- May 7, 2016
- 1,287
Avast BB + Ransomware Shield Test
- Thread starter Captain Awesome
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Dec 27, 2016
- 1,480
Thanks for sharing here @Captain Awesome 
I watched the video just yesterday. Amongst lots of fuss with different samples, some were good to observe.
Regarding the main Ransomware shield demonstration starting at 9:54... It was sad to see the system getting ransomwared like that in presence of a dedicated protection. I'm still not very sure if the Ransomware protection was supposed to be tested like that. The folder protection should have its voice.
I read that there's an option of "Alert mode" for the Folder Shield that may be more useful than the tested default.
The IDP did fairly good though, in presence of a network connection.
I watched the video just yesterday. Amongst lots of fuss with different samples, some were good to observe.Regarding the main Ransomware shield demonstration starting at 9:54... It was sad to see the system getting ransomwared like that in presence of a dedicated protection. I'm still not very sure if the Ransomware protection was supposed to be tested like that. The folder protection should have its voice.
I read that there's an option of "Alert mode" for the Folder Shield that may be more useful than the tested default.
The IDP did fairly good though, in presence of a network connection.
I still don't understand why they don't test with all the components enabled.
The behaviour shield is actually linked with the File Shield in some aspects. I can't go into much detail but I'll give an example. Most of the time zero day malware is already classified in the cloud (old malware is also classified in the cloud). Now here comes the important bit, malware is executed and IDP (behaviour shield) checks the cloud and gets a result that the file is classified as malicious but IDP does this check "asynchronously". This means that the behaviour shield would not block the malware immediately since the File Shield which does the check "synchronously" would have already removed the threat before IDP got involved. File Shield does this query synchronously, e.g. it will block the malware process creation immediately while the query result gets back from the cloud. This is why sometimes some files get encrypted by ransomware before IDP reacts.
Another example would be CyberCapture being linked to the Web Shield.
I'll need to see why the Ransomware Shield didn't react, did the person making the video reboot after enabling the ransomware shield? It could also be the case that it's run under a virtual environment rather than Shadow Defender ? The default mode for Ransomware Shield is "smart" mode so any trusted applications which are trusted via the cloud will be allowed to make changes such as Word etc. Any unknown programs will require user intervention.
The behaviour shield is actually linked with the File Shield in some aspects. I can't go into much detail but I'll give an example. Most of the time zero day malware is already classified in the cloud (old malware is also classified in the cloud). Now here comes the important bit, malware is executed and IDP (behaviour shield) checks the cloud and gets a result that the file is classified as malicious but IDP does this check "asynchronously". This means that the behaviour shield would not block the malware immediately since the File Shield which does the check "synchronously" would have already removed the threat before IDP got involved. File Shield does this query synchronously, e.g. it will block the malware process creation immediately while the query result gets back from the cloud. This is why sometimes some files get encrypted by ransomware before IDP reacts.
Another example would be CyberCapture being linked to the Web Shield.
I'll need to see why the Ransomware Shield didn't react, did the person making the video reboot after enabling the ransomware shield? It could also be the case that it's run under a virtual environment rather than Shadow Defender ? The default mode for Ransomware Shield is "smart" mode so any trusted applications which are trusted via the cloud will be allowed to make changes such as Word etc. Any unknown programs will require user intervention.
- Jul 6, 2017
- 271
I agree with you, especially if the program components are advertised as multi-layered protection. It might not change the outcome in every single case, but I think that it would at least increase the validity of the test.
- Aug 28, 2015
- 772
Agreed again. If I am a consumer and install it with defaults I am going to get most if not all of the components ready to rock. They need to redo this test with everything enabled and then see how it goes.
- Jan 17, 2014
- 486
I think the commentary makes that video a win in my book lol
All serious Jokes aside The Behavior shield really needs some work maybe kick up the sensitivity i guess?
Wow, that ransomware shield looked like a joke.
All serious Jokes aside The Behavior shield really needs some work maybe kick up the sensitivity i guess?
Wow, that ransomware shield looked like a joke.
- Jul 6, 2017
- 271
It might be a complete joke, but let it fail the test on it's own terms with default settings on, as it was intended to fail.
- Jul 3, 2015
- 8,153
This concept of protected folders, used by the Ransomware shield, is not a new idea. It has been around for years, and is not very effective against advanced threats. If the malware manages to hide its identity, it will bypass the protection.
