- Nov 19, 2014
- 2,344
No worries. Thanks for the info.
Evjl's Rain Zemana Report - January 2017
- Thread starter Evjl's Rain
- Start date
This thread is being handled by a member of the staff.
- Status
- Dec 29, 2014
- 1,711
Discussion has become lively and a very informative thread. Looking forward to the results of further testing. Thanks for the work so far with this.
A side topic while we await further analysis of Zemana...Curious if anyone thinks that a-v/sig based apps ever look for key words in the title of a file like Cerber or another single word that might give away a test sample?
I installed a program called KnowBe4 Ran Sim that simulates ransomeware. 360 TS seemed to know the ten test files before the test started (almost). Grabbed them all in one alert. No surprise since probably the program has been around for some time. I was forced to restore the files to the program to run the test and then rerun with a-v off, which I was planning to do anyway. Still, it's difficult to ascertain which method of detection is being applied with 360. Log says it was File Protection but not the method of detection.
A side topic while we await further analysis of Zemana...Curious if anyone thinks that a-v/sig based apps ever look for key words in the title of a file like Cerber or another single word that might give away a test sample?
I installed a program called KnowBe4 Ran Sim that simulates ransomeware. 360 TS seemed to know the ten test files before the test started (almost). Grabbed them all in one alert. No surprise since probably the program has been around for some time. I was forced to restore the files to the program to run the test and then rerun with a-v off, which I was planning to do anyway. Still, it's difficult to ascertain which method of detection is being applied with 360. Log says it was File Protection but not the method of detection.
- Mar 8, 2013
- 22,627
No problem, I don't know 100% how ZAM Real-time works under the hood so I didn't want to give you a partial answer. What I am sure is when you see a window that Zemana blocked a harmful file, that is a 99.99% malicious file. How ZAM determines it, is what I don't know. It could be a cloud engine detection, behavior detection or Pandora detection (that has many checks whether some file is good or bad), but again I am not competent to answer that question.
the video was successfully recored. ~20 minutes uncut. Now uploading.
sorry for the long video because I don't have an SSD and recording + testing made it so slow
sorry for the long video because I don't have an SSD and recording + testing made it so slow
Nice report
From my testing Zemana does pretty well but yeah it doesn't pick up everything...Containment: VMware Workstation 12.5.2 build-4638234
Guest/OS: Windows 7 Pro SP1
Product: Zemana Antimalware Premium (latest), with Pandora
Static: Not tested
Dynamic: 5/7 (2 samples left in the folder but ZAM blocked a dropped .vbs file of 1 of the samples)
Total: 5/7
System Final Status: Infected (by second opinion scanners, including ZAM itself)
NOTE: AutoKMS.exe is not an infection
Final verdict: ZAM did a much better job than my previous tests. However, Pandora still let 1 malware pass through. It dropped a file and created an entry on boot. The realtime protection should be improved
EDIT: My mistake, it should be 5/7 in total. I removed some steps to decrease the video length. Forgot to count it properly
Guest/OS: Windows 7 Pro SP1
Product: Zemana Antimalware Premium (latest), with Pandora
Static: Not tested
Dynamic: 5/7 (2 samples left in the folder but ZAM blocked a dropped .vbs file of 1 of the samples)
Total: 5/7
System Final Status: Infected (by second opinion scanners, including ZAM itself)
NOTE: AutoKMS.exe is not an infection
Final verdict: ZAM did a much better job than my previous tests. However, Pandora still let 1 malware pass through. It dropped a file and created an entry on boot. The realtime protection should be improved
EDIT: My mistake, it should be 5/7 in total. I removed some steps to decrease the video length. Forgot to count it properly
Last edited:
According to what I saw. If it is detected by signature, there will be a red popup
Pandora -> yellow popup
- Status
Similar threads
