Malware Hub Report Avira ISS - October 2019 Report

harlan4096 · Oct 8, 2019

Avira ISS - October 2019 Report

Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.

__

C: Clean / P: Protected / P - NC: Protected - Not Clean / I: Infected / E: Encrypted

* Dynamic BB Bonus Test (Resident Protection Disabled)
* Partially Blocked
* BSR: Before System Reboot
* ASR: After System Reboot

October 2019	Samples Pack	Static Detection	Dynamic Detection	Total Detection	System Files Encrypted	2nd Opinion Scanners	System Final Status	Thread Link
* DEFAULT	SETTINGS:
08/10/2019	22	13 / 22	4 / 9	17 / 22	No	C	P	Post#4
09/10/2019	18	11 / 18	0 / 7	11 / 18	No	C: WV ZAM3 NPE I: HMP	BSR: I ASR: P - NC	Post#5
10/10/2019	1	1 / 1	0 / 1*	1 / 1 0 / 1*	No	C N/A*	C I*	Post#4
11/10/2019	15	8 / 15	4 / 7	12 / 15	No	C	P	Post#3
14/10/2019	23	14 / 23	2 + 1* / 9	16 + 1* / 23	Yes (42)	C: NPE ZAM3 I: WV MWB3 EEK HMP: NC	BSR: E + I ASR: E + I	Post#4
14/10/2019	2	2 / 2	N/A	2 / 2	No	C	C	Post#4
15/10/2019	1	1 / 1	N/A	1 / 1	No	C	C	Post#6
16/10/2019	1	1 / 1	N/A	1 / 1	No	C	C	Post#5
16/10/2019	20	11 / 20	4 + 1* / 9	15 + 1* / 20	No	C: ZAM3 I: HMP WV EEK NPE	BSR: I ASR: I	Post#6
17//10/2019	1	1 / 1	N/A	1 / 1	No	C	C	Post#
17/10/2019	17	9 / 17	1 + 1* / 8	10 + 1* / 17	No	C: ZAM3 HMP I: WV NPE	BSR: I ASR: I	Post#4
19/10/2019	1	1 / 1	N/A	1 / 1	No	C	C	Post#4

harlan4096 · Oct 15, 2019

Hi guys, after some tests, some comments:

1.- Avira ISS is extremely slow repairing/moving to quarantine the extracted (not running) samples in a folder

Luke Filwalker is a pain

2.- They changed/updated the main GUI, but still Settings for Avira Pro are the same old looking as always, also both are slow, don't know if because working inside a VM

3.- In every on demand test, Avira ISS only detects exe files... it can't detect other types or files such as jar, scripts or Office documents... on dynamic it can only detects the payload spawned by those, which usually are exe files...

4.- I will not perform Behaviour Bonus Tests with Avira ISS, since it seems disabling Resident Protection will cancel any protection, Avira BB if is there, is not triggered... I performed a few BB Bonus Tests and in all Avira ISS failed irrepressibly, even having the Anti-Ransomware module On...

Evjl's Rain · Oct 15, 2019

I have the exact feeling about avira
there is almost no protection against scripts besides signatures
luke filewalker is a pain

there is zero offline behavioral blocker. Everything is on the cloud (similarly to WD, at least WD has a very basic/weak offline BB)

Search

Malware Hub Report Avira ISS - October 2019 Report

harlan4096

Moderator

harlan4096

Moderator

Evjl's Rain

Level 47

Similar threads