Sorry, my english sucks. Please ignore my grammar mistakes in the video
Emsisoft Internet Security - Behavior Blocker Only - ransomware test
- Thread starter Evjl's Rain
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Oct 22, 2016
- 409
- Apr 6, 2016
- 440
Thanks for test!
and your English was very better than mine by the way )) don't worry
and your English was very better than mine by the way )) don't worry
If an AV's BB can block any ransomware I consider it a success. BBs don't have a lot of time to figure out what that programs up to until it's to late.
I will compare kaspersky and bitdefender's BBs with this result
Sorry I don't really understand what you mean. Do you mean "if a BB can block 1 or some ransomwares" or "if a BB can block most or all ransomwares?
- Aug 2, 2015
- 4,286
I am time and time again impressed with EmsiSoft and their
pursuit of complete protection. Man if they ever release a cloud based
sig-free solution I will drop all other software I use for it
Thanks Rain
pursuit of complete protection. Man if they ever release a cloud based
sig-free solution I will drop all other software I use for it
Thanks Rain
- Aug 2, 2015
- 4,286
rofl Havoc encrypted your samples ? wow
this is also 1 or 2 ransomwares which can encrypt everything as well but I don't remember whichrofl Havoc encrypted your samples ? wow
havoc is weird. It encrypts .exe and .js files but spares the Documents folder
- Aug 2, 2015
- 4,286
You could put them on a thumb drive (your samples), drop 2 or 3 on the desktop, and use them,
then drop more as you need them, that way you wont loose all of your samples
if one gets through and encrypts
then drop more as you need them, that way you wont loose all of your samples
if one gets through and encrypts
Most or all. As Emsisoft did in that video.
I put the zip file in a read-only drive. I can restore them without problem. I stopped the video because I thought that was enoughYou could put them on a thumb drive (your samples), drop 2 or 3 on the desktop, and use them,
then drop more as you need them, that way you wont loose all of your samples
if one gets through and encrypts
enough to give a conclusion and to shorten the video
- Jul 13, 2014
- 766
Impressive results, considering that all shields are turned off except the BB blocker. Also at 1:47 confirms that Emsisoft has protection against exploits. Thanks for this test @Evjl's Rain
Thanks for this test @Evjl's RainI just recoreded a video for kaspersky's BB. Please guess what you think about the result
- Apr 6, 2016
- 440
put Dr.Web in your upcoming tests also
in the end you can creat a topic for compare results
in the end you can creat a topic for compare results
I may or may not create a thread to compare because everyday I collect new ransomwares which may cause failure of testing productsput Dr.Web in your upcoming tests also
in the end you can creat a topic for compare results
hmm, Dr.Web. I have seen it letting ransomwares encrypted in malware hub. According to what I observe, it has a better BB than ESET but not as good as Kaspersky, emsisoft and bitdefender
Actually, a Behavior Blocker has plenty of time to calculate different scenarios based on the behavior pattern of the sample since they work through interception of API calls (which is then logged) however they can update the score systems and perform comparisons before the function has been redirected to be completed (since the behavior blocker code becomes executed before the function call passes through to kernel-mode by NTAPI wrapper).
If they don't detect it's not because they "don't have a lot of time" (suggesting they would have caught the sample after awhile longer), it's because it won't detect it since it doesn't link the behavior pattern to representing a file with suspicious/malicious integrity, therefore it'd be a clean miss.
Regarding ransomware, not all work the same and new improvements are being added all the time - since some samples use static linking as opposed to dynamic for whatever encryption library is being used, it also makes it much more difficult to monitor. Therefore, most anti-ransomware which are well-developed and truly evolving around dynamic analysis will just monitor file modification (intercept on file write attempts - can be done with a device driver or via hooking of critical NTDLL functions) and then identify when a file is being encrypted (if it can), and the such. However some ransomware is more advanced than others (for example Petya will infect the Master Boot Record) meaning depending on the functionality of the sample and depending on the monitoring capabilities the component has in that particular software will depend on whether the zero-day ransomware will be blocked.
For example, some ransomware may be blocked by Emsisoft but might be missed by Kaspersky Anti-Ransomware, whereas some samples may be detected by Kaspersky Anti-Ransomware and missed by Malwarebytes Anti-Ransomware.
That's because they probably use a real dynamic method like the one I suggested above, as relying on only generic signatures for ransomware identification (and some anti-ransomware do just this and nothing else)... And monitoring file modification to identify suspicious modifications from an unknown/untrusted program is very clever and reliable if done correctly.
I will post the video review of kaspersky's system rollback tomorrow
you will be supprised
you will be supprised
- Aug 31, 2016
- 578
Thanks for sharing your ransomware testing video. I am definitely going to install Emsisoft Anti Malware on my PC, alongside Voodooshield of course
I will post Kaspersky video tomorrowThanks for sharing your ransomware testing video. I am definitely going to install Emsisoft Anti Malware on my PC, alongside Voodooshield of course
you can decide later.
Spoiler: even better than emsisoft's BB
- Aug 31, 2016
- 578
Is that with the same samples?I will post Kaspersky video tomorrow
you can decide later.
Spoiler: even better than emsisoft's BB
Similar threads
