Malware Hub Report Avira Pro - February 2022 Report

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

harlan4096

Moderator
Thread author
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
7,983
Avira Pro - February 2022 Report
Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.
__

System Status Abbreviations
:

P : Protected
NC : Not Clean
I : Infected
E : Encrypted

* : Partially Blocked
* : BB Dynamic Bonus Test (only Behavior Blocker module running)

Second Opinion Scanners Status Abbreviations:

C : Clean
I : Infected

Additional Abbreviations:

WV : WiseVector StopX
HMP : HitManPro
NPE : Norton Power Eraser
EEK: EmsiSoft Emergency Kit
KVRT : Kaspersky Virus Removal Tool

BSR : Before System Reboot
ASR : After System Reboot



February
2022​
Samples
Pack​
Static
Detection​
Dynamic
Detection​
Total
Detection​
System Files
Encrypted​
2nd Opinion
Scanners​
System
Final Status​
Thread
Link​
02/02/2022
2
1 / 2
0 / 1
1 / 2
No
C: NPE
I: WV EEK KVRT
I
04/02/2022
3
1 / 3
1 / 2
2 / 3
No
C: WV*
I: EEK NPE KVRT
I
08/02/2022
4
0 / 4
2 / 4
2 / 4
No
C: EEK
I: WV NPE KVRT
I
11/02/2022
4
1 / 4
1 + 1* / 3
2 + 1* / 4
No
I
I
12/02/2022
2
1 / 2
0 / 1
1 / 2
No
C: KVRT
I: WV EEK NPE
I
15/02/2022
2
0 / 2
1 / 2
1 / 2
No
C: WV EEK
I: NPE KVRT
BSR: I
ASR: NC
17/02/2022
2
0 / 2
1 / 2
1 / 2
No
C: EEK KVRT
I: WV NPE
I
MAXIMUM
HEUR
IN​
SYSTEM SCANNER
+
REAL-TIME
23/02/2022
3
1 / 3
0 / 1
1 / 3
No
C: EEK
I: WV NPE KVRT
I
28/02/2022
1
0 / 1
0 / 1
0 / 1
No
C: EEK
I: WV NPE KVRT
I
 
Last edited:

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,882
Star Wars Love GIF
 

Anthony Qian

Level 7
Verified
Well-known
Apr 17, 2021
321
Interesting to see f secure vs avira IS, both using same avira engine. Deepguard just saved the day
According to the results, F-Secure did quite well - almost 100% block rate. But, samples have failed to execute in many F-Secure testing. The tester said the samples failing to execute are possible VM aware, but other testers successfully ran those samples in VMs. Therefore, I think F-Secure should be re-tested in a different environment to get more reliable results.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,882
According to the results, F-Secure did quite well - almost 100% block rate. But, samples have failed to execute in many F-Secure testing. The tester said the samples failing to execute are possible VM aware, but other testers successfully ran those samples in VMs. Therefore, I think F-Secure should be re-tested in a different environment to get more reliable results.
Let me help explain several key-parts about the Malware Hub and also this thread. This specific statistical thread is created for the AV ( anti-virus ) Avira, not solely the engine Avira and not any other vendor/brand.

The results for each and every thread and any AVs in the Malware Hub, may it be a statistical thread or one of the malware samples threads is always governed and controlled by the disclaimer, also found in the top of this thread.

The Malware Hubs Disclaimer!
This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions. We encourage you to compare these results with others and take informed decisions on what security products to use. Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

The main purpose for the Hub itself is :
testing AVs ( Anti-Virus ) software after a specific pre-set amount of staff decided rules and tools that also works as much as possible for the members of the Hub and their respective time-zone and spare/free-time.

Those specific rules are found here:

We in the Hub are 100% aware that this do not satisfy everyone, and never will as some members have ideas and opinions on how the Hubs tests should be best conducted, even including the results posted/shared. It is in the end either one likes it or not, the Hub members own personal prerogative to post tests according to these rules.
 

Anthony Qian

Level 7
Verified
Well-known
Apr 17, 2021
321
Let me help explain several key-parts about the Malware Hub and also this thread. This specific statistical thread is created for the AV ( anti-virus ) Avira, not solely the engine Avira and not any other vendor/brand.

