Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Consumer Real-World Protection Test July-October 2020
Message
<blockquote data-quote="ForgottenSeer 89360" data-source="post: 914285"><p>It did upload some *.scr, *.dll and *.bat files. I am not sure if this is something new. It also comes up with a verdict very quick. I haven't seen it uploading a *.ps1 file, but powershell will mostly be invoked through CMD to bypass the execution policy, so I don't believe they can be an issue, as long as *.bat files are checked.</p><p>I also don't believe AV-Comparatives bot is using rundll32.exe, so *.dll files don't matter either.</p><p></p><p>In my opinion, the only thing they download is *.exe files and that's why the detections are always so great, with a minimal difference. I can go ahead and support the assumption with the fact that 100% detection is achieved only by 3 highly-reputation-based antiviruses. Vendors normally don't collect reputation data for scripts. This might explain the outstanding Norton results, as Symantec long time ago developed this reputation method and everything questionable, just goes away immediately. This has caused billions of complaints from software developers. I can also support this assumption by looking at Total Defence - it is a fully rebranded Bitdefender with all their detection modules - the only thing they don't have access to is the Bitdefender cloud. We can see they have a severely lower score than Bitdefender, so the difference comes from reputation analyses in the cloud. Bitdefender only performs this analyses on executables.</p><p></p><p>If I am right about the *.exe files, then Defender, as well as Avast, might block them in 10-15 minutes, but by that time, the bot has already counted them as missed.</p><p>It might also be trained to look just for IoC. In that case, as the file never executed, results might be accurate.</p><p>There is malware targeting only specific regions, this might be counted as "blocked", but it might be missed in the wild.</p><p></p><p>That's from AV-Comparatives: <a href="https://www.av-comparatives.org/real-world-protection-test-methodology/" target="_blank">Real-World Protection Test Methodology - AV-Comparatives</a></p><p></p><p></p><p></p><p></p><p></p><p>It would make no sense downloading anything else, other than executable as social engineering normally relies on that. Other files might be used in more sophisticated, targeted attacks, but they say they look for prevalent malware.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 89360, post: 914285"] It did upload some *.scr, *.dll and *.bat files. I am not sure if this is something new. It also comes up with a verdict very quick. I haven't seen it uploading a *.ps1 file, but powershell will mostly be invoked through CMD to bypass the execution policy, so I don't believe they can be an issue, as long as *.bat files are checked. I also don't believe AV-Comparatives bot is using rundll32.exe, so *.dll files don't matter either. In my opinion, the only thing they download is *.exe files and that's why the detections are always so great, with a minimal difference. I can go ahead and support the assumption with the fact that 100% detection is achieved only by 3 highly-reputation-based antiviruses. Vendors normally don't collect reputation data for scripts. This might explain the outstanding Norton results, as Symantec long time ago developed this reputation method and everything questionable, just goes away immediately. This has caused billions of complaints from software developers. I can also support this assumption by looking at Total Defence - it is a fully rebranded Bitdefender with all their detection modules - the only thing they don't have access to is the Bitdefender cloud. We can see they have a severely lower score than Bitdefender, so the difference comes from reputation analyses in the cloud. Bitdefender only performs this analyses on executables. If I am right about the *.exe files, then Defender, as well as Avast, might block them in 10-15 minutes, but by that time, the bot has already counted them as missed. It might also be trained to look just for IoC. In that case, as the file never executed, results might be accurate. There is malware targeting only specific regions, this might be counted as "blocked", but it might be missed in the wild. That's from AV-Comparatives: [URL='https://www.av-comparatives.org/real-world-protection-test-methodology/']Real-World Protection Test Methodology - AV-Comparatives[/URL] It would make no sense downloading anything else, other than executable as social engineering normally relies on that. Other files might be used in more sophisticated, targeted attacks, but they say they look for prevalent malware. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
