Malware Hub Report EmsiSoft Anti-Malware - November 2020 Report

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

harlan4096

Super Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925
EmsiSoft Anti-Malware - November 2020 Report
Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.
__

C: Clean / P: Protected / P - NC: Protected - Not Clean / I: Infected / E: Encrypted


* Dynamic BB Bonus Test (Resident Protection Disabled)
* Partially Blocked
* BSR: Before System Reboot

* ASR: After System Reboot

November
2020​
Samples
Pack​
Static
Detection​
Dynamic
Detection​
Total
Detection​
System Files
Encrypted​
2nd Opinion
Scanners​
System
Final Status​
Thread
Link​
03/11/2020
1
0 / 1
0 / 1
0 / 1
Yes (39)
C
E
04/11/2020
2
0 / 2
2 / 2
2 / 2
No
C
P
08/11/2020
1
1 / 1
1 / 1
1 / 1
1 / 1
No
C: NPE WV
I: HMP
C
P - NC*
09/11/2020
2
0 / 2
1 / 2
1 / 2
No
C
P
10/11/2020
1
0 / 1
1 / 1
1 / 1
No
C
C
11/11/2020
7 (URLs)
1 + 2 / 7
(2 links dead)
0 / 2
3 / 7
No
C
P
12/11/2020
1
0 / 1
1 / 1
1 / 1
No
C
C
12/11/2020
2
0 / 2
1 / 2
1 / 2
No
C: HMP
I: WV NPE
BSR: I
ASR: I
14/11/2020
1
0 / 1
1 / 1
1 /1
No
C
C
14/11/2020
2
0 / 2
0 / 2
0 / 2
No
C
P - NC
17/11/2020
6 (URLs)
4 + 1 / 6
N/A
5 / 6
No
N/A
P
18/11/2020
1
0 / 1
1 / 1
1 / 1
1 / 1
1 / 1
No
C
C
20/11/2020
1
1 / 1
1 / 1
1 / 1
1 / 1
No
C
C
20/11/2020
4
0 / 4
2 / 4
2 / 4
No
C
BSR: I
ASR: P - NC
22/11/2020
2
0 / 2
0 / 2
0 / 2
No
C
BSR: I
ASR: P - NC
23/11/2020
2
0 / 2
2 / 2
2 /2
No
C
BSR: I
ASR: P
25/11/2020
2
0 / 2
2 / 2
1 / 2*
2 / 2
1 / 2*
No
C: NPE
I: WV HMP*
P
P - NC*
26/11/2020
1
0 / 1
1 / 1
1 / 1
No
C
P
28/11/2020
1
0 / 1
1 / 1
1 / 1
No
C
C
30/11/2020
5
0 / 5
4 / 5
4 / 5
No
C I
BSR: I
ASR: P
/11/2020
/
/
/
No Yes
C I NC
C P - NC I E
Post#
/11/2020
/
/
/
No Yes
C I NC
C P - NC I E
Post#
/11/2020
/
/
/
No Yes
C I NC
C P - NC I E
Post#
/11/2020
/
/
/
No Yes
C I NC
C P - NC I E
Post#
 
Last edited:

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
Can't wait to see more data here. Unfortunately, I've been noticing on my test farm that Emsisoft static scanning is picking up fewer and fewer of today's threats -- perhaps ESET and Kaspersky have both spoiled me in raising the bar for what I expect a static scanner to catch. It's surprising and a little concerning to see the BB letting some ransomware through as its reputation is that it's very sensitive (if not too sensitive).

One interesting behavior I've seen which is highlighted in the second test is that sometimes the dynamic detection just says "is identified as DANGEROUS by the anti-malware network". Perhaps Emsisoft can chime in like they usually do, but is that just a cloud hash-based AV scanner?
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Perhaps Emsisoft can chime in like they usually do, but is that just a cloud hash-based AV scanner?
afaik, Emsisoft checks a file with cloud only if we execute it
the on-demand scanner doesn't connect to the internet at all. I monitored emsisoft emergency kit with TCPview (n)
 

harlan4096

Super Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,925
Appart from checking Windows AutoRuns sections (via several tools -> SysInternals AutoRuns, Comodo AutoRuns & NirSoft TaskSchedulerView) I usually check manually some typical risky system folders where malware is spawned:

C:\*
C:\ProgramData\*
C:\Users\*
C:\Users\<account>\*
C:\Users\<account>\AppData\Local\*
C:\Users\<account>\AppData\Local\Temp\*
C:\Users\<account>\AppData\Roaming\*
 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Huge thanks @harlan4096 for this test run with Emsisoft or EAM ( Emsisoft Anti Malware ) many would perhaps rather say.

Personal, I'm very impressed by EAM and extra so how it worked/works with both samples and their payloads etc. It might not show itself if one just take a quick look at this statistic table, but as one that followed closely and even shared samples, it's been a pleasure see it in action. It's highly recommended and well worth the time try take a bit deeper peek at the tests. Simply click on the thread links on the right side in the table.

Yes, it failed a few times as all does sooner or later and it's strong side is not it's static scan, but it's BB ( behaviour blocker ) is extremely good IMO.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
Huge thanks @harlan4096 for this test run with Emsisoft or EAM ( Emsisoft Anti Malware ) many would perhaps rather say.

Personal, I'm very impressed by EAM and extra so how it worked/works with both samples and their payloads etc. It might not show itself if one just take a quick look at this statistic table, but as one that followed closely and even shared samples, it's been a pleasure see it in action. It's highly recommended and well worth the time try take a bit deeper peek at the tests. Simply click on the thread links on the right side in the table.

Yes, it failed a few times as all does sooner or later and it's strong side is not it's static scan, but it's BB ( behaviour blocker ) is extremely good IMO.
yeah totally agreed. Especially looking at its comparative performance with BitDefender TS, hopefully this is the evidence to convince folks that Emsisoft isn’t just BitDefender.

I am still a bit surprised at how many of the dynamic detects are “bad reputation” as opposed to actual behavior blocking. I think we need to separate the two notions.
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,863
yeah totally agreed. Especially looking at its comparative performance with BitDefender TS, hopefully this is the evidence to convince folks that Emsisoft isn’t just BitDefender.

I am still a bit surprised at how many of the dynamic detects are “bad reputation” as opposed to actual behavior blocking. I think we need to separate the two notions.
I was surprised by its cloud response time. Most new threats were already blacklisted on Emsi cloud by hash when they didn't have signatures. Looks like they improved this area a lot.
 

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,742
yeah totally agreed. Especially looking at its comparative performance with BitDefender TS, hopefully this is the evidence to convince folks that Emsisoft isn’t just BitDefender.

I am still a bit surprised at how many of the dynamic detects are “bad reputation” as opposed to actual behavior blocking. I think we need to separate the two notions.
Very interesting. I personally believe that file reputation scanning will ultimately prove itself to be what actually solves cybersecurity. You know, kind of like a wierd ML/Ai and file reputation combo ;). Behavior blocking is certainly vital post execution as a secondary layer, but to do this properly it is best to leave this up to vendors who specialize in this, like Emsisoft.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
I was surprised by its cloud response time. Most new threats were already blacklisted on Emsi cloud by hash when they didn't have signatures. Looks like they improved this area a lot.
Yeah I wonder what they are doing there to get such good cloud signatures for zero days. It’s impressive.

As much as I like behavior blocker testing, the best protection is to never execute malware, so a cloud hash detection is still one better than a behavior blocker alert.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top