- Jul 3, 2015
Thanks for the test Andy, do you know if there is a plan to release MKSV in English?Test continuation with script trojan-downloaders.
The testing scripts adopted 7 different methods of downloading files and 8 different methods of executing files from scripts. I used VBScript and PowerShell.
mks_vir Internet Secutity (MKSV)
MKSV on default settings blocked all samples, except those which used Bitsadmin. Yet, most PowerShell samples were blocked only via the Firewall rule (blocked outbound connections). The VBScript samples which used WMI were also blocked by the Firewall rule for wscript.exe (blocked outbound connections).
Most VBScript samples were blocked by heuristics (static detection) and it can be compared to BitDefender static detection.
MKSV has a very good protection against script trojan-downloaders. Yet, it is not perfect (can be bypassed, for example, by CHM scriptlets).
It is hard to compare MKSV to KIS, because KIS on default settings is not as good as MKSV, but KIS tweaked can also block all testing samples and additionally can detect/block other types of malicious scripts by AMSI or by blocking script interpreters.
I can tell about my experience with CCleaner attack
I had v5.33 (affected version) for a few weeks, during that time, I noticed my comodo firewall was blocking some random inbound connections, which I had never seen before
So I guess CF partially protected me from that attack, not very sure though
Since I updated to the newer version, those inbound connections disappeared
Kaspersky has network attack blocker, which worked for me in a few occasions but I didn't use KIS during that time so I can't confirm if it could prevent ccleaner attack or not
I agree. My computer is not slow enough. I think I need to add something to my security config.If one does not stack enough security 'solutions' together such that you experience major software conflicts and/or slowdowns ---- you are not trying hard enough.
Always remember -- More is Better.
Script blocking could be a vital part of security going forward.