App Review AV vs. Petya V2 Ransomware

[Petrovic]

Spoiler: F-Secure

Spoiler: Sophos

Spoiler: Kaspersky

Spoiler: AVG

Spoiler: Avira

Spoiler: McAfee

Spoiler: G Data

 

[Av Gurus]

Spoiler: Spoiler

Avira & Kaspersky

 

[hjlbx]

Spoiler: Spoiler

Avira & Kaspersky

It is heuristics detection...

 

[Noxx]

Good tests. They're in German, but it's clear enough how they all did. Thanks for sharing.

 

[Evgeny]

Hmm its in deutsche.. would be good to know what he is saying.

 

[Atlas147]

Wow pretty good job done by kaspersky and avira, honestly quite surprised that avira caught it even though it wasn't in it's base signatures. Unfortunately it doesn't show how it was caught. I always thought that avira didn't have a good 0 day, the malware was probably caught by cloud?

 

[Petrovic]

It is heuristics detection...

avira - cloud detection

 

[TheMalwareMaster]

Thanks for sharing it's good to see Avira cloud contains most of zero-day threats, considering each unknown suspicious file is uploaded. Thanks also to kaspersky heuristics

 

[hjlbx]

avira - cloud detection

Thanks for pointing that out @Petrovic.

 

[Deleted Member 333v73x]

Thanks for the reviews!
Only Avira and Kaspersky? Wow I expected better, especially Sophos Home it uses the same signatures as its commercial/endpoint protection suites. No AV can block EVERY variant of ransomware - things like Bitdefender Anti-Ransomware, Malwarebytes Anti-Ransomware, Anti-Executables and Crypto Prevent are slowly but surely going to be needed to compliment an anti-virus. That malware NEEDED UAC authorization to do damage, so that proves it works

 

[Andrew999]

Hmm its in deutsche.. would be good to know what he is saying.

I thought it was German. I mostly understand what he is saying because I know a bit of German.

 

[Av Gurus]

Shadow Defender also protect vs Petya, confirmed on Wilderssecurity Forum:
The unofficial Shadow Defender Support Thread.

 

[Evgeny]

I thought it was German. I mostly understand what he is saying because I know a bit of German.

Its in german..

 

[bayasdev]

Could you test 360TS against Petya ?

 

[Nightwalker]

Avira cloud is pretty good and Kaspersky since version 6.0 (in 2005/2006) has a strong behavior blocker with HIPS like feature (PDM detection).

I think only Norton (Sonar) and Emsisoft behavior blocker could do better.

 

[jamescv7]

I have no question to Avira about its detection, of course the cloud or its signature is their primary main defense so the critical level to ruin a system is high enough. Compare to other programs which contains HIPS, BB and other forms of strong user interaction can definitely deny the access.

 

[Deleted member 2913]

Eset was not tested but guess Eset will block both the samples as VT reports showed Eset detected both, right?

Or VT uses all products high/increased protection settings & Eset defaults could miss the sample/s?

 

[jamescv7]

@yesnoo: Well let's see by testing, ESET has prominence on their characteristics of being fast response but of course everything varies.

 

[Lord Ami]

Thanks for the reviews!
Only Avira and Kaspersky? Wow I expected better, especially Sophos Home it uses the same signatures as its commercial/endpoint protection suites.

Actually, F-Secure blocked it too. I'm not sure why he excluded it from DeepGuard popup. Both files were blocked, but he allowed first one and then executed it afterwards... why?

 

[upnorth]

Actually, F-Secure blocked it too. I'm not sure why he excluded it from DeepGuard popup. Both files were blocked, but he allowed first one and then executed it afterwards... why?

He allowed it through UAC in the end and why was simply to show what would happen and for no other special reson as far I could understand.