Bitdefender blocks WannaCry

Status
Not open for further replies.

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
system infected wannacry with kaspersky 2018 lol
wwkl_tmp_22434-img_20170517_1148461095436894.jpg
The word orders.
The supposedly ineffective anti-ransomware are mitigating Wannacry.
Maybe Kaspersky is at defaults.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Hello, this review is not only your servant, I saw a note space based system and not
I did not understand.
Yeah, neither the order, nor the words are relatable. More details or a video review could help.

The word orders.
The supposedly ineffective anti-ransomware are mitigating Wannacry.
Maybe Kaspersky is at defaults.
I doubt if it's the default configuration (if that was used) that led to this.
KIS/KTS has 'System Watcher' enabled by default with the optimal settings that allegedly blocked WannaCry.
Screenshot (194).png D3.png
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
As a current subscriber to Bitdefender IS for my mom's work computer, this press release was reassuring!
BIS/BTS surely has a great anti-ransomware module added recently. The only two downsides I know are
  • weak protection against MBR RW
  • good amount of FPs due to the aggressive AI Anti-ransomware module (ATC aside)
Otherwise, its zero-day abilities are well known.
 

Windows Defender Shill

Level 7
Verified
Well-known
Apr 28, 2017
326
BIS/BTS surely has a great anti-ransomware module added recently. The only two downsides I know are
  • weak protection against MBR RW
  • good amount of FPs due to the aggressive AI Anti-ransomware module (ATC aside)
Otherwise, its zero-day abilities are well known.
Agree

But MBRs are so unprofitable and non-wide spread that I'm fully confident in BD's ability to block with signatures alone.

But the main reason I depend on BD over others, for the non security minded is their excellent mix of serious malware and PUP protection combined with ZERO user dependency.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
But MBRs are so unprofitable and non-wide spread that I'm fully confident in BD's ability to block with signatures alone.
Totally agree! And these malware are mostly used for targeted attacks, but may be leaked or spread ahead.

But the main reason I depend on BD over others, for the non security minded is their excellent mix of serious malware and PUP protection combined with ZERO user dependency.
And that has also been the only turn-down point of ex-BD users! I personally don't like it handling the decisions itself even without the 'Auto-pilot Mode'.
 

Game Of Thrones

Level 5
Verified
Well-known
Jun 5, 2014
220
WanaCrypt0r勒索病毒:20款杀软主防测试【关于HMPA有新情况】_国外杀毒软件_安全区 卡饭论坛 - 互助分享 - 大气谦和!
no it didn't, from the review of that guy, Avira failed fully to protect the PC.
only KIS, Bitdefender, F-Secure, RansomFree and Dr.Web managed to detect it according to that post.
this review is full of flaws, Symantec endpoint is having a problem(the yellow alert it seems he disabled auto-protect which in SEP will disable many other behavioral shields) or Gdata and TrendMicro are showing an alert. in many av programs when you respond to the alert they start to roll back the files that the ransomware encrypted.
 

kamla5abi

Level 4
Verified
May 15, 2017
178
Yeah, neither the order, nor the words are relatable. More details or a video review could help.
I doubt if it's the default configuration (if that was used) that led to this.
KIS/KTS has 'System Watcher' enabled by default with the optimal settings that allegedly blocked WannaCry.
View attachment 150775 View attachment 150776
yeah i dont see how KIS/KTS 2018 could let wannacry through and not stop it
unless the 2018 beta version he tested is not setup right..
the screenshot he gives only shows the final result, nothing about the setup or updates or version he used etc... not enough information to conclude KIS/KTS 2018 is ineffective at stopping wannacry...IMO

thats like ONLY showing a picture after a thief broke into your house and stole things or broke things. The end result picture tells us nothing about which lock system you use, if windows were left open, or even if the locks on doors was left open, etc, that allowed the thief inside in the first place..
 
  • Like
Reactions: Nightwalker

Binks

Level 1
Verified
May 17, 2017
22
Hi all ..

I would like to have copy of the ransomware ... anybody can share with me? I dont have access to Malware Sample to download yet ...
I'm very new in this forum...

been searching around .. just couldn't find them
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,624
yeah i dont see how KIS/KTS 2018 could let wannacry through and not stop it
unless the 2018 beta version he tested is not setup right..
the screenshot he gives only shows the final result, nothing about the setup or updates or version he used etc... not enough information to conclude KIS/KTS 2018 is ineffective at stopping wannacry...IMO

thats like ONLY showing a picture after a thief broke into your house and stole things or broke things. The end result picture tells us nothing about which lock system you use, if windows were left open, or even if the locks on doors was left open, etc, that allowed the thief inside in the first place..

