Reply to thread

Message

<blockquote data-quote="Andy Ful" data-source="post: 805113" data-attributes="member: 32260">YES and NO. This test is based on the specific procedure:<ul>
<li data-xf-list-type="ul">never seen banking malware created with python and compiled to an exe file;</li>
<li data-xf-list-type="ul">the malware is downloaded manually in Chrome web browser;</li>
<li data-xf-list-type="ul">the malware is then executed by the user and SmartScreen is bypassed by the user;</li>
<li data-xf-list-type="ul">WD is on default settings (no other advanced settings available in Windows 10 Home);</li>
</ul>The test results under these conditions are poor for WD. They should be poor because in default settings WD has poor protection against never seen malicious python scripts. The protection would be much better if the malware was created without using python, but for example, PowerShell, JScript, VBScript (especially after turning on ASR rules).The test is OK, but there is a problem with interpreting the test results in the relation to the users&#039; protection. In the real world, the banking malware is run in the multistage scenario, which is different from the test scenario. The EXE files and python scripts are not used in the early infection stages, but mostly VBA macros, PowerShell, JScript, and VBScript. Those attack vectors are nicely covered by WD (especially after turning on ASR rules). So, WD has poor detection of python malware, but can apply pretty good prevention against them.For testing the real user protection, the test should be performed in a very different scenario. However, this does not mean, that in a real world scenario WD will be the best. Yet, there are some well known tests to compare.</blockquote>

[QUOTE="Andy Ful, post: 805113, member: 32260"] YES and NO. This test is based on the specific procedure: [LIST] [*]never seen banking malware created with python and compiled to an exe file; [*]the malware is downloaded manually in Chrome web browser; [*]the malware is then executed by the user and SmartScreen is bypassed by the user; [*]WD is on default settings (no other advanced settings available in Windows 10 Home); [/LIST] The test results under these conditions are poor for WD. They should be poor because in default settings WD has poor protection against never seen malicious python scripts. The protection would be much better if the malware was created without using python, but for example, PowerShell, JScript, VBScript (especially after turning on ASR rules). The test is OK, but there is a problem with interpreting the test results in the relation to the users' protection. In the real world, the banking malware is run in the multistage scenario, which is different from the test scenario. The EXE files and python scripts are not used in the early infection stages, but mostly VBA macros, PowerShell, JScript, and VBScript. Those attack vectors are nicely covered by WD (especially after turning on ASR rules). So, WD has poor detection of python malware, but can apply pretty good prevention against them. For testing the real user protection, the test should be performed in a very different scenario. However, this does not mean, that in a real world scenario WD will be the best. Yet, there are some well known tests to compare. [/QUOTE]

Verification