- Nov 1, 2014
- 104
Avira Free Antivirus vs WannaCry ransomware by Juan Diaz
- Thread starter Arin
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Apr 16, 2017
- 2,101
I thought Avira detected wannacry since 2 months. Or is that a 0 day modified version?
- Feb 13, 2017
- 737
Probably a new file with unknown hash to the signatures. It proves Avira Cloud is still not detecting it.
- Apr 16, 2017
- 2,101
More importantly it detected the malware but failed to remove it. Also cloud in free version is meh.
- Dec 27, 2016
- 1,480
2 suspicious patterns detected and quarantined (after the encrypted copies were generated).
Still, the RW was able to delete the original files left out during the creation of encrypted copies. That clearly indicates the slow detecting and/or inadequate blocking of the malicious process(es) by Avira free, be it cloud or local.
My only concern in the security setup was that the 'Use file extensions list' (that's mostly custom) was selected instead of 'Use Smart Extensions' (or All Files). I do not remember if the extensions have to be specified in this AV. I may be wrong, but probably using Smart Extensions list (like the default settings of many AVs) could have helped detect the malicious process, earlier, instead of just depending on the detection of the encrypted files in some monitored folders.
Still, the RW was able to delete the original files left out during the creation of encrypted copies. That clearly indicates the slow detecting and/or inadequate blocking of the malicious process(es) by Avira free, be it cloud or local.
My only concern in the security setup was that the 'Use file extensions list' (that's mostly custom) was selected instead of 'Use Smart Extensions' (or All Files). I do not remember if the extensions have to be specified in this AV. I may be wrong, but probably using Smart Extensions list (like the default settings of many AVs) could have helped detect the malicious process, earlier, instead of just depending on the detection of the encrypted files in some monitored folders.
- Feb 13, 2017
- 1,486
There are some variants, for example the kill-switch call has been eliminated by modifying the hex of the executable and bypassing the concerned calls: probably these versions were not made by the original author, because by analyzing the code, it is clear that it was not done a compiler.
Indeed, subsequently to the control of the kill switch, the flow of code execution proceeds to create a service called "mssecsvc2.0" (displayed with the symbolic name "Microsoft Security Center (2.0) Service"), starting it and pulling out the ransomware component and performing it.
- Oct 2, 2014
- 825
Avira had its time in the past, like many other AV vendors. Thing is in the present, it will be only useful for common malware. It won't help against pissed of malware, it will just collapse.
perhaps the main process created many processes which a few of them were blocked but the main process was not blocked so it could still infect
I don't know if the pro version can block it or not but the cloud in free version didn't upload the file for cloud analysis this time
some people on Wilders are still saying free and pro are identical and smashing other users that they have no clue but they can't point out the difference between the 2 other than giving some unhelpful avira's descriptions, no real test
I don't know if the pro version can block it or not but the cloud in free version didn't upload the file for cloud analysis this time
some people on Wilders are still saying free and pro are identical and smashing other users that they have no clue but they can't point out the difference between the 2 other than giving some unhelpful avira's descriptions, no real test
- Feb 13, 2017
- 737
I agree. If Avira could speed up the detection process/cloud submission probably this system wouldn't be infected.
- Apr 13, 2013
- 3,224
There have been a few new variants of Wanna, and Avira for whatever reason has been the slowest to react to them.
- Feb 24, 2017
- 1,661
how helpful, didn't block the encrypting process, but blocked the process that shows you how to decrypt your files..
- Jul 28, 2014
- 1,990
Avira has a blog post stating that they have detected wannacry 2 months before the outbreak happened, this is probably a new variant, maybe you should send it to virustotal to check the detection ratio on it. Hopefully other vendors have already reacted to it faster than Avira.
Also you should SUD this to Avira and other vendors that don't detect this variant ASAP to prevent others from getting infected as well.
Also you should SUD this to Avira and other vendors that don't detect this variant ASAP to prevent others from getting infected as well.
- Jun 5, 2014
- 276
can you test pro? I wrote another post in Avira section in MT that pro version has a really different malware detection. much more powerful
- Apr 28, 2017
- 326
It is hard to stop ransomware post execution.
This is where Comodo, Bitdefender and Kaspersky separate themselves.
Still like Avira, they do good work.
But currently I prefer my Windows Defender, Smart Screen block, app install limitation setup.
This is where Comodo, Bitdefender and Kaspersky separate themselves.
Still like Avira, they do good work.
But currently I prefer my Windows Defender, Smart Screen block, app install limitation setup.
- Apr 16, 2017
- 2,101
Of course, it's for the greater good (less people pay the ransom).
- Jun 5, 2014
- 276
Machine learning is the new toy in the industry, any vendor that implements it correctly will have a good edge on the others. Avira somehow uses it, but implementation is not good. What surprised me was that machine learning is working with real time protection in Symantec endpoint protection(there are different approaches in machine learning) . So many samples get detection before execution by auto protect. That's what i call implementation.
- Oct 27, 2016
- 24
Hello,
I saw this thread and also had a short conversation with @Game Of Thrones about this matter.
What I can say as summary is that we use several detection methods for the wannacry family, so they should be detected in the vast majority. There could be indeed a new variant of this virus that wasn't detected at the time of video creation, but this is impossible to tell if we don't have the file, or at least its hash in order to investigate.
I saw this thread and also had a short conversation with @Game Of Thrones about this matter.
What I can say as summary is that we use several detection methods for the wannacry family, so they should be detected in the vast majority. There could be indeed a new variant of this virus that wasn't detected at the time of video creation, but this is impossible to tell if we don't have the file, or at least its hash in order to investigate.
- Aug 17, 2013
- 1,905
Do Avira have any plans to integrate stronger zero day protection?
- Oct 27, 2016
- 24
Sure. The Antivirus modules are continuous improved as a rolling release. This means that new and improved features are distributed as product updates on availability.
hello, could you please explain the differences between avira free and avira pro besides web guard?
Is there any difference in protection feature? Why did Avira upload more malwares to APC than Avira free in my tests?
thank you
Last edited:
Similar threads
