Malware Hub Report EmsiSoft Anti-Malware - November 2020 Report

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
6,968
EmsiSoft Anti-Malware - November 2020 Report
Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.
__

C: Clean / P: Protected / P - NC: Protected - Not Clean / I: Infected / E: Encrypted


* Dynamic BB Bonus Test (Resident Protection Disabled)
* Partially Blocked
* BSR: Before System Reboot

* ASR: After System Reboot

November
2020​
Samples
Pack​
Static
Detection​
Dynamic
Detection​
Total
Detection​
System Files
Encrypted​
2nd Opinion
Scanners​
System
Final Status​
Thread
Link​
03/11/2020
1
0 / 1
0 / 1
0 / 1
Yes (39)
C
E
04/11/2020
2
0 / 2
2 / 2
2 / 2
No
C
P
08/11/2020
1
1 / 1
1 / 1
1 / 1
1 / 1
No
C: NPE WV
I: HMP
C
P - NC*
09/11/2020
2
0 / 2
1 / 2
1 / 2
No
C
P
10/11/2020
1
0 / 1
1 / 1
1 / 1
No
C
C
11/11/2020
7 (URLs)
1 + 2 / 7
(2 links dead)
0 / 2
3 / 7
No
C
P
12/11/2020
1
0 / 1
1 / 1
1 / 1
No
C
C
12/11/2020
2
0 / 2
1 / 2
1 / 2
No
C: HMP
I: WV NPE
BSR: I
ASR: I
14/11/2020
1
0 / 1
1 / 1
1 /1
No
C
C
14/11/2020
2
0 / 2
0 / 2
0 / 2
No
C
P - NC
17/11/2020
6 (URLs)
4 + 1 / 6
N/A
5 / 6
No
N/A
P
18/11/2020
1
0 / 1
1 / 1
1 / 1
1 / 1
1 / 1
No
C
C
20/11/2020
1
1 / 1
1 / 1
1 / 1
1 / 1
No
C
C
20/11/2020
4
0 / 4
2 / 4
2 / 4
No
C
BSR: I
ASR: P - NC
22/11/2020
2
0 / 2
0 / 2
0 / 2
No
C
BSR: I
ASR: P - NC
23/11/2020
2
0 / 2
2 / 2
2 /2
No
C
BSR: I
ASR: P
25/11/2020
2
0 / 2
2 / 2
1 / 2*
2 / 2
1 / 2*
No
C: NPE
I: WV HMP*
P
P - NC*
26/11/2020
1
0 / 1
1 / 1
1 / 1
No
C
P
28/11/2020
1
0 / 1
1 / 1
1 / 1
No
C
C
30/11/2020
5
0 / 5
4 / 5
4 / 5
No
C I
BSR: I
ASR: P
/11/2020
/
/
/
No Yes
C I NC
C P - NC I E
Post#
/11/2020
/
/
/
No Yes
C I NC
C P - NC I E
Post#
/11/2020
/
/
/
No Yes
C I NC
C P - NC I E
Post#
/11/2020
/
/
/
No Yes
C I NC
C P - NC I E
Post#
 
Last edited:

MacDefender

Level 14
Verified
Oct 13, 2019
644
Can't wait to see more data here. Unfortunately, I've been noticing on my test farm that Emsisoft static scanning is picking up fewer and fewer of today's threats -- perhaps ESET and Kaspersky have both spoiled me in raising the bar for what I expect a static scanner to catch. It's surprising and a little concerning to see the BB letting some ransomware through as its reputation is that it's very sensitive (if not too sensitive).

One interesting behavior I've seen which is highlighted in the second test is that sometimes the dynamic detection just says "is identified as DANGEROUS by the anti-malware network". Perhaps Emsisoft can chime in like they usually do, but is that just a cloud hash-based AV scanner?
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Apr 28, 2015
6,968
Appart from checking Windows AutoRuns sections (via several tools -> SysInternals AutoRuns, Comodo AutoRuns & NirSoft TaskSchedulerView) I usually check manually some typical risky system folders where malware is spawned:

C:\*
C:\ProgramData\*
C:\Users\*
C:\Users\<account>\*
C:\Users\<account>\AppData\Local\*
C:\Users\<account>\AppData\Local\Temp\*
C:\Users\<account>\AppData\Roaming\*
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,112
Huge thanks @harlan4096 for this test run with Emsisoft or EAM ( Emsisoft Anti Malware ) many would perhaps rather say.

Personal, I'm very impressed by EAM and extra so how it worked/works with both samples and their payloads etc. It might not show itself if one just take a quick look at this statistic table, but as one that followed closely and even shared samples, it's been a pleasure see it in action. It's highly recommended and well worth the time try take a bit deeper peek at the tests. Simply click on the thread links on the right side in the table.

Yes, it failed a few times as all does sooner or later and it's strong side is not it's static scan, but it's BB ( behaviour blocker ) is extremely good IMO.
 

MacDefender

Level 14
Verified
Oct 13, 2019
644
Huge thanks @harlan4096 for this test run with Emsisoft or EAM ( Emsisoft Anti Malware ) many would perhaps rather say.

Personal, I'm very impressed by EAM and extra so how it worked/works with both samples and their payloads etc. It might not show itself if one just take a quick look at this statistic table, but as one that followed closely and even shared samples, it's been a pleasure see it in action. It's highly recommended and well worth the time try take a bit deeper peek at the tests. Simply click on the thread links on the right side in the table.

Yes, it failed a few times as all does sooner or later and it's strong side is not it's static scan, but it's BB ( behaviour blocker ) is extremely good IMO.
yeah totally agreed. Especially looking at its comparative performance with BitDefender TS, hopefully this is the evidence to convince folks that Emsisoft isn’t just BitDefender.

I am still a bit surprised at how many of the dynamic detects are “bad reputation” as opposed to actual behavior blocking. I think we need to separate the two notions.
 

SeriousHoax

Level 34
Verified
Mar 16, 2019
2,344
yeah totally agreed. Especially looking at its comparative performance with BitDefender TS, hopefully this is the evidence to convince folks that Emsisoft isn’t just BitDefender.

I am still a bit surprised at how many of the dynamic detects are “bad reputation” as opposed to actual behavior blocking. I think we need to separate the two notions.
I was surprised by its cloud response time. Most new threats were already blacklisted on Emsi cloud by hash when they didn't have signatures. Looks like they improved this area a lot.
 

danb

From VoodooShield
Verified
Developer
May 31, 2017
824
yeah totally agreed. Especially looking at its comparative performance with BitDefender TS, hopefully this is the evidence to convince folks that Emsisoft isn’t just BitDefender.

I am still a bit surprised at how many of the dynamic detects are “bad reputation” as opposed to actual behavior blocking. I think we need to separate the two notions.
Very interesting. I personally believe that file reputation scanning will ultimately prove itself to be what actually solves cybersecurity. You know, kind of like a wierd ML/Ai and file reputation combo ;). Behavior blocking is certainly vital post execution as a secondary layer, but to do this properly it is best to leave this up to vendors who specialize in this, like Emsisoft.
 

MacDefender

Level 14
Verified
Oct 13, 2019
644
I was surprised by its cloud response time. Most new threats were already blacklisted on Emsi cloud by hash when they didn't have signatures. Looks like they improved this area a lot.
Yeah I wonder what they are doing there to get such good cloud signatures for zero days. It’s impressive.

As much as I like behavior blocker testing, the best protection is to never execute malware, so a cloud hash detection is still one better than a behavior blocker alert.
 
Top