Status
Not open for further replies.
Disclaimer

This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

askalan

Level 15
Malware Hunter
Verified
Disclaimer: Experimental setup for testing the effectiveness of Windows SmartScreen and script restrictions against 0-day malware samples. This test is suitable for users with more knowledge about Windows built-in security features.

1. Containment: VirtualBox 5.1.38
2. Windows: 10 Home
3. VPN: CyberGhost
4. Product: Windows SmartScreen (activated by Hard_Configurator with recommended SRP and restrictions)
5. Office: LibreOffice 6.0 (lowest Macro protection level)

changed configuration from 7 January 2019:
1. Containment: VirtualBox 5.1.38
2. Windows: 10 LTSB
3. VPN: CyberGhost
4. Product: Windows SmartScreen (activated by Hard_Configurator with recommended SRP and restrictions)
5. Office: LibreOffice (standard settings)
January 2019Amount of samplesSamples that have harmed the system/ changed system configurationFiles aren't touched/encryptedThread link

1.1.2019 - 3.1.2019

Nothing tested, since I had no access yet.

-

-

-

4.1.2019

6

0

yes

link

5.1.2019

3

0

yes

link

6.1.2019

1

0

yes

link

6.1.2019

1

0

yes

link

7.1.2019

14

0

yes

link

8.1.2019

9

0

yes

link

8.1.2019

1

0

yes

link

9.1.2019

8

0

yes

link

10.1.2019

13

0

yes

link

11.1.2019

1

0

yes

link

11.1.2019

1

0

yes

link

12.1.2019

1

0

yes

link






































































 
Last edited:

Andy Ful

Level 39
Content Creator
Trusted
Verified
By an accident, the H_C setup is especially well suited to the Malware Hub tests. It will give the best results for the most fresh samples, as compared to any antivirus protection. Those settings assume that the user starts the infection chain, so the malware files start running with the medium rights, and are blocked by the Windows build-in protection activated by H_C settings. That is the scenario related to the home user environment, where the users are well protected against the network attacks (NAT router).
If someone wanted to compare this with AV results, then it is worth mentioning that real-time AV protection is more universal, because it is intended not only for the home user scenario, but also for users in organizations and businesses.
 
Last edited:

shmu26

Level 76
Content Creator
Trusted
Verified
By an accident, the H_C setup is especially well suited to the Malware Hub tests. It will give the best results for the most fresh samples, as compared to any antivirus protection. Those settings assume that the user starts the infection chain, so the malware files start running with the medium rights, and are blocked by the Windows build-in protection activated by H_C settings. That is the scenario related to the home user environment, where the users are well protected against the network attacks (NAT router).
If someone wanted to compare this with AV results, then it is worth mentioning that real-time AV protection is more universal, because it is intended not only for the home user scenario, but also for users in organizations and businesses.
No need for caveats. H_C does well in Malware Hub testing because it protects well.
 

Gandalf_The_Grey

Level 14
Verified
Hello! I have created a survey so that you can give me tips for improvement. This poll is anonymous.

If you have time, you can answer a few questions that might help me to improve my tests with Hard_Configurator:
Survey regarding tests with Hard_Configurator

I would like to thank you in advance!
Answered the questions.
I don't understand the test and what protects the system. Just the smart screen?
 

Andy Ful

Level 39
Content Creator
Trusted
Verified
Answered the questions.
I don't understand the test and what protects the system. Just the smart screen?
@askalan explained this here:
Update - Hard_Configurator - Windows Hardening Configurator

So, there is no AV (Windows Defender is disabled), only SmartScreen and Windows built-in, hidden security options (activated by Hard_Configurator settings).

When you look at the test video, you can see that EXE files are always run via "Run As SmartScreen", and after SmartScreen check they are mostly flagged as Unrecognized and blocked. If @askalan tried to run the EXE file normally, then it would be blocked by Software Restriction Policies.
The script samples are blocked by SRP. The weaponized documents are allowed to run (also other media files, photos, etc.), but usually the malicious content cannot automatically run in Libre Office.

So far, the malicious code was not even executed on @askalan testing machine.
 

bribon77

Level 25
Verified
Hello! I have created a survey so that you can give me tips for improvement. This poll is anonymous.

If you have time, you can answer a few questions that might help me to improve my tests with Hard_Configurator:
Survey regarding tests with Hard_Configurator

I would like to thank you in advance!
I responded to the survey.(y)
Thank you for trying this great program.:giggle:
 
Status
Not open for further replies.