Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
Can you make a summary of all the tests done by now with the number of bypasses, please?
I may try but I don't promise but so far what I remember:
- Kaspersky: missed 1 sample
- Emsisoft: missed 2-3 samples, blocked screenlockers also but screenlockers sucessfully overlapped the popups
- BD: missed 3-4 samples until it was destroyed by petya
- AVG: missed 4-5 samples, failed against petya too
- CCAV: missed petya | CF/proactive: blocked everything
- Kaspersky antiransomware tool: missed a lot
- MB antiransomware: missed a lot
- MB3: not counted, all detected by signatures, couldn't isolate its antiransomware module
- Norton: not counted, same as above, couldn't use SONAR without realtime protection
- Appcheck free & HitmanPro.Alert: missed 2-4 samples, some got blocked but still encrypted a few files. I counted as a miss. Appcheck free doesn't protect against petya. HMP.A blocked petya
- Xvirus firewall Pro: missed a lot, blocked but files were still encrypted
- Xvirus personal guard: same as above but better than the firewall
- Winpatrol WAR: blocked 100%

Does default "Internet Security" config protects against petya?
sorry I don't know, I just tested proactive profile
 
Last edited:

TheMalwareMaster

Level 20
Verified
Trusted
I may try but I don't promise but so far what I remember:
- Kaspersky: missed 1 sample
- Emsisoft: missed 2-3 samples, blocked screenlockers also but screenlockers sucessfully overlapped the popups
- BD: missed 3-4 samples until it was destroyed by petya
- AVG: missed 4-5 samples, failed against petya too
- CCAV: missed petya | CF/proactive: blocked everything
- Kaspersky antiransomware tool: missed a lot
- MB antiransomware: missed a lot
- MB3: not counted, all detected by signatures, couldn't isolate its antiransomware module
- Norton: not counted, same as above, couldn't use SONAR without realtime protection
- Appcheck free & HitmanPro.Alert: missed 2-4 samples, some got blocked but still encrypted a few files. I counted as a miss. Appcheck free doesn't protect against petya. HMP.A blocked petya
- Xvirus firewall Pro: missed a lot, blocked but files were still encrypted
- Xvirus personal guard: same as above but better than the firewall
- Winpatrol WAR: blocked 100%


sorry I don't know, I just tested proactive profile
Thank you
 

TheMalwareMaster

Level 20
Verified
Trusted
Probably because fear of FP.
It shouldn't be the same level of security? "Automatically quarantine known threats"= quarantine known threats and ask for the ones which may be false positives? (infact, some of the threats in the videos were removed automatically, for some other he got a prompt). And "Automatically quarantine detected threats"=quarantine all automatically? "Always ask"=ask for all?
 
I did it but I didn't record a video. I will tell you the result: it blocked 99.99% of my samples, only petya bypassed and completely shut down the VM. only 1 miss
comodo firewall in Proactive mode + no restriction -> blocked everything including petya, 100% result
Many thanks for your information!:)

Do you have tested Bitdefender Antiransomware: Anti Ransomware Tool

Bitdefender wrotes, that this tool protects against Petya (and some other Ransomware). Bitdefender Suite failed against Petya in your test. So it´s interesting, whether Bitdefender Antiransomware, which is Freeware, can really protect against Petya.
 

Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
Many thanks for your information!:)

Do you have tested Bitdefender Antiransomware: Anti Ransomware Tool

Bitdefender wrotes, that this tool protects against Petya (and some other Ransomware). Bitdefender Suite failed against Petya in your test. So it´s interesting, whether Bitdefender Antiransomware, which is Freeware, can really protect against Petya.
as far as I know, this is the worst of the worst antiransomware tools you can find on the planet, maybe :) still better than Gridinsoft
It seems to be abandoned
 
Last edited:

Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
How is it possible that WinPatrol WAR mostly blocked 100 percent of known and unknown ransomware and other products are left behind ??? Is it because of the war acts as an anti-exe?
I think it has a very aggressive set of rules that can block almost all ransomwares out there. I tried to run a few legit apps, WAR didn't block them. When I ran CCleaner installation file, WAR blocked a .tmp file. People have complained WAR has had a lot of false positives. I still believe it's a behavior blocker but very aggressive. I read PcMag review of this app, it didn't block all the malwares
 

Davidov

Level 10
[Quote = "Evjl je déšť, post: 590.043, člen: 51905"] Myslím, že to má velmi agresivní sadu pravidel, která mohou blokovat téměř všechny ransomwares venku. Snažil jsem se spustit několik legit aplikací, WAR ani jim nebude blokovat. Když jsem běžel instalační soubor CCleaner, WAR zablokoval soubor TMP. Lidé si stěžovali válka měl hodně falešných poplachů. Stále věřím, že je to chování blokátor ale velmi agresivní. Četl jsem PCMag recenzi této aplikace, neměla blokovat všechny malwares [/ quote]

Je Dore Sciences .-)
 
as far as I know, this is the worst of the worst antiransomware tools you can find in the planet, maybe :) still better than Gridinsoft
It seems to be abandoned
Yes, I have heard that it´s not a good solution. Interesting for me was only, whether Petya will be blocked. Because it´s a promise from Bitdefender and it´s interesting, whether they are don´t speaking the truth.
 

Evjl's Rain

Level 42
Verified
Trusted
Content Creator
Malware Hunter
Yes, I have heard that it´s not a good solution. Interesting for me was only, whether Petya will be blocked. Because it´s a promise from Bitdefender and it´s interesting, whether they are don´t speaking the truth.
if you want, I can quickly test it against those types of ransomwares it promises to block :)
no video, just screenshots if necessary