App Review Best Antivirus vs Unknown Ransomware II (TPSC)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
The PC Security Channel
S

Schug

New Member
Jul 14, 2024
9
bazang said:
LEO is using a basic way to encrypt files. There is nothing extraordinary about his ransomware simulation. What he shows is completely realistic and any user is susceptible to it.
Click to expand...
The situation this represents is an unknown zero-day ransomware attack. That is what is unlikely to be experienced by the average user. However, in this situation behavioral detection is necessary. Maybe I'm misunderstanding?
 
  • Like
Reactions: Khushal, Sorrento, Jonny Quest and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,500
I am impressed. Leo pushed the testing methodology in the XXII century. He created a golden sample that can show which AV is better against ransomware.
... or maybe I am wrong, and this video is just a presentation of one of many possible results (depending on the tested sample).
 
Last edited:
  • Like
Reactions: Khushal, Thales, brambedkar59 and 9 others
C

cofer123

Level 3
Thread author
Sep 7, 2021
134
A reasonable explanation on the ESET forums for the outcome of this sample:

Marcos said:
As I have already mentioned, this file encrypts files only in the current folder from which it was run. It does not walk through other folders like other actual ransomware which might account for why it was not detected by the Ransomware shield prior to adding the detection.
Click to expand...
itman said:
Many "test" ransomware such as KnowBe4's Ransomware simulator: Ransomware Simulator | KnowBe4 operate as noted above; encrypt files in a single designated test folder/directory. As has been discussed previously at length in the forum: Ransomware Simulators - A Detailed Analysis, Eset will not detect these test ransomware due to the fact they don't exhibit actual ransomware behavior. Encrypting files in a single folder/directory per se is not "real world" ransomware behavior.
Click to expand...
 
  • Like
  • Hundred Points
Reactions: Khushal, brambedkar59, micasayyo and 8 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,500
Testing such custom-made samples can sometimes be useful for AV vendors. There are many ways to bypass any usable anti-ransomware protection. AV vendors do not cover all possible attack vectors, even if they know those vectors. The main purpose is to cover the methods that already happened in the wild and the new attacks that will probably happen soon.
The good thing about the video is showing the differences in applying the protection. For example, Kaspersky used the rollback feature to recover the files (including the malware) and other AVs did not. Other AVs prefer protected backups, protected folders, etc. Microsoft recommends automatic file backup in OneDrive, so the files can be easily restored.
 
Last edited:
  • Like
  • +Reputation
Reactions: brambedkar59, Sorrento, Jonny Quest and 5 others
CyberDevil

CyberDevil

Level 8
Verified
Well-known
Apr 4, 2021
359
cofer123 said:
A reasonable explanation on the ESET forums for the outcome of this sample:
Click to expand...
Suppose the malware creates its sample in the documents folder and then executes it from there - is that enough to bypass Eset's protection? On the one hand the scheme is too complicated, on the other hand ... If Eset understands that the encryptor works only if the program handles several different directories, but it doesn't have a rollback function like Bitdefender and Kaspersky, then we get guaranteed possibly very significant damage to personal files until the antivirus is triggered. Although the presence of a cloud backup will still offset these risks, and the encryptor will not be able to get to system and program files in time to damage the OS, it may not be a big deal. :unsure: In general, it's important to always have a backup in any case. :)

By the way, since in V18 it is now possible to protect document folders without going through manual HIPS rules, the risk is probably even lower.
 
  • Like
  • +Reputation
Reactions: Dave Russo, Sorrento, roger_m and 5 others
bazang

bazang

Level 6
Jul 3, 2024
276
itman said:

Encrypting files in a single folder/directory per se is not "real world" ransomware behavior.

_ _ _ _ _

itman doesn't know what he is talking about. Ransomware that targets a specific directory has been around for years. It is just that it is not how most ransomware works.

The discussions and excuses on the ESET forums are total nonsense and living in denial behaviors.
 
  • Like
  • Hundred Points
Reactions: Vitali Ortzi, cofer123, Behold Eck and 1 other person
bazang

bazang

Level 6
Jul 3, 2024
276
CyberDevil said:
Suppose the malware creates its sample in the documents folder and then executes it from there - is that enough to bypass Eset's protection? On the one hand the scheme is too complicated, on the other hand ... If Eset understands that the encryptor works only if the program handles several different directories, but it doesn't have a rollback function like Bitdefender and Kaspersky, then we get guaranteed possibly very significant damage to personal files until the antivirus is triggered. Although the presence of a cloud backup will still offset these risks, and the encryptor will not be able to get to system and program files in time to damage the OS, it may not be a big deal. :unsure: In general, it's important to always have a backup in any case. :)

By the way, since in V18 it is now possible to protect document folders without going through manual HIPS rules, the risk is probably even lower.
Click to expand...
The people on the ESET forum have no explanation as to why Kaspersky System Watcher detects and stops a single-directory encryption.

"But, but... you don't understand how ESET works! Single folder encryption is not real world!"

Sounds just like Webroot fanbois and fangirlz.
 
  • Like
Reactions: Game Of Thrones, cofer123, Behold Eck and 1 other person
bazang

bazang

Level 6
Jul 3, 2024
276
CyberDevil said:
Unlike Webroot Eset shows high signature detection and stable level of protection in all tests. It is enough to look at Shadowra tests. So there is no need to exaggerate.
Click to expand...
The ESET forum is full of fanbois and fangirlz. Their behaviors are exactly like the Webroot fanatics on the Webroot Community.

They say the very same things that Webroot devotees say:

"But you don't understand how Webroot (ESET) works."
"That is not real-world!"

Oh yes. It is real-world and the product does not protect.

Same thing applies to ESET Community and ESET product.
 
Last edited:
  • HaHa
  • Hundred Points
  • Like
Reactions: Vitali Ortzi, Dave Russo and cofer123

Similar threads

NB InfoTech
    • Like
App Review Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024
Replies
4
Views
393
Video Reviews - Security and Privacy
bazang
bazang
K
    • Like
    • Thanks
App Review Best Antivirus/EDR vs Unknown Ransomware
Replies
15
Views
903
Video Reviews - Security and Privacy
Victor M
Victor M
NB InfoTech
    • Like
App Review PC Matic Home Review | PC Matic Home Security Antivirus vs Ransomware | 2024
Replies
4
Views
739
Video Reviews - Security and Privacy
Dave Russo
Dave Russo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top