Thanks Arequire, pretty much exactly what I was looking for, especially the part about "Behavior Monitoring".
It's a big part of antivirus protection these days. Not like in the old days, when an antivirus would basically just compare a file to a list of known malicious files, nowadays the AV tries to watch what the file is doing in real-time, and if it misbehaves, it gets arrested.especially the part about "Behavior Monitoring".
I literally was just set to post this!Someone wrote up a whitepaper about bypassing ASR:
That was the author's (and my) conclusion too.My general impression is that if someone specifically crafts malware to bypass ASR, he might succeed, but regular malware will be blocked.