Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Avira
Can you Install Avira Free Antivirus in 2019 [100+ Screenshots]
Message
<blockquote data-quote="Andy Ful" data-source="post: 864096" data-attributes="member: 32260"><p>Testing WD properly will not be easy due to some WD features:</p><ol> <li data-xf-list-type="ol">Behavioral detections can neutralize many samples before the final payload could harm the system. So, some processes related to the early infection stages can run and connect to remote URLs, but WD can constantly block their malicious actions. This can be analyzed by using Windows Event Viewer or ConfigureDefender Security Log. </li> <li data-xf-list-type="ol">Some leftovers can remain in the Registry. They are usually related to the neutralized/quarantined files. The tester has to analyze if these leftovers can lower the security settings of the system. I found that something like Any.Run can be useful for that (<a href="https://any.run/" target="_blank">ANY.RUN - Interactive Online Malware Sandbox</a>).</li> <li data-xf-list-type="ol">There is no simple method to test the AVs which use post-infection behavioral detections. Such detections allow infecting a few machines (usually one or two) and protect the rest. WD uses BAFS for that. So, it is possible that the AV without post-infection detection can have a better scoring in the malware test, but will have a worse infection statistics in the wild. This could be tested by repeating the test for non-detected samples after a few hours.</li> <li data-xf-list-type="ol">WD uses file MOTW (important in the real-world test) to evaluate the behavioral detection threshold.</li> <li data-xf-list-type="ol">WD is integrated with the SmartScreen filter in Edge (important in the real-world test).</li> </ol><p>Generally, testing WD properly can be much harder as compared to many AVs.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 864096, member: 32260"] Testing WD properly will not be easy due to some WD features: [LIST=1] [*]Behavioral detections can neutralize many samples before the final payload could harm the system. So, some processes related to the early infection stages can run and connect to remote URLs, but WD can constantly block their malicious actions. This can be analyzed by using Windows Event Viewer or ConfigureDefender Security Log. [*]Some leftovers can remain in the Registry. They are usually related to the neutralized/quarantined files. The tester has to analyze if these leftovers can lower the security settings of the system. I found that something like Any.Run can be useful for that ([URL="https://any.run/"]ANY.RUN - Interactive Online Malware Sandbox[/URL]). [*]There is no simple method to test the AVs which use post-infection behavioral detections. Such detections allow infecting a few machines (usually one or two) and protect the rest. WD uses BAFS for that. So, it is possible that the AV without post-infection detection can have a better scoring in the malware test, but will have a worse infection statistics in the wild. This could be tested by repeating the test for non-detected samples after a few hours. [*]WD uses file MOTW (important in the real-world test) to evaluate the behavioral detection threshold. [*]WD is integrated with the SmartScreen filter in Edge (important in the real-world test). [/LIST] Generally, testing WD properly can be much harder as compared to many AVs. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
