@Umbra was not talking about how often they release new signatures, but how quickly they add signatures for new malware. Lately, Bitdefender has often been slow at adding signatures for 0 day malware.According to Eset Malware Research Team, when I had a chat with them in the past, they usualluy release detection after every 4 hours.
According to Bitdefender Support, they release detection every 1 hour for paid products and every 2 hours for free product.
Exact , sorry if my wording was not clear enough, after all i'm not English native.
Unfortunately, i think Emsisoft is struggling with this problem too nowdays
Yep I agree with this.
I am looking forward for your tests, maybe you could test Kaspersky 2020, I think it has one of the few behavior blockers without this blind spot.Yep I agree with this.
The way you defeat DeepGuard is you basically get a moderately well known scriptable process to do your dirty work for you.
I've got another local test where I just used a build of 7zip and used the command line command to create encrypted zip files of the user's data and that also didn't seem to trigger DeepGuard.
I might prepare another MacDefender homebrew ransomware pack this week and see if the community can help us test. It does seem like it's a general flaw of behavior blockers that if you can convince them part of your payload is whitelisted, it creates a huge blind spot. I do want to see whose BB can deal with this. It shouldn't be hard to track a process tree and trace back to who exactly triggered a whitelisted thing to happen.
I will likely just distribute the test binaries to some testers -- I do like the transparency of having someone else other than the POC writer report the result. Please feel free to let me know offline what is the best way to get such samples to those who are willing to test.I am looking forward for your tests, maybe you could test Kaspersky 2020, I think it has one of the few behavior blockers without this blind spot.