- Aug 30, 2015
- 1,928
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Jun 24, 2016
- 636
I agree CG, I have my VS Auto Quarantine set at 3 or more positive detections as well.
I like reading Dynamoo's Blog..
Of the two July Malware Spam Entries leading to Locky that show a Virus Total detection rate..
One had a VT of 3/55 and the other was 5/55
Last edited:
The first post mention, any testers test VS twice i.e with Blacklist enabled & Blacklist disabled (VAi enabled only) will get 1 extra devices in their license.
Any testers testing VS twice?
Any testers testing VS twice?
I may use the bat file for some tests. Avast and Comodo do not play well with EfficacyTest. They execute a file per minute. Not sure if this is a feature for the security software themselves.
EfficacyTest also doesn't count the files that were removed silently when reenabling the security software. It only counts the leftover executed files.
EfficacyTest also doesn't count the files that were removed silently when reenabling the security software. It only counts the leftover executed files.
Saying that confirms what I said in my post about how this test is "unethical". Also, did anyone from MalwareTips tested yet (with a video)?
This is mostly the reason I haven't started recording any material yet. I've tested each vendor individually with EfficacyTest, and they really don't work well. For example, the final result for Avast was something like 65% efficiency, 150/400 files missed. The other 600 files were removed silently (static) as soon as I enabled the protection.
There really needs to be further instruction on how to set up the security software for these tests. How did VS get all 3000 malware to be executed without any static removals?
Personally, I think this test was made because of my comments and I feel that it's made so that VoodooShield will look good. I received a lot of hate because of what I said and it looks that I was right (about how this test is made and about the bypassing using safe files and how the AI doesn't work), this can be seen here in my comments or on wilders.
After almost a week and no videos,[mod edit] I'm waiting for AV-TEST/AV-Comparatives point of view (or other big testing company). I'm also looking forward for a False-Positive test.
Dan knows how to sell his product and how to use forums and youtube for that.
This was the most aggressive behavior I've seen in a long time. I'm also amazed how many people lack critical thinking.
After almost a week and no videos,[mod edit] I'm waiting for AV-TEST/AV-Comparatives point of view (or other big testing company). I'm also looking forward for a False-Positive test.
Dan knows how to sell his product and how to use forums and youtube for that.
This was the most aggressive behavior I've seen in a long time. I'm also amazed how many people lack critical thinking.
Agreed. To me, it looks like EfficacyTest has only been tested with VS, and is absolutely useless for other security software. It will only show true results for VS, the rest of the results will be very skewed.
I'm still willing to participate in this "contest", but I would like to see some changes first. My first suggestion is VS stop treating us as free advertisement for them, and treat it more like an actual contest.
I forgot to say that I don't hate VoodooShield, I already posted that if someone already has it to also use Zemana Free for scanning from time to time. Everything I said was my point of view about the test and product.
A lot of the things I said about VoodooShield apply to Comodo too.
A lot of the things I said about VoodooShield apply to Comodo too.
- Jun 24, 2016
- 636
FROM DAN @ VOODOOSHIELD:
The best thing to do is to copy the malware onto the computer first, THEN install the security software. After installing the security software, do not browse with windows explorer to the folder that contains the malware... just run EfficacyTest.exe and execute all the malware. Otherwise, the folder monitoring of some security software might remove some of the malware. Then again, if this happens, it is fine... all you have to do is a little simple math, like addition, subtraction and division to determine the efficacy. Also, keep in mind, the tests that I performed were CLEARLY marked as pre-execution efficacy tests, which is why I made sure that none of the samples were detected by the folder monitor before they had a chance to execute. I tested 11 security products using this method, and it worked great.
The whole purpose of my tests were to reproduce the Cylance and Sophos as closely as possible, but I actually made the test more ethical by taking the time to write an app that ensured a pause between executions, instead of being lazy and running a single command or batch script.
That being said, I have posted the source code for EfficacyTest.exe on GitHub if NullByte would like to make some improvements. It worked absolutely perfectly for me, so I did not think it would be advantageous to build the app out anymore than it is. However, it does help to make sure that you copy the malware to the test computer first, then install the security software, that way the folder monitor does not remove any of the malware, before they have a chance to be tested for pre-execution efficacy.
GitHub - VoodooShield/EfficacyTest
BTW, if there are long pauses between executions, it is the security software that is causing these pauses... but this is just further proof that EfficacyTest.exe really does only execute one file at a time. I know, it takes a while for some security software to do cloud lookups or whatever, but there is nothing that can be done about that.
