of dealing with signed malware. Some may be oblivious to signed malware, others may need more indicators than just the digital signature. Kaspersky is not one of the oblivious, neither is Avast. Avast very quickly makes the digital signature the actual reason for detection.
- Sep 2, 2021
- 2,582
I won't do a video, I'll do screenshots (because I'm testing it quickly tonight).
- Aug 27, 2024
- 38
Maybe i can test AVG tonight with open internet. I worry it.
- Sep 2, 2021
- 2,582
Here are the tests!
Internet was disabled during the test.
Kaspersky did not block the attack.
I don't think the Ransomware encrypts the data because the files are lost forever...
It's more like a Wipper...
Bitdefender blocked it on extraction by the anti-malware engine with one detection.
Internet was disabled during the test.
Kaspersky did not block the attack.
I don't think the Ransomware encrypts the data because the files are lost forever...
It's more like a Wipper...
- Aug 27, 2024
- 38
Khushal
Level 2
- Apr 4, 2024
- 70
Expected results.
- Sep 2, 2021
- 2,582
You can if you want, even if it won't do me any good
I'd especially like to understand how you encrypt the data.
(I'm going to try it with Eset and Microsoft Defender with Anti-Ransomware enabled)
- Aug 27, 2024
- 38
@Trident Bro i just tested Kaspersky Premium with all module and connected to network and it didnot block, im uploading video.
Khushal
Level 2
- Apr 4, 2024
- 70
it does encrypt data, i agree i am doing forensics.
- Feb 7, 2023
- 2,351
It compromises the integrity of information is the right way to say it then, since you are doing forensics.
It is malware and it must be detected.
Kaspersky Premium can be tweaked to not allow the execution of this file. Without the tweak, seems like there is no detection from the standard modules.
Khushal
Level 2
- Apr 4, 2024
- 70
Yeah i have often submitted Kaspersky such samples and their analysts always hesitate to add heuristics for Kryptik/Crypt Samples. Albeit i do think that Kaspersky might behave differently on a real machine as quoted multiple times by their experts.
Khushal
Level 2
- Apr 4, 2024
- 70
Khushal
Level 2
- Apr 4, 2024
- 70
Microsoft detects it, ESET doesn'tYou can if you want, even if it won't do me any good
I'd especially like to understand how you encrypt the data.
(I'm going to try it with Eset and Microsoft Defender with Anti-Ransomware enabled)
- Aug 27, 2024
- 38
Similar threads
