Disclaimer

This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

askalan

Level 14
MWT-Tester
Verified
Joined
Jul 27, 2017
Messages
669
Operating System
Linux
#1
Disclaimer: Experimental setup for testing the effectiveness of Windows SmartScreen and script restrictions against 0-day malware samples. This test is suitable for users with more knowledge about Windows built-in security features.

1. Containment: VirtualBox 5.1.38
2. Windows: 10 Home
3. VPN: CyberGhost
4. Product: Windows SmartScreen (activated by Hard_Configurator with recommended SRP and restrictions)
5. Office: LibreOffice 6.0 (lowest Macro protection level)

changed configuration from 7 January 2019:
1. Containment: VirtualBox 5.1.38
2. Windows: 10 LTSB
3. VPN: CyberGhost
4. Product: Windows SmartScreen (activated by Hard_Configurator with recommended SRP and restrictions)
5. Office: LibreOffice (standard settings)

January 2019

Amount of samples

Samples that have harmed the system/ changed system configuration

Files aren't touched/encrypted

Thread link

1.1.2019 - 3.1.2019

Nothing tested, since I had no access yet.

-

-

-

4.1.2019

6

0

yes

link

5.1.2019

3

0

yes

link

6.1.2019

1

0

yes

link

6.1.2019

1

0

yes

link

7.1.2019

14

0

yes

link

8.1.2019

9

0

yes

link

8.1.2019

1

0

yes

link

9.1.2019

8

0

yes

link

10.1.2019

13

0

yes

link


11.1.2019

1

0

yes

link

11.1.2019

1

0

yes

link

12.1.2019

1

0

yes

link

     
     
     
     
     
     
     
 
Last edited:

Andy Ful

Level 35
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,403
Operating System
Windows 10
Antivirus
Windows Defender
#2
By an accident, the H_C setup is especially well suited to the Malware Hub tests. It will give the best results for the most fresh samples, as compared to any antivirus protection. Those settings assume that the user starts the infection chain, so the malware files start running with the medium rights, and are blocked by the Windows build-in protection activated by H_C settings. That is the scenario related to the home user environment, where the users are well protected against the network attacks (NAT router).
If someone wanted to compare this with AV results, then it is worth mentioning that real-time AV protection is more universal, because it is intended not only for the home user scenario, but also for users in organizations and businesses.
 
Last edited:

shmu26

Level 72
Content Creator
Verified
Joined
Jul 3, 2015
Messages
6,152
Operating System
Windows 10
#3
By an accident, the H_C setup is especially well suited to the Malware Hub tests. It will give the best results for the most fresh samples, as compared to any antivirus protection. Those settings assume that the user starts the infection chain, so the malware files start running with the medium rights, and are blocked by the Windows build-in protection activated by H_C settings. That is the scenario related to the home user environment, where the users are well protected against the network attacks (NAT router).
If someone wanted to compare this with AV results, then it is worth mentioning that real-time AV protection is more universal, because it is intended not only for the home user scenario, but also for users in organizations and businesses.
No need for caveats. H_C does well in Malware Hub testing because it protects well.
 

Andy Ful

Level 35
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,403
Operating System
Windows 10
Antivirus
Windows Defender
#4

bribon77

Level 22
Verified
Joined
Jul 6, 2017
Messages
1,111
Operating System
Linux
#5

Gandalf_The_Grey

Level 12
Verified
Joined
Apr 24, 2016
Messages
574
Operating System
Windows 10
Antivirus
Windows Defender
#7
Hello! I have created a survey so that you can give me tips for improvement. This poll is anonymous.

If you have time, you can answer a few questions that might help me to improve my tests with Hard_Configurator:
Survey regarding tests with Hard_Configurator

I would like to thank you in advance!
Answered the questions.
I don't understand the test and what protects the system. Just the smart screen?
 

Andy Ful

Level 35
Content Creator
Verified
Joined
Dec 23, 2014
Messages
2,403
Operating System
Windows 10
Antivirus
Windows Defender
#8
Answered the questions.
I don't understand the test and what protects the system. Just the smart screen?
@askalan explained this here:
Update - Hard_Configurator - Windows Hardening Configurator

So, there is no AV (Windows Defender is disabled), only SmartScreen and Windows built-in, hidden security options (activated by Hard_Configurator settings).

When you look at the test video, you can see that EXE files are always run via "Run As SmartScreen", and after SmartScreen check they are mostly flagged as Unrecognized and blocked. If @askalan tried to run the EXE file normally, then it would be blocked by Software Restriction Policies.
The script samples are blocked by SRP. The weaponized documents are allowed to run (also other media files, photos, etc.), but usually the malicious content cannot automatically run in Libre Office.

So far, the malicious code was not even executed on @askalan testing machine.
 

bribon77

Level 22
Verified
Joined
Jul 6, 2017
Messages
1,111
Operating System
Linux
#10
Hello! I have created a survey so that you can give me tips for improvement. This poll is anonymous.

If you have time, you can answer a few questions that might help me to improve my tests with Hard_Configurator:
Survey regarding tests with Hard_Configurator

I would like to thank you in advance!
I responded to the survey.(y)
Thank you for trying this great program.:giggle: