There are some variants, for example the kill-switch call has been eliminated by modifying the hex of the executable and bypassing the concerned calls: probably these versions were not made by the original author, because by analyzing the code, it is clear that it was not done a compiler.I thought Avira detected wannacry since 2 months. Or is that a 0 day modified version?
I agree. If Avira could speed up the detection process/cloud submission probably this system wouldn't be infected.2 suspicious patterns detected and quarantined (after the encrypted copies were generated).
Still, the RW was able to delete the original files left out during the creation of encrypted copies. That clearly indicates the slow detecting and/or inadequate blocking of the malicious process(es) by Avira free, be it cloud or local.
My only concern in the security setup was that the 'Use file extensions list' (that's mostly custom) was selected instead of 'Use Smart Extensions' (or All Files). I do not remember if the extensions have to be specified in this AV. I may be wrong, but probably using Smart Extensions list (like the default settings of many AVs) could have helped detect the malicious process, earlier, instead of just depending on the detection of the encrypted files in some monitored folders.
Machine learning is the new toy in the industry, any vendor that implements it correctly will have a good edge on the others. Avira somehow uses it, but implementation is not good. What surprised me was that machine learning is working with real time protection in Symantec endpoint protection(there are different approaches in machine learning) . So many samples get detection before execution by auto protect. That's what i call implementation.It is hard to stop ransomware post execution.
This is where Comodo, Bitdefender and Kaspersky separate themselves.
Still like Avira, they do good work.
But currently I prefer my Windows Defender, Smart Screen block, app install limitation setup.
Do Avira have any plans to integrate stronger zero day protection?Hello,
I saw this thread and also had a short conversation with @Game Of Thrones about this matter.
What I can say as summary is that we use several detection methods for the wannacry family, so they should be detected in the vast majority. There could be indeed a new variant of this virus that wasn't detected at the time of video creation, but this is impossible to tell if we don't have the file, or at least its hash in order to investigate.
hello, could you please explain the differences between avira free and avira pro besides web guard?Sure. The Antivirus modules are continuous improved as a rolling release. This means that new and improved features are distributed as product updates on availability.