Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Consumer Real-World Protection Test July-October 2020
Message
<blockquote data-quote="ForgottenSeer 89360" data-source="post: 914267"><p>It covers scripts, screensaver files and dynamic link libraries amongst others, but the MOTW is required. If it has been in an archive and it's been extracted through Explorer and not a 3-rd party archiver, the MOTW apparently gets preserved, as the file shown in my post was originally archived.</p><p>Considering their testing kit downloads everything from the web, as stated in their methodology, then they all fulfil the CyberCapture requirements.</p><p>It's possible that they count something as compromised before the CyberCapture verdict is available. That goes for Microsoft too.</p><p></p><p>These results, apart from showing randomness and minimal difference, might not even be accurate.</p><p></p><p></p><p>There will be no payload to download, when the original executable is held, until it's been automatically analysed and after the analyses, the payload would be already known to Avast. The presence of the downloaded file might be counted as a "miss" by a toolkit, that can't be smart enough to recognise CyberCapture alert. The way to bypass CyberCapture is with weponised documents, but I don't believe their bot can open an MS-Office document, then click "Enable Editing" on top and then "Allow Content". It's most likely tested only against exes, bat files and ps1 files. This is where all these brilliant results come from.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 89360, post: 914267"] It covers scripts, screensaver files and dynamic link libraries amongst others, but the MOTW is required. If it has been in an archive and it's been extracted through Explorer and not a 3-rd party archiver, the MOTW apparently gets preserved, as the file shown in my post was originally archived. Considering their testing kit downloads everything from the web, as stated in their methodology, then they all fulfil the CyberCapture requirements. It's possible that they count something as compromised before the CyberCapture verdict is available. That goes for Microsoft too. These results, apart from showing randomness and minimal difference, might not even be accurate. There will be no payload to download, when the original executable is held, until it's been automatically analysed and after the analyses, the payload would be already known to Avast. The presence of the downloaded file might be counted as a "miss" by a toolkit, that can't be smart enough to recognise CyberCapture alert. The way to bypass CyberCapture is with weponised documents, but I don't believe their bot can open an MS-Office document, then click "Enable Editing" on top and then "Allow Content". It's most likely tested only against exes, bat files and ps1 files. This is where all these brilliant results come from. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
