JM Safe

From Zemana
Verified
The easy way is 1 . test the file at sanbox. 2. check your file to virus total. I do that and I never did any infection on my computer. And realy i play many with virus and cracks
Sometimes malware are FUD (on VirusTotal the detection ratio is 0). A really good method is to analyze the malware with tools like ILSpy, PEiD, IDA, etc. To check file behaviour. Obviously if you find suspicious indicators this doesn't mean a file is malicious but ONLY suspicious.
 

stefanos

Level 16
Verified
Sometimes malware are FUD (on VirusTotal the detection ratio is 0). A really good method is to analyze the malware with tools like ILSpy, PEiD, IDA, etc. To check file behaviour. Obviously if you find suspicious indicators this doesn't mean a file is malicious but ONLY suspicious.
Every time i use sandbox first. The only secure way for me
 
Reactions: Weebarra

brod56

Level 15
Verified
Agree. Download blocked = problem solved LOOOL or just use Sandboxie always and you will not get infected because even if the download isn't blocked the ransomware is in the sandbox and it cannot touch real OS.
I'm not a huge fan of sandboxing programs on a regular basis (for a home user), the last time I tried it caused a considerable performance it. I may be too nitpicky though.
Of course a Virus Total check is always a good practice.
 

JM Safe

From Zemana
Verified
I'm not a huge fan of sandboxing programs on a regular basis (for a home user), the last time I tried it caused a considerable performance it. I may be too nitpicky though.
Of course a Virus Total check is always a good practice.
I meant use SBIE always for browsing ;)
 
Reactions: Weebarra and brod56

brod56

Level 15
Verified
That's strange guys. I think the ransomware of this test is sophisticated and it could use AVs bypass techniques.
It would be interesting to analyze this sample, because it doesn't seem to generate any child processes or trigger wscript/powershell etc
 
Reactions: stefanos

stefanos

Level 16
Verified
I'm not a huge fan of sandboxing programs on a regular basis (for a home user), the last time I tried it caused a considerable performance it. I may be too nitpicky though.
Of course a Virus Total check is always a good practice.
You don t need to sandboxing everythink.
 
Reactions: Weebarra and brod56

stefanos

Level 16
Verified
Yeah, but it would make sense to sandbox every installer, which I'm not a fan of :emoji_thinking:


It's perfectly understandable! I wish I could speak Greek like you speak English :)
No every installer. Sure you know if the installer is safe or not safe. And how many installs do every day??
 
Reactions: Weebarra

stefanos

Level 16
Verified
Then what's the purpose of sandboxing? It's a contradiction imo
Because of my bad english i can t expain you.You can understand if the file is suspicious for sanboxing or not. Sure you not sanboxing the Kaspersy installer or the Comodo installer if you downloaded from the original site
 
Reactions: Weebarra

stefanos

Level 16
Verified
Sometimes malware are FUD (on VirusTotal the detection ratio is 0). A really good method is to analyze the malware with tools like ILSpy, PEiD, IDA, etc. To check file behaviour. Obviously if you find suspicious indicators this doesn't mean a file is malicious but ONLY suspicious.
Never install something if i anderstand is and only suspicious. I wait until I see that I'm sure it's safe
 
Reactions: Weebarra

brod56

Level 15
Verified
Because of my bad english i can t expain you.You can understand if the file is suspicious for sanboxing or not. Sure you not sanboxing the Kaspersy installer or the Comodo installer if you downloaded from the original site
The way I see is: if you're only sandboxing suspicious software (cracks, keygens, etc) then you'd be better not running them at all. That's way I don't see much purpose on sandboxing on a regular use, perhaps except for the browser.
@JM Security I see you sandbox your browser which I find interesting. Is it only to prevent possible exploits or any other reason?
 

stefanos

Level 16
Verified
The way I see is: if you're only sandboxing suspicious software (cracks, keygens, etc) then you'd be better not running them at all. That's way I don't see much purpose on sandboxing on a regular use, perhaps except for the browser.
@JM Security I see you sandbox your browser which I find interesting. Is it only to prevent possible exploits or any other reason?
I can expain you with my bad english what you can protect with sanbox. 1. browsers. 2 exe. 3. ms office. Maby one person with good english can explain what you can do with sandbox. And is many thinks. One post from AtlBo
8 QH Settings Main Tool Box Sandbox Settings for Microsoft Office to Autorun Sandboxed.jpg
 
Last edited: