Q&A Dr.Web Security Space failed to avoid some test ransomwares (Ransim)

mohamed_ajlan

New Member
Apr 19, 2020
4
Hi

i used a software which name is Ransim (KnowBe4 Ransomware Simulator)

and there are some vulnerabilities . i attached the output file of that software it is actually csv file not txt but i cannot upload csv .

i am using windows 10 up to date , and Dr.Web Security Space .

hope someone in technical support help me .

Regards
 

Attachments

  • DR.Web_2020419_RansimResults.txt
    3.6 KB · Views: 551

Like a Western!

Level 8
Apr 6, 2016
364
Hi
i used a software which name is Ransim (KnowBe4 Ransomware Simulator)
and there are some vulnerabilities . i attached the output file of that software it is actually csv file not txt but i cannot upload csv .
i am using windows 10 up to date , and Dr.Web Security Space .
hope someone in technical support help me .

Regards
as far as i know most of the companies do not believe in such a software or simulator
i've seen that some companies Staff actually says that this kind of test will not show how AV will react to the real-world ransomwares and malwares with its behavior blocker ( Emsisoft and Dr.Web and F-Secure at least in my case )


and if you want more information on this please contact the Dr.Web technical supportor post it on their forum and someone will reach to you asap
there is no technical support of Dr.Web in MalwareTips probably
 

mohamed_ajlan

New Member
Apr 19, 2020
4
as far as i know most of the companies do not believe in such a software or simulator
i've seen that some companies Staff actually says that this kind of test will not show how AV will react to the real-world ransomwares and malwares with its behavior blocker ( Emsisoft and Dr.Web and F-Secure at least in my case )


and if you want more information on this please contact the Dr.Web technical supportor post it on their forum and someone will reach to you asap
there is no technical support of Dr.Web in MalwareTips probably
hi
thank you for helpful reply which makes it clear to me .
i already post on Dr.web's forum but no one responed yet here:
but i got a reply from other security forums that i am using their solution on different computers like Emsisoft reply :
and reply from Eset recieved through email:
The problem with simulators of such kind presents itself in its name, already. The encryption of files is just simulated. Harmful procedures, such as data theft or deleting volume shadow copies are not performed (hopefully), there’s no contact to command & control servers run by cybercriminals and none of the typical ransom notes is displayed. Besides, there are legitimate reasons to encrypt files – official encryption software to boost your security against real cybercriminals. So, where to draw the line, if whether the simulator nor the vendor who created it are performing illegal/criminal activities and when you have hundreds of such supposed tests?
ESET develops all of its products to reliably fight real threats, not to score well in tests for marketing reasons. So, rest assured that we will continue to reliably and best possibly protect you from real ransomware without producing false detections on legitimate applications .

My best Regards
 

Like a Western!

Level 8
Apr 6, 2016
364
i already post on Dr.web's forum but no one responed yet here:
if you are their customer and have a paid license
then ask any matter you'd like to discuss with them in the technical supports form on the website not on forum
ofc you can be in touch with some of the staff at thei forum but they're mostly in Beta program and bugtracker stuff and also you've posted on their russian forum which might be the reason that no one yet commented on the matter,
they have an english forum as well that several Dr.Web Staff and forum moderators do moniter it.
they used to be pretty good in answering all the stuff i used to ask them
 

mohamed_ajlan

New Member
Apr 19, 2020
4
if you are their customer and have a paid license
then ask any matter you'd like to discuss with them in the technical supports form on the website not on forum
ofc you can be in touch with some of the staff at thei forum but they're mostly in Beta program and bugtracker stuff and also you've posted on their russian forum which might be the reason that no one yet commented on the matter,
they have an english forum as well that several Dr.Web Staff and forum moderators do moniter it.
they used to be pretty good in answering all the stuff i used to ask them
I sent a message to Sergey and Roman , come with an answer.
Thank you all for your nice concern about my issue , i realy appreciate that .
 

Paul.R

Level 17
Verified
May 16, 2013
829
@mohamed_ajlan
If you have more questions let me know, I will come with an answer

Coming with news:


It is true, that a simulator is not like the real world.
It's an innocuous application that doesn't tell anything about real detection and protection capabilities of Dr.Web products. They test behavior blocking without distinguishing between malicious and benign (non-malicious) applications. However, Dr.Web does not only monitor the system and/or processes for suspicious behavior, but it also scans memory for malware-like code. This also enables Dr.Web not to warn about benign applications. Needless to say that there are many ways how the encryption works so the simulator may theoretically help malware authors to avoid techniques used by the simulator.
In a nutshell, programs that pass the simulator tests may be more prone to encryption by ransomware than Dr.Web.
 

mohamed_ajlan

New Member
Apr 19, 2020
4
@mohamed_ajlan
If you have more questions let me know, I will come with an answer

Coming with news:


It is true, that a simulator is not like the real world.
It's an innocuous application that doesn't tell anything about real detection and protection capabilities of Dr.Web products. They test behavior blocking without distinguishing between malicious and benign (non-malicious) applications. However, Dr.Web does not only monitor the system and/or processes for suspicious behavior, but it also scans memory for malware-like code. This also enables Dr.Web not to warn about benign applications. Needless to say that there are many ways how the encryption works so the simulator may theoretically help malware authors to avoid techniques used by the simulator.
In a nutshell, programs that pass the simulator tests may be more prone to encryption by ransomware than Dr.Web.
Thank you so much for your great help and for showing me the truth of such simulation applications .
Regards
 
  • Like
Reactions: Paul.R and stefanos
Top