One last thing... this might help a lot. What I did was this... I used VirtualBox and completely setup the VM with EfficacyTest all ready to go, and I copied all of the malware to one folder... basically, I got everything in place, and made sure everything was working correctly. Then I made a backup copy of the VirtualBox files for that VM... that way, I could just install the security software, then update it, then run the efficacy test. When I was finished with that test, I simply deleted the old VM and made a copy of the VM that was all ready to install the next security software and start the next test.
That way, I did not have to setup the VM, copy the malware and EfficacyTest each time... it was already to go... I just had to make a copy of the prepared VM. I hope that makes sense, if not, please let me know.
I would be interested in seeing NullByte explain how running a single command or batch file is more ethical than the EfficacyTest.exe app
The best thing to do is to copy the malware onto the computer first, THEN install the security software. After installing the security software, do not browse with windows explorer to the folder that contains the malware... just run EfficacyTest.exe and execute all the malware. Otherwise, the folder monitoring of some security software might remove some of the malware. Then again, if this happens, it is fine... all you have to do is a little simple math, like addition, subtraction and division to determine the efficacy. Also, keep in mind, the tests that I performed were CLEARLY marked as pre-execution efficacy tests, which is why I made sure that none of the samples were detected by the folder monitor before they had a chance to execute. I tested 11 security products using this method, and it worked great.
The whole purpose of my tests were to reproduce the Cylance and Sophos as closely as possible, but I actually made the test more ethical by taking the time to write an app that ensured a pause between executions, instead of being lazy and running a single command or batch script.
That being said, I have posted the source code for EfficacyTest.exe on GitHub if NullByte would like to make some improvements. It worked absolutely perfectly for me, so I did not think it would be advantageous to build the app out anymore than it is. However, it does help to make sure that you copy the malware to the test computer first, then install the security software, that way the folder monitor does not remove any of the malware, before they have a chance to be tested for pre-execution efficacy.
GitHub - VoodooShield/EfficacyTest
BTW, if there are long pauses between executions, it is the security software that is causing these pauses... but this is just further proof that EfficacyTest.exe really does only execute one file at a time. I know, it takes a while for some security software to do cloud lookups or whatever, but there is nothing that can be done about that.
One last thing... this might help a lot. What I did was this... I used VirtualBox and completely setup the VM with EfficacyTest all ready to go, and I copied all of the malware to one folder... basically, I got everything in place, and made sure everything was working correctly. Then I made a backup copy of the VirtualBox files for that VM... that way, I could just install the security software, then update it, then run the efficacy test. When I was finished with that test, I simply deleted the old VM and made a copy of the VM that was all ready to install the next security software and start the next test.
That way, I did not have to setup the VM, copy the malware and EfficacyTest each time... it was already to go... I just had to make a copy of the prepared VM. I hope that makes sense, if not, please let me know.
I would be interested in seeing NullByte explain how running a single command or batch file is more ethical than the EfficacyTest.exe app
- Sep 22, 2014
- 1,767
I just test NVT Exe Radar in LockDown Mode with EfficacyTest.exe and it block all but EfficacyTest show 0%...???
- Oct 23, 2012
- 12,527
If the replies do not stay on topic then the thread will be closed to replies.
- Oct 23, 2012
- 12,527
Like I said off topic replies should not be posted if there is a problem report it or do it via PM.
If Dan from voodooshield wishes to reply he can register and do so himself.Any more posts containing messages by a non resistered or registered member by way of another member will be deleted and the thread closed.
- Aug 30, 2015
- 1,928
The efficiency test is horrendously slow. I probably wouldn't get don't weigh Voodosheild until 5 or more hours if everything comesd along.
i don't understand the drama about the efficiency test :
You are NOT forced to use it. If you have enough exerience to select legit malwares manually , so do it. Just be consistent with your method.
If you use the test , do it for all products,
If you don't use it for one , don't use it for others.
You are NOT forced to use it. If you have enough exerience to select legit malwares manually , so do it. Just be consistent with your method.
If you use the test , do it for all products,
If you don't use it for one , don't use it for others.
- Aug 30, 2015
- 1,928
I might have confused myself but in general activating 1,000 samples one by one is pretty terrible.
- Apr 30, 2012
- 711
I might have confused myself but in general activating 1,000 samples one by one is pretty terrible.
Bingo!
But maybe with a *.bat file?
Bingo!
But maybe with a *.bat file?
yes, shouldn't be hard to create.
Similar threads