The results for each and every thread and any AVs in the Malware Hub, may it be a statistical thread or one of the malware samples threads is always governed and controlled by the disclaimer, also found in the top of this thread.

The Malware Hubs Disclaimer!


The main purpose for the Hub itself is :


Those specific rules are found here:

We in the Hub are 100% aware that this do not satisfy everyone, and never will as some members have ideas and opinions on how the Hubs tests should be best conducted, even including the results posted/shared. It is in the end either one likes it or not, the Hub members own personal prerogative to post tests according to these rules.

My point is that, the sample that you considered VM-aware was not really VM-aware in nature. So, the results of F-Secure in the Hub are somewhat misleading, IMO.
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
776
My point is that, the sample that you considered VM-aware was not really VM-aware in nature. So, the results of F-Secure in the Hub are somewhat misleading, IMO.
Well, both testers were using fairly similar versions of VMWare as their host. I'm not sure if VM awareness is the reason.I agree it's curious some of the samples didn't execute, but at the same time, it's also not very surprising that putting 4 other engines (including one of the best behavior blockers) together with the Avira engine results in stronger performance. The differences between each tester's configuration makes this harder to prove because technically the results aren't comparable directly.
 

Anthony Qian

Level 7
Verified
Well-known
Apr 17, 2021
321
Well, both testers were using fairly similar versions of VMWare as their host. I'm not sure if VM awareness is the reason.I agree it's curious some of the samples didn't execute, but at the same time, it's also not very surprising that putting 4 other engines (including one of the best behavior blockers) together with the Avira engine results in stronger performance. The differences between each tester's configuration makes this harder to prove because technically the results aren't comparable directly.
Theoretically, combining Avira engine with F-S's own engines and DeepGuard creates stronger protection. But, unlike Avira, F-S cannot proactively upload suspicious samples to the Avira Protection Cloud for analysis, which I think is the best part of Avira. Instead, F-S can only get the existing HEUR/APC detections from the Cloud.

As for F-S's own engine, I didn't notice many detections made by them in my testing. F-S is still heavily reliant on the Avira engine. Because the Avira engine is very bad at detecting script malware, I believe F-S should develop their own engines to heuristically detect script malware if F-S wants to continue using Avira engine.
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
776
Theoretically, combining Avira engine with F-S's own engines and DeepGuard creates stronger protection. But, unlike Avira, F-S cannot proactively upload suspicious samples to the Avira Protection Cloud for analysis, which I think is the best part of Avira. Instead, F-S can only get the existing HEUR/APC detections from the Cloud.

As for F-S's own engine, I didn't notice many detections made by them in my testing. F-S is still heavily reliant on the Avira engine. Because the Avira engine is very bad at detecting script malware, I believe F-S should develop their own engines to heuristically detect script malware if F-S wants to continue using Avira engine.
In the current round of MalwareHub testing around 1/3 of the hits for F-Secure are from DeepGuard with an occasional hit from their own cloud engine (FSO). It’s not clear if F-Secure contributes to APC from my testing. They definitely contribute to their own cloud and the privacy policy allows sharing with their partners but we can’t see what happens to samples uploaded to F-Secure.

F-Secure seems pretty good at detecting PowerShell and WSH scriptors through DeepGuard but you’re definitely right, both it and Avira are bad at detecting other scriptors like BAT/JS/Python. They were supposed to have a script heuristic engine but I’ve never seen it detect anything.
 

harlan4096

Moderator
Thread author
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
7,983
Maybe set Heuristics to high instead of medium, (in scanner & Realtime) that should improve detection ?
I can set Heur to max, but I doubt it will improve much the detection, I may set max for static / on demand scans, but not for real-time since it will even get my VM system slower 🤢
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,882
Really weak performance of Avira so far. Did expect it to do better to be honest. :confused:
Prime business version maybe? :unsure: I can't find any good info on that version or some whitepaper that could easy explain any clear or obvious difference with their home user versions. It's easy to find for example what the IS ( Internet Security ) and the Prime Home includes.

Avira do have a bit more information in what they call " Resources ", but personal I didn't got much wiser or simply needs to re-read it a few times.