Dr.Web Security Space - Prevention Protection - ransomware test
- Thread starter Evjl's Rain
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
can I disable the realtime protection but keep the behavior blocker on? otherwise I can't test it
- Apr 6, 2016
- 440
Thanks for test 
do you know the name of those ransomwares which DrWeb faild against them?
one of them was Cerber, i don't know why its faild against cerber ! i will ask , usually when DrWeb add a ransomware or i don't know any kind of malwares to its database, also know that malware's behavioral algoritm...
i'll track this question down with supports
do you know the name of those ransomwares which DrWeb faild against them?
one of them was Cerber, i don't know why its faild against cerber ! i will ask , usually when DrWeb add a ransomware or i don't know any kind of malwares to its database, also know that malware's behavioral algoritm...
i'll track this question down with supports
sorry, I don't know exactly because I executed 3-5 samples at a time so it's not easy to find out which one encrypted the files. I have to watch the video again, pause, find the sample, upload to VT, not easy actuallyThanks for test
do you know the name of those ransomwares which DrWeb faild against them?
one of them was Cerber, i don't know why its faild against cerber ! i will ask , usually when DrWeb add a ransomware or i don't know any kind of malwares to its database, also know that malware's behavioral algoritm...
i'll track this question down with supports
but don't worry, it's very rare that you catch 0-day ransomwares. Usually you are protected by signatures
Dont know?
cruelsister tested it & find it good. She may know if BB can be tested by disabling realtime protection. Hope she give the info here.
- Apr 6, 2016
- 440
and lets don't forgot that in real world i'm using DrWeb data loss prevention too ( its something like Webroot rollback but its diffrenc is DrWeb rollback eny changes on files in less than 1 sec.. )
i'll mention her here,
@cruelsister
Would love to see this one, too
Thank you @Evjl's Rain for the comprehensive test
Dr. Web has some long way to go in terms of ransomware...
@Mr.Pr I've tracked down (might have missed some):Thanks for test
do you know the name of those ransomwares which DrWeb faild against them?
one of them was Cerber, i don't know why its faild against cerber ! i will ask , usually when DrWeb add a ransomware or i don't know any kind of malwares to its database, also know that malware's behavioral algoritm...
i'll track this question down with supports
Cerber, which surprised me
Locky (no secret, Dr. Web failed every time I tested it)
Spora
.Lock (seems to be a brazilian one)
JackPot
Ishtar
Not in the HUB
Have seen a few ransomwares being missed by Dr. Web signatures after days, with major detections, too (in vid reviews). But actually you're right Good news that Dr. Web works flawlessly alongside VoodooShield
- Apr 6, 2016
- 440
thanks Ben
anybody knows these ransomwares are able to bypass SD ? because if they can then i cannot test them in my host machine ( i'm using SD on my host machine )
by the way i need to execute them, find their .exe files which can infect a system that already protected by DrWeb, then sent those samples for DrWeb and ask them what is going on with their BB..
With pleasurethanks Ben
anybody knows these ransomwares are able to bypass SD ? because if they can then i cannot test them in my host machine ( i'm using SD on my host machine )
by the way i need to execute them, find their .exe files which can infect a system that already protected by DrWeb, then sent those samples for DrWeb and ask them what is going on with their BB..
I haven't seen anything bypass SD from the time I've been using it (28.02.2016 till now on), have been testing Q360 TS and CIS 8 before I moved on to Dr. Web.
The worst thing I noticed was all my work lost inside the SD layer because of BSOD (forced restart) or a malware causing a restart not blocked by the AV. A backup and the absence of any vital data that might find it's way into dark places on the net are a must of course, as is a VPN.
As for the samples, you could ask @Evjl's Rain either for a link to the samples pack or ask for the unique SHA256 to search for the files on HybridAnalysis / Reverse.it (both use the same login as they belong together).
- Apr 5, 2014
- 6,001
so parham is kaheymal Dr.Web and he tell sherover do't worrythanks Ben
anybody knows these ransomwares are able to bypass SD ? because if they can then i cannot test them in my host machine ( i'm using SD on my host machine )
by the way i need to execute them, find their .exe files which can infect a system that already protected by DrWeb, then sent those samples for DrWeb and ask them what is going on with their BB..
- Apr 5, 2014
- 6,001
yes Dr.Web really weak against Locky ransomware and win lock malware...I confirmedWould love to see this one, too
Thank you @Evjl's Rain for the comprehensive test
Dr. Web has some long way to go in terms of ransomware...
@Mr.Pr I've tracked down (might have missed some):
Cerber, which surprised me
Locky (no secret, Dr. Web failed every time I tested it)
Spora
.Lock (seems to be a brazilian one)
JackPot
Ishtar
Not in the HUB
Good news that Dr. Web works flawlessly alongside VoodooShield
Kaspersky catch them with just system watcher
- Apr 6, 2016
- 440
i don't know whats the problem , i seen such these problems in other companies also!
for example i can say Norton still cannot block ctb-locker ( not that the old one ) with its SONAR ! why is that? no one knows
this time i will not let it go till i got an answer
for example i can say Norton still cannot block ctb-locker ( not that the old one ) with its SONAR ! why is that? no one knows
this time i will not let it go till i got an answer
You don't need to worry about malware bypassing Shadow Defender, the chances of it happening are very slim. However, it is not safe to use Shadow Defender for malware testing on your main system... Problems such as identity theft can still occur, and if you have VPN running then malware will still be able to intercept it's functioning and disable it remotely. For example, the changes are reverted by Shadow Defender, however programs can still manipulate the memory of other programs and prevent things from functioning properly - since it can do this, it can still perform actions such as steal information (data theft) from other software and access other information related to browser history, etc.
It is much safer for you to work with a Virtual Machine, where the VM is designed to only be used for malware testing - no personal information stored on it, no personal important documents, etc.
Norton Sonar works based on monitoring the execution flow of the program being executed and monitored - sadly they just are unable to create an identification system for CTB-Locker; it's more difficult than you think and a lot of testing has to be done when developing these sort of behavioral components since the last thing you want is to end up a bunch of false positive detection's flagging up on your customers systems. A better alternate would be for them to implement a proper anti-ransomware component which: identifies suspicious file modification attempts, and blocks off the Master Boot Record from modification via a device driver to prevent ransomware samples like Petya or general bootkits.for example i can say Norton still cannot block ctb-locker ( not that the old one ) with its SONAR ! why is that? no one knows
this time i will not let it go till i got an answer
Similar threads
