- Dec 17, 2014
- 1,345
Avast vs new Ransomware
- Thread starter Andrew999
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Apr 1, 2017
- 1,760
- Jul 7, 2014
- 1,017
oh that's a shame.
Hope you have watched the video. Or was it sarcastic !!!
- Dec 17, 2014
- 1,345
I recon Avast has very good potential with it's behavior blocker components and it's CyberCapture it just needs 'tweaking' I feel to be more sensitive especially against ransom ware because it is pretty sad it let it through just like that.
- Dec 21, 2017
- 478
- Sep 14, 2014
- 1,026
It was never downloaded from internet - so Cybercapture was not functioning against this particular file. Otherwise - good test.
- May 16, 2017
- 198
Good test. Thank you. I appreciate Avast efforts for offering a free product but I haven't had a good experience with it over the years.
- May 7, 2016
- 1,287
Not a good result for avast but pls give the VT report of the file.
If you put avast in "H" Mode and set it to aggressive then it block it anyway.So my recomendation is set it on aggressive Mode and you will be protected.No AV is 100% against new ransomwares.
VT:VirusTotal
If you put avast in "H" Mode and set it to aggressive then it block it anyway.So my recomendation is set it on aggressive Mode and you will be protected.No AV is 100% against new ransomwares.
VT:VirusTotal
Last edited:
- Jul 7, 2014
- 1,017
People say Avast is good in Hardened mode. I agree but not fully. Hardended more is nothing but a default denial. It will catch every unknown executable. If I need an anti-exe there are plenty of softwares for that.
- Apr 13, 2014
- 254
It was not a fair test for Avast Free Antivirus. Our respected member @Evjl's Rain is very aware how to test each Avast Free Antivirus components carefully and how strong each component is in real-time protection. I would greatly appreciate it if @Evjl's Rain could watch the video and tell us his opinion about the strength of that version of Avast Free Antivirus against new threats especially ransomewares. Thank you very much for your good assistance bro
I would greatly appreciate it if @Evjl's Rain could watch the video and tell us his opinion about the strength of that version of Avast Free Antivirus against new threats especially ransomewares. Thank you very much for your good assistance bro I watched this test several hours ago. being bypassed by 1 malware doesn't conclude anything. Everyone can make a video to demonstrate a bypass to KIS, EAM, norton, ESET, avast. Not difficultIt was not a fair test for Avast Free Antivirus. Our respected member @Evjl's Rain is very aware how to test each Avast Free Antivirus components carefully and how strong each component is in real-time protection.
avast is strong but not the strongest, obviously but it's can be better than a lot other paid AVs. Default settings are to avoid too many FPs. Kaspersky is the best in terms of the balance between protection and FP rate (but not good against PUPs)
Hardened mode is default-deny but if the file is reputable, it's allowed to run unlike other anti-exes, which block block & block. VS can allow files automatically but not frequently
Avast weaknesses (protection-wise):
- weak against java malwares (.jar)
- okay but not great against scripts (.js, jse, vbs, ps1...)
- Cybercapture doesn't work with local files, just files downloaded from the internet and only with .exe extension
- Hardened mode only works against .exe (& .dll!???)
- phishing protection is not so good although it was implemented a few versions back. Can be solved by using Avast online security (browser extension) because it's designed for phishing
Solutions: patch avast's weaknesses
- uninstall/block java -> block java.exe and javaw.exe
- block windows script hosts by registry
- optional: block powershell execution
- use a better browser extension: avira browser safety, norton safe web, bitdefender trafficlight
- enable hardened mode aggressive -> if a file is blocked (because it's too new), try to wait for a few hours or 1-2 days and execute it again so it might get excluded by avast (server). Exclude it in HM if you are in rush
Use OSArmor can solve all the above problems except the last one
if you only execute .exe files, avast's and its hardened mode can handle most of the threats, even better than almost all AVs
Last edited:
- Apr 28, 2017
- 326
I don't think it's fair to judge any AV based on these techniques of finding and introducing the sample onto the machine in the manner that was probably done here.
That level of protection is usually bundled with an unacceptable amount of FPs for the average user.
That level of protection is usually bundled with an unacceptable amount of FPs for the average user.
Avast has failed but this doesn't mean anything, the problem is the malware engineering of some samples.
A well-programmed malware/ransomware can encrypt the malicious code segments, create a stub that takes the encrypted file by decrypting it at run-time and dynamically allocating in the memory the decrypted code, in the appropriate memory addresses.
And maybe by adding a good 40 seconds sleep.
A well-programmed malware/ransomware can encrypt the malicious code segments, create a stub that takes the encrypted file by decrypting it at run-time and dynamically allocating in the memory the decrypted code, in the appropriate memory addresses.
And maybe by adding a good 40 seconds sleep.
- Apr 13, 2014
- 254
Thank you very much for sharing your excellent knowledge with us bro. We are proud of you
Questions for @Evjl's Rain:
1. Do you think that Avast Free Antivirus with OSArmor combo is strong enough to detect & prevent the executing of all types of new ransomwares?
2. If I gave you only two combos then which of the following do you recommend? and Why?
- Avast Free Antivirus + OSArmor
OR
- Avast Free Antivirus + Comodo Firewall
3. Would you please point out the weaknesses of each combo from the above in details?
4. What did you mean by last one problems which OSArmor can not solve it? Phishing protection?
Thank you bro,
Best regards,
Rebsat, Iraq
Last edited:
1/ I think avast (tweaked) + OSA is strong enough against almost all kinds of threat (home users)
2/ Both are fine. CF would yield more FPs and obviously more powerful than OSA. Moreover, by default, avast is conflicting with CF because both use hardware virtualization. It can be fixed by unchecking "Enable hardware-assisted virtualization" in avast's settings -> troubleshooting. CF offers the best free firewall so it can be helpful. CF can also be tweaked to block those weaknesses of avast I mentioned
3/ OSA weakness:
- it's not a true AV or true BB/SRP. It's hybrid according to NVT himself so it can't block all threats but to supplement to our AVs. It doesn't do well against .exe malwares because of its nature and design. Avast's HM can easily deal with .exe malwares
CF weakness:
- No noticeable weakness. Cruelsister approved this app
- FPs can be irritating. May require some time to get used to
- maybe sometimes, comodo analysts mark a few malwares as Trusted (mistakes) -> they can bypass all layers of comodo. It can be solved by disabling Cloud lookup -> much much more FPs but almost never gets bypassed
- some chinese vendors or non-latin-text vendors in their trusted vendor list -> questionable?
4/ yes. OSA can't protect against phishing, obviously because it's a SRP+BB, not web filter
- Jan 8, 2017
- 1,318
Neither with me, respect to those who like, but in my experience with this, I found a reasonable AV, and with many errors, especially this new version.
exactly. I don't understand what they are doing. They create more bugs every release
the latest version v17.9 immediately made me uninstall avast and switch to KIS. They offered the solution to revert back to v17.8, which is okay but still
- Jul 6, 2017
- 2,392
Avast should have detected. I think Avast fails sometimes without explanation. Although it is a good Av, but ...
Similar threads
