Test continuation with script trojan-downloaders.
The testing scripts adopted 7 different methods of downloading files and 8 different methods of executing files from scripts. I used VBScript and PowerShell.
mks_vir Internet Secutity (MKSV)
MKSV on default settings blocked all samples, except those which used Bitsadmin. Yet, most PowerShell samples were blocked only via the Firewall rule (blocked outbound connections). The VBScript samples which used WMI were also blocked by the Firewall rule for wscript.exe (blocked outbound connections).
Most VBScript samples were blocked by heuristics (static detection) and it can be compared to BitDefender static detection.
MKSV has a very good protection against script trojan-downloaders. Yet, it is not perfect (can be bypassed, for example, by CHM scriptlets).
It is hard to compare MKSV to KIS, because KIS on default settings is not as good as MKSV, but KIS tweaked can also block all testing samples and additionally can detect/block other types of malicious scripts by AMSI or by blocking script interpreters.