All my tests with KTS2018MR0a recently in MWHub are with Defaults Settings, except the PUP/PUA/Adware setting on, You can check my settings (in Spoilers) in every test...

Since that sample of WannaCry was already detected by signature, I disabled the modules indicated in Dynamic Spoiler, but keeping System Watcher on, to test the behaviour blocking:

https://malwaretips.com/threads/w-anna-cry-v2.71397/#post-628222
 
Last edited:

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Hi all ..

I would like to have copy of the ransomware ... anybody can share with me? I dont have access to Malware Sample to download yet ...
I'm very new in this forum...

been searching around .. just couldn't find them
It's already old though.
 
  • Like
Reactions: frogboy

Binks

Level 1
Verified
May 17, 2017
22
sigh. any other type of ransomware also possible...
wanna test on the behavior blocking instead of signature.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
sigh. any other type of ransomware also possible...
wanna test on the behavior blocking instead of signature.
in the past, WD was tested for a long period of time including the creators update version. It never scored too well unfortunately. It was paired with different additional tools like immunet, mcafee but still missed several samples and got bypassed by ransomwares
 

kamla5abi

Level 4
Verified
May 15, 2017
178
All my tests with KTS2018MR0a recently in MWHub are with Defaults Settings, except the PUP/PUA/Adware setting on, You can check my settings (in Spoilers) in every test...

Since that sample of WannaCry was already detected by signature, I disabled the modules indicated in Dynamic Spoiler, but keeping System Watcher on, to test the behaviour blocking:

https://malwaretips.com/threads/w-anna-cry-v2.71397/#post-628222
Yes I have seen that test of yours and the others in that thread (i didn't even know of that section before lol :eek: its good place to see actual testing results by members from these forums, unbiased and full disclosures of testing methods etc much more informative and useful to see :))

I only meant my post to @ras74 who posted this post and this post showing only the end result of both Kaspersky 2018 & Bitdefender, saying kaspersky 2018 failed the test he did but Bitdefender passed.

I swear those posts he made were in a thread by themselves before, not part of this thread o_O Maybe mods merged the two threads
Or maybe I was half asleep at the time :p

Cheers :)
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,813
in the past, WD was tested for a long period of time including the creators update version. It never scored too well unfortunately. It was paired with different additional tools like immunet, mcafee but still missed several samples and got bypassed by ransomwares
I'm waiting for the day Microsoft implements ATP into WDSC. Behavioural detection would be a godsend for WD users.
Ah, I can see Kaspersky already drawing up the lawsuit... :rolleyes:
 

kamla5abi

Level 4
Verified
May 15, 2017
178
I'm waiting for the day Microsoft implements ATP into WDSC. Behavioural detection would be a godsend for WD users.
Ah, I can see Kaspersky already drawing up the lawsuit... :rolleyes:
If other companies can create and implement behavior based detection, I'm sure Microsoft has the resources to do so also.

But that would mean Microsoft would have to devote much more resources to their WD team, which they might not be too happy or enthusiastic about lol since they already have so many different products to support (computer software aside, they have gaming etc too). They probably figure "WD is good enough for the average person, as long as they keep their Windows up to date".

The key being their message to keep Windows up to date lol, which is the reason they are basically using to put the blame for WannaCry infections to the users themselves. By issuing an update for WinXP even, an OS they stopped supporting a while ago, they are saying "look, we provided the updates to fix the exploit that was used for this ransomware. We even went above and beyond by fixing this problem in old & unsupported OS versions. So if users didn't apply the update then that's their fault not ours"... lol
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,813
If other companies can create and implement behavior based detection, I'm sure Microsoft has the resources to do so also.
They already do but it's only available for enterprise customers as a seperate purchase.
But that would mean Microsoft would have to devote much more resources to their WD team, which they might not be too happy or enthusiastic about lol since they already have so many different products to support
With the WDSC update and the upcoming update that plans to implement EMET protections into Windows they're actually putting in a good amount of work into security. Their biggest problem is other AV vendors who will be perfectly happy to bring an antitrust case against them if they start adding technology that will make WD directly compete with other vendors solutions (especially vendors who exclusively offer paid-for solutions as every WD user is seen as a potential sale). Just the mention of the word monopoly in the EU makes the European Commission froth at the mouth and after the $1.3 billion fine Microsoft was slapped with in the last major antitrust case involving the EC they're pretty much forced to bend to the will of other security vendors even if they don't want to.
 

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
I'm waiting for the day Microsoft implements ATP into WDSC. Behavioural detection would be a godsend for WD users.
Ah, I can see Kaspersky already drawing up the lawsuit... :rolleyes:
Kaspersky will be running purely on AI technologies by the time WD gets Behavior detection lol
 
  • Like
Reactions: harlan4096
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top