Advice Request Dr.Web Security Space failed to avoid some test ransomwares (Ransim)

Please provide comments and solutions that are helpful to the author of this topic.

mohamed_ajlan

mohamed_ajlan

New Member
Thread author
Apr 19, 2020
4
Hi

i used a software which name is Ransim (KnowBe4 Ransomware Simulator)

and there are some vulnerabilities . i attached the output file of that software it is actually csv file not txt but i cannot upload csv .

i am using windows 10 up to date , and Dr.Web Security Space .

hope someone in technical support help me .

Regards
 

Attachments

  • DR.Web_2020419_RansimResults.txt
    3.6 KB · Views: 848
  • Like
Reactions: stefanos and [correlate]
Like a Western!

Like a Western!

Level 9
Verified
Well-known
Apr 6, 2016
440
mohamed_ajlan said:
Hi
i used a software which name is Ransim (KnowBe4 Ransomware Simulator)
and there are some vulnerabilities . i attached the output file of that software it is actually csv file not txt but i cannot upload csv .
i am using windows 10 up to date , and Dr.Web Security Space .
hope someone in technical support help me .

Regards
Click to expand...
as far as i know most of the companies do not believe in such a software or simulator
i've seen that some companies Staff actually says that this kind of test will not show how AV will react to the real-world ransomwares and malwares with its behavior blocker ( Emsisoft and Dr.Web and F-Secure at least in my case )


and if you want more information on this please contact the Dr.Web technical supportor post it on their forum and someone will reach to you asap
there is no technical support of Dr.Web in MalwareTips probably
 
  • Like
Reactions: stefanos, Antus67, [correlate] and 5 others
mohamed_ajlan

mohamed_ajlan

New Member
Thread author
Apr 19, 2020
4
Like a Western! said:
as far as i know most of the companies do not believe in such a software or simulator
i've seen that some companies Staff actually says that this kind of test will not show how AV will react to the real-world ransomwares and malwares with its behavior blocker ( Emsisoft and Dr.Web and F-Secure at least in my case )


and if you want more information on this please contact the Dr.Web technical supportor post it on their forum and someone will reach to you asap
there is no technical support of Dr.Web in MalwareTips probably
Click to expand...
hi
thank you for helpful reply which makes it clear to me .
i already post on Dr.web's forum but no one responed yet here:
forum.drweb.com

Dr.Web Security Space failed to avoid some test ransomwares (Ransim) - Рабочие станции

Dr.Web Security Space failed to avoid some test ransomwares (Ransim) - posted in Рабочие станции: Hi i used a software which name is Ransim (KnowBe4 Ransomware Simulator) and there are some vulnerabilities . i attached the output file of that software . i am using windows 10 up to date , and...
forum.drweb.com forum.drweb.com
but i got a reply from other security forums that i am using their solution on different computers like Emsisoft reply :
support.emsisoft.com

Emsisoft Help

support.emsisoft.com support.emsisoft.com
and reply from Eset recieved through email:
The problem with simulators of such kind presents itself in its name, already. The encryption of files is just simulated. Harmful procedures, such as data theft or deleting volume shadow copies are not performed (hopefully), there’s no contact to command & control servers run by cybercriminals and none of the typical ransom notes is displayed. Besides, there are legitimate reasons to encrypt files – official encryption software to boost your security against real cybercriminals. So, where to draw the line, if whether the simulator nor the vendor who created it are performing illegal/criminal activities and when you have hundreds of such supposed tests?
ESET develops all of its products to reliably fight real threats, not to score well in tests for marketing reasons. So, rest assured that we will continue to reliably and best possibly protect you from real ransomware without producing false detections on legitimate applications .

My best Regards
 
  • Like
Reactions: stefanos, Antus67, Like a Western! and 2 others
Like a Western!

Like a Western!

