Comodo's HIPS is not a behaviour blocker?
Some of the Locky variants with (.lukitus) extension also leave me scratching my head, because AntiRansomware module detects most variants, stating that ".. following proccess were therefore interrupted by G DATA.." however it wasn't (or it was too late after clicking "Block", because encryption proccess weren't "frozen" when dialog box came up, and still kept going in background). Anyway, log files were collected and sent so I hope they come up with some improvements in next updates.The Antiransomware module is a bit odd. Most typical users will look at the alerts and logging and scratch their head. G DATA is a techie security soft.
And here in lies the problem in even asking this kind of questions. Multiple opens of different folks which leaves the equestion still unanswered. The answer is you have to evaluate and make your own decision.
Very true.I always saw Emsisoft' BB as one of the best in term of efficiency/simplicity, i know it since ages (when it was called mamutu) and i was never disappointed by it.
In the same log, GDATA stated that processes were stopped and malware was deleted. Suspicious activity that triggered the detection was the rename of picture filles. Aka the behaviour blocker triggered the anti ransomware module when it was too late. It probably stopped the encryption at some time, too late. Another proof of this is that GData mentions the block of wscript.exe but the payload was already downloaded since it blocked it from the AppData folder.Some of the Locky variants with (.lukitus) extension also leave me scratching my head, because AntiRansomware module detects most variants, stating that ".. following proccess were therefore interrupted by G DATA.." however it wasn't (or it was too late after clicking "Block", because encryption proccess weren't "frozen" when dialog box came up, and still kept going in background). Anyway, log files were collected and sent so I hope they come up with some improvements in next updates.
View attachment 165499
View attachment 165500
I saw that happening with malware i been testing from the hub.In the same log, GDATA stated that processes were stopped and malware was deleted. Suspicious activity that triggered the detection was the rename of picture filles. Aka the behaviour blocker triggered the anti ransomware module when it was too late. It probably stopped the encryption at some time, too late. Another proof of this is that GData mentions the block of wscript.exe but the payload was already downloaded since it blocked it from the AppData folder.
Of course they should, but im seeing the improvements already.so Gdata should more improve their bb? no recommendation?
Of course they should, but im seeing the improvements already.