Promoting that the product has 68 engines is the most absurd (and useless) thing I've come across in quite a while. For any that care, look at the engine listing here:
http://www.herdprotect.com/engines.aspx
Although at first glance it looks wonderful, on second glance (and beyond) it is just ridiculous. Note that 2 of the engines used are Kaspersky and Malwarebytes- I think all here will agree that both have top tier definitions, so if Herdprotect already uses these two, can someone please explain what things like ClamAV, ByteHero, and the totally useless UnThreat are bringing to the table? Are we supposed to think that scanners with sub-50% detection rates will add anything in actually detecting malware?
But enough of that. I had to attempt to test this thing out. I secured a malware pack and ran into the first roadblock: no on demand scan of folders (I know, it's a beta and the authors will add it later. Doesn't help me out today, though), so a simple comparative Folder Scan was not possible. But there is a way of testing it- run a few malicious files on an unprotected computer; nothing that will freeze it up like ransomware, but instead things that will be resident in memory on reboot, and obviously allow the computer to be successfully restarted. Things like a Zbot, a Zeus, a few Agents, and a Bitcoin miner. Then all that has to be done is do a quick scan with Malwarebytes.
So- the test:
1). A sacrificial test box running Windows 7 64bit was used (no VM). It was unprotected by any security software.
2). Malware was selected from the zoo. As noted above a single sample was selected from Zeus, Zbot, PWS, worm, injector, agent. All were initially scanned with Malwarebytes to confirm initial detection by that product.
3). The samples were run, the system was rebooted.
4). A scan with Malwarebytes was performed, results were noted.
5). A scan with HerdProtect was run, results were noted.
Findings:
1). The MB scan on reboot showed 14 unique malware files on the system; 5 running malicious memory processes were resident. I'm ignoring any registry changes (but obviously there were a bunch).
2). The HerdProtect scan on reboot resulted in 2 (yes, two) detections. It picked up the worm and the PWS. That's it.
Conclusion- Perhaps HerdProtect should concentrate on one scanner before trying to incorporate 68.