Level 9
Verified
Well-known
Apr 6, 2016
440
mohamed_ajlan said:
i already post on Dr.web's forum but no one responed yet here:
forum.drweb.com

Dr.Web Security Space failed to avoid some test ransomwares (Ransim) - Рабочие станции

Dr.Web Security Space failed to avoid some test ransomwares (Ransim) - posted in Рабочие станции: Hi i used a software which name is Ransim (KnowBe4 Ransomware Simulator) and there are some vulnerabilities . i attached the output file of that software . i am using windows 10 up to date , and...
forum.drweb.com forum.drweb.com
Click to expand...
if you are their customer and have a paid license
then ask any matter you'd like to discuss with them in the technical supports form on the website not on forum
ofc you can be in touch with some of the staff at thei forum but they're mostly in Beta program and bugtracker stuff and also you've posted on their russian forum which might be the reason that no one yet commented on the matter,
they have an english forum as well that several Dr.Web Staff and forum moderators do moniter it.
they used to be pretty good in answering all the stuff i used to ask them
 
  • Like
Reactions: stefanos, mohamed_ajlan, [correlate] and 2 others
mohamed_ajlan

mohamed_ajlan

New Member
Thread author
Apr 19, 2020
4
Like a Western! said:
if you are their customer and have a paid license
then ask any matter you'd like to discuss with them in the technical supports form on the website not on forum
ofc you can be in touch with some of the staff at thei forum but they're mostly in Beta program and bugtracker stuff and also you've posted on their russian forum which might be the reason that no one yet commented on the matter,
they have an english forum as well that several Dr.Web Staff and forum moderators do moniter it.
they used to be pretty good in answering all the stuff i used to ask them
Click to expand...
Paul.R said:
I sent a message to Sergey and Roman , come with an answer.
Click to expand...
Thank you all for your nice concern about my issue , i realy appreciate that .
 
  • Like
Reactions: Like a Western! and Paul.R
Paul.R

Paul.R

Level 17
Verified
Well-known
May 16, 2013
844
@mohamed_ajlan
If you have more questions let me know, I will come with an answer

Coming with news:


It is true, that a simulator is not like the real world.
It's an innocuous application that doesn't tell anything about real detection and protection capabilities of Dr.Web products. They test behavior blocking without distinguishing between malicious and benign (non-malicious) applications. However, Dr.Web does not only monitor the system and/or processes for suspicious behavior, but it also scans memory for malware-like code. This also enables Dr.Web not to warn about benign applications. Needless to say that there are many ways how the encryption works so the simulator may theoretically help malware authors to avoid techniques used by the simulator.
In a nutshell, programs that pass the simulator tests may be more prone to encryption by ransomware than Dr.Web.
 
  • Like
  • Thanks
Reactions: OhioRebel, mohamed_ajlan and Dmitry_rus
mohamed_ajlan

mohamed_ajlan

New Member
Thread author
Apr 19, 2020
4
Paul.R said:
@mohamed_ajlan
If you have more questions let me know, I will come with an answer

Coming with news:


It is true, that a simulator is not like the real world.
It's an innocuous application that doesn't tell anything about real detection and protection capabilities of Dr.Web products. They test behavior blocking without distinguishing between malicious and benign (non-malicious) applications. However, Dr.Web does not only monitor the system and/or processes for suspicious behavior, but it also scans memory for malware-like code. This also enables Dr.Web not to warn about benign applications. Needless to say that there are many ways how the encryption works so the simulator may theoretically help malware authors to avoid techniques used by the simulator.
In a nutshell, programs that pass the simulator tests may be more prone to encryption by ransomware than Dr.Web.
Click to expand...
Thank you so much for your great help and for showing me the truth of such simulation applications .
Regards
 
  • Like
Reactions: OhioRebel, Paul.R and stefanos

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Dr.Web Security Space 2024
Replies
9
Views
1,155
Video Reviews - Security and Privacy
TairikuOkami
TairikuOkami
M
    • Like
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Replies
0
Views
412
Microsoft Defender
Microsoft Threat Intelligence
M
M
    • Like
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Replies
0
Views
427
Microsoft Defender
Microsoft Threat Intelligence
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top