mekelek

Level 28
MH Trial
Verified
Joined
Feb 24, 2017
Messages
1,708
Operating System
Windows 10
Antivirus
Kaspersky
#81
We'll see how good or bad it is when he starts testing it in the Malware Hub and it gets bypassed daily lol.
i replaced the VM to Vipre, I dont see a point in testing Avira. Any fresh malware will bypass it since there are no sigs on it
and ransomware...
 
Likes: Der.Reisende

Arequire

Level 21
Content Creator
Verified
Joined
Feb 10, 2017
Messages
1,090
Operating System
Windows 10
Antivirus
#82
how is it gonna catch a ransomware tho? there is zero behavior analyzing or machine learning, just sigs.
Behavioural analysis (suspicious application behaviour) and cloud analysis (suspicious patterns). It does have behavioural analysis it's just incredibly weak from what I've seen:
 

mekelek

Level 28
MH Trial
Verified
Joined
Feb 24, 2017
Messages
1,708
Operating System
Windows 10
Antivirus
Kaspersky
#83
Behavioural analysis (suspicious application behaviour) and cloud analysis (suspicious patterns). It does have behavioural analysis it's just incredibly weak from what I've seen:
but there is no way to test a ransomware that has already a signature, since you can't disable realtime protection and there is no option to ignore sigs, that is my issue here.

enabling realtime will instantly delete the executable i want to test during execution..
 

Arequire

Level 21
Content Creator
Verified
Joined
Feb 10, 2017
Messages
1,090
Operating System
Windows 10
Antivirus
#85
but there is no way to test a ransomware that has already a signature, since you can't disable realtime protection and there is no option to ignore sigs, that is my issue here.

enabling realtime will instantly delete the executable i want to test during execution..
Yeah, as far as I'm aware all the modules are linked to real-time protection so you're screwed if you just wanted to test its proactive components.
 
Likes: mekelek

mekelek

Level 28
MH Trial
Verified
Joined
Feb 24, 2017
Messages
1,708
Operating System
Windows 10
Antivirus
Kaspersky
#86
Yeah, as far as I'm aware all the modules are linked to real-time protection so you're screwed if you just wanted to test its proactive components.
if there is gonna be posted some low VT detected ransomware sample here, i will clone my VM and try it with Avira.
but i'm not gonna try old samples that every AV has signatures for.

so far I could disable signature based modules in every AV i tested, except Avira.
 

Arequire

Level 21
Content Creator
Verified
Joined
Feb 10, 2017
Messages
1,090
Operating System
Windows 10
Antivirus
#87
if there is gonna be posted some low VT detected ransomware sample here, i will clone my VM and try it with Avira.
but i'm not gonna try old samples that every AV has signatures for.

so far I could disable signature based modules in every AV i tested, except Avira.
You'll have to wait for the next batch of samples and check the VT results to see how many of them are detected by Avira's sigs. Then you'll have to judge whether you feel it's worth your time or not to test it.
 

Xsjx

Level 13
Joined
Feb 21, 2017
Messages
609
Operating System
Windows 10
Antivirus
Avira
#88
Last edited by a moderator: