Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
CLOSED - Challenge VoodooShield (and Win a lifetime License!)
Message
<blockquote data-quote="Logethica" data-source="post: 523412" data-attributes="member: 53555"><p>FROM DAN @ VOODOOSHIELD: </p><p></p><p>The best thing to do is to copy the malware onto the computer first, THEN install the security software. After installing the security software, do not browse with windows explorer to the folder that contains the malware... just run EfficacyTest.exe and execute all the malware. Otherwise, the folder monitoring of some security software might remove some of the malware. Then again, if this happens, it is fine... all you have to do is a little simple math, like addition, subtraction and division to determine the efficacy. Also, keep in mind, the tests that I performed were CLEARLY marked as pre-execution efficacy tests, which is why I made sure that none of the samples were detected by the folder monitor before they had a chance to execute. I tested 11 security products using this method, and it worked great.</p><p></p><p>The whole purpose of my tests were to reproduce the Cylance and Sophos as closely as possible, but I actually made the test more ethical by taking the time to write an app that ensured a pause between executions, instead of being lazy and running a single command or batch script.</p><p></p><p>That being said, I have posted the source code for EfficacyTest.exe on GitHub if NullByte would like to make some improvements. It worked absolutely perfectly for me, so I did not think it would be advantageous to build the app out anymore than it is. However, it does help to make sure that you copy the malware to the test computer first, then install the security software, that way the folder monitor does not remove any of the malware, before they have a chance to be tested for pre-execution efficacy.</p><p></p><p><a href="https://github.com/VoodooShield/EfficacyTest" target="_blank">GitHub - VoodooShield/EfficacyTest</a></p><p></p><p>BTW, if there are long pauses between executions, it is the security software that is causing these pauses... but this is just further proof that EfficacyTest.exe really does only execute one file at a time. I know, it takes a while for some security software to do cloud lookups or whatever, but there is nothing that can be done about that.</p><p></p><p>One last thing... this might help a lot. What I did was this... I used VirtualBox and completely setup the VM with EfficacyTest all ready to go, and I copied all of the malware to one folder... basically, I got everything in place, and made sure everything was working correctly. Then I made a backup copy of the VirtualBox files for that VM... that way, I could just install the security software, then update it, then run the efficacy test. When I was finished with that test, I simply deleted the old VM and made a copy of the VM that was all ready to install the next security software and start the next test.</p><p></p><p>That way, I did not have to setup the VM, copy the malware and EfficacyTest each time... it was already to go... I just had to make a copy of the prepared VM. I hope that makes sense, if not, please let me know.</p><p></p><p>I would be interested in seeing NullByte explain how running a single command or batch file is more ethical than the EfficacyTest.exe app <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite110" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></p></blockquote><p></p>
[QUOTE="Logethica, post: 523412, member: 53555"] FROM DAN @ VOODOOSHIELD: The best thing to do is to copy the malware onto the computer first, THEN install the security software. After installing the security software, do not browse with windows explorer to the folder that contains the malware... just run EfficacyTest.exe and execute all the malware. Otherwise, the folder monitoring of some security software might remove some of the malware. Then again, if this happens, it is fine... all you have to do is a little simple math, like addition, subtraction and division to determine the efficacy. Also, keep in mind, the tests that I performed were CLEARLY marked as pre-execution efficacy tests, which is why I made sure that none of the samples were detected by the folder monitor before they had a chance to execute. I tested 11 security products using this method, and it worked great. The whole purpose of my tests were to reproduce the Cylance and Sophos as closely as possible, but I actually made the test more ethical by taking the time to write an app that ensured a pause between executions, instead of being lazy and running a single command or batch script. That being said, I have posted the source code for EfficacyTest.exe on GitHub if NullByte would like to make some improvements. It worked absolutely perfectly for me, so I did not think it would be advantageous to build the app out anymore than it is. However, it does help to make sure that you copy the malware to the test computer first, then install the security software, that way the folder monitor does not remove any of the malware, before they have a chance to be tested for pre-execution efficacy. [URL="https://github.com/VoodooShield/EfficacyTest"]GitHub - VoodooShield/EfficacyTest[/URL] BTW, if there are long pauses between executions, it is the security software that is causing these pauses... but this is just further proof that EfficacyTest.exe really does only execute one file at a time. I know, it takes a while for some security software to do cloud lookups or whatever, but there is nothing that can be done about that. One last thing... this might help a lot. What I did was this... I used VirtualBox and completely setup the VM with EfficacyTest all ready to go, and I copied all of the malware to one folder... basically, I got everything in place, and made sure everything was working correctly. Then I made a backup copy of the VirtualBox files for that VM... that way, I could just install the security software, then update it, then run the efficacy test. When I was finished with that test, I simply deleted the old VM and made a copy of the VM that was all ready to install the next security software and start the next test. That way, I did not have to setup the VM, copy the malware and EfficacyTest each time... it was already to go... I just had to make a copy of the prepared VM. I hope that makes sense, if not, please let me know. I would be interested in seeing NullByte explain how running a single command or batch file is more ethical than the EfficacyTest.exe app ;) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
