App Review AVG Internet Security - Software Analyzer - ransomware test

[Deleted member 2913]

I did it but I didn't record a video. I will tell you the result: it blocked 99.99% of my samples, only petya bypassed and completely shut down the VM. only 1 miss
comodo firewall in Proactive mode + no restriction -> blocked everything including petya, 100% result

Does default "Internet Security" config protects against petya?

 

[Evjl's Rain]

Can you make a summary of all the tests done by now with the number of bypasses, please?

I may try but I don't promise but so far what I remember:
- Kaspersky: missed 1 sample
- Emsisoft: missed 2-3 samples, blocked screenlockers also but screenlockers sucessfully overlapped the popups
- BD: missed 3-4 samples until it was destroyed by petya
- AVG: missed 4-5 samples, failed against petya too
- CCAV: missed petya | CF/proactive: blocked everything
- Kaspersky antiransomware tool: missed a lot
- MB antiransomware: missed a lot
- MB3: not counted, all detected by signatures, couldn't isolate its antiransomware module
- Norton: not counted, same as above, couldn't use SONAR without realtime protection
- Appcheck free & HitmanPro.Alert: missed 2-4 samples, some got blocked but still encrypted a few files. I counted as a miss. Appcheck free doesn't protect against petya. HMP.A blocked petya
- Xvirus firewall Pro: missed a lot, blocked but files were still encrypted
- Xvirus personal guard: same as above but better than the firewall
- Winpatrol WAR: blocked 100%

Does default "Internet Security" config protects against petya?

sorry I don't know, I just tested proactive profile

 

[TheMalwareMaster]

I may try but I don't promise but so far what I remember:
- Kaspersky: missed 1 sample
- Emsisoft: missed 2-3 samples, blocked screenlockers also but screenlockers sucessfully overlapped the popups
- BD: missed 3-4 samples until it was destroyed by petya
- AVG: missed 4-5 samples, failed against petya too
- CCAV: missed petya | CF/proactive: blocked everything
- Kaspersky antiransomware tool: missed a lot
- MB antiransomware: missed a lot
- MB3: not counted, all detected by signatures, couldn't isolate its antiransomware module
- Norton: not counted, same as above, couldn't use SONAR without realtime protection
- Appcheck free & HitmanPro.Alert: missed 2-4 samples, some got blocked but still encrypted a few files. I counted as a miss. Appcheck free doesn't protect against petya. HMP.A blocked petya
- Xvirus firewall Pro: missed a lot, blocked but files were still encrypted
- Xvirus personal guard: same as above but better than the firewall
- Winpatrol WAR: blocked 100%


sorry I don't know, I just tested proactive profile

Thank you

 

[Av Gurus]

I would like to see test with these settings (picture):

 

[Evjl's Rain]

I would like to see test with these settings (picture):

View attachment 133491

I will check that out. I don't really know what the difference was so I left it default

 

[TheMalwareMaster]

I would like to see test with these settings (picture):

View attachment 133491

Is it really real that AVG behavioural blocker is set to a lower level by default?

 

[Davidov]

Thank you

How is it possible that WinPatrol WAR mostly blocked 100 percent of known and unknown ransomware and other products are left behind ??? Is it because of the war acts as an anti-exe?

 

[Av Gurus]

Is it really real that AVG behavioural blocker is set to a lower level by default?

Probably because fear of FP.

 

[TheMalwareMaster]

Probably because fear of FP.

It shouldn't be the same level of security? "Automatically quarantine known threats"= quarantine known threats and ask for the ones which may be false positives? (infact, some of the threats in the videos were removed automatically, for some other he got a prompt). And "Automatically quarantine detected threats"=quarantine all automatically? "Always ask"=ask for all?

 

[Evjl's Rain]

hmm seems like they will produce the exact same level of detection in all 3 modes

 

[Werderforever]

I did it but I didn't record a video. I will tell you the result: it blocked 99.99% of my samples, only petya bypassed and completely shut down the VM. only 1 miss
comodo firewall in Proactive mode + no restriction -> blocked everything including petya, 100% result

Many thanks for your information!

Do you have tested Bitdefender Antiransomware: Anti Ransomware Tool

Bitdefender wrotes, that this tool protects against Petya (and some other Ransomware). Bitdefender Suite failed against Petya in your test. So it´s interesting, whether Bitdefender Antiransomware, which is Freeware, can really protect against Petya.

 

[Evjl's Rain]

Many thanks for your information!

Do you have tested Bitdefender Antiransomware: Anti Ransomware Tool

Bitdefender wrotes, that this tool protects against Petya (and some other Ransomware). Bitdefender Suite failed against Petya in your test. So it´s interesting, whether Bitdefender Antiransomware, which is Freeware, can really protect against Petya.

as far as I know, this is the worst of the worst antiransomware tools you can find on the planet, maybe still better than Gridinsoft
It seems to be abandoned

 

[Davidov]

I think the anti-exe or sandbox do a better job than some antiransomware.

 

[Evjl's Rain]

I think the anti-exe or sandbox do a better job than some antiransomware.

yes of course they will do better because by nature they can block 99-100% of malicious applications but may also block many legit apps

 

[Av Gurus]

Avast add this in new beta :

 

[Evjl's Rain]

How is it possible that WinPatrol WAR mostly blocked 100 percent of known and unknown ransomware and other products are left behind ??? Is it because of the war acts as an anti-exe?

I think it has a very aggressive set of rules that can block almost all ransomwares out there. I tried to run a few legit apps, WAR didn't block them. When I ran CCleaner installation file, WAR blocked a .tmp file. People have complained WAR has had a lot of false positives. I still believe it's a behavior blocker but very aggressive. I read PcMag review of this app, it didn't block all the malwares

 

[Davidov]

[Quote = "Evjl je déšť, post: 590.043, člen: 51905"] Myslím, že to má velmi agresivní sadu pravidel, která mohou blokovat téměř všechny ransomwares venku. Snažil jsem se spustit několik legit aplikací, WAR ani jim nebude blokovat. Když jsem běžel instalační soubor CCleaner, WAR zablokoval soubor TMP. Lidé si stěžovali válka měl hodně falešných poplachů. Stále věřím, že je to chování blokátor ale velmi agresivní. Četl jsem PCMag recenzi této aplikace, neměla blokovat všechny malwares [/ quote]

Je Dore Sciences .-)

 

[Werderforever]

as far as I know, this is the worst of the worst antiransomware tools you can find in the planet, maybe still better than Gridinsoft
It seems to be abandoned

Yes, I have heard that it´s not a good solution. Interesting for me was only, whether Petya will be blocked. Because it´s a promise from Bitdefender and it´s interesting, whether they are don´t speaking the truth.

 

[Davidov]

Finally, the user will decide if it's a false positive or lgitimni software and tozalezi much on the experience of the user.

 

[Evjl's Rain]

Yes, I have heard that it´s not a good solution. Interesting for me was only, whether Petya will be blocked. Because it´s a promise from Bitdefender and it´s interesting, whether they are don´t speaking the truth.

if you want, I can quickly test it against those types of ransomwares it promises to block
no video, just screenshots if necessary