Status
Not open for further replies.

BoraMurdar

Super Moderator
MalwareTips Team
Verified
Joined
Aug 30, 2012
Messages
6,068
Operating System
Windows 10
Antivirus
Emsisoft
#2
It's OK for now...
Slower scanning speeds than HitmanPro can be explained by more scanning engines included.
It found one malformation in winsxs folder, microsoft signed dll file found only by BKAV engine, so it's false positive, as they suggest.
I like the GUI tho :)
 
Last edited:

Viking

Level 22
Verified
Joined
Oct 2, 2011
Messages
1,186
Operating System
Windows 10
Antivirus
Emsisoft
#3
An impressive list of scanners. I noticed that Pc Tools are included, haven't they been discontinued? (The AV module that is).
 

tapoo

Level 4
Verified
Joined
Jan 21, 2012
Messages
632
Operating System
Windows 7
Antivirus
Kaspersky
#4
Last edited:

cruelsister

Level 36
Content Creator
Verified
Joined
Apr 13, 2013
Messages
2,575
#5
Promoting that the product has 68 engines is the most absurd (and useless) thing I've come across in quite a while. For any that care, look at the engine listing here: http://www.herdprotect.com/engines.aspx

Although at first glance it looks wonderful, on second glance (and beyond) it is just ridiculous. Note that 2 of the engines used are Kaspersky and Malwarebytes- I think all here will agree that both have top tier definitions, so if Herdprotect already uses these two, can someone please explain what things like ClamAV, ByteHero, and the totally useless UnThreat are bringing to the table? Are we supposed to think that scanners with sub-50% detection rates will add anything in actually detecting malware?

But enough of that. I had to attempt to test this thing out. I secured a malware pack and ran into the first roadblock: no on demand scan of folders (I know, it's a beta and the authors will add it later. Doesn't help me out today, though), so a simple comparative Folder Scan was not possible. But there is a way of testing it- run a few malicious files on an unprotected computer; nothing that will freeze it up like ransomware, but instead things that will be resident in memory on reboot, and obviously allow the computer to be successfully restarted. Things like a Zbot, a Zeus, a few Agents, and a Bitcoin miner. Then all that has to be done is do a quick scan with Malwarebytes.

So- the test:
1). A sacrificial test box running Windows 7 64bit was used (no VM). It was unprotected by any security software.
2). Malware was selected from the zoo. As noted above a single sample was selected from Zeus, Zbot, PWS, worm, injector, agent. All were initially scanned with Malwarebytes to confirm initial detection by that product.
3). The samples were run, the system was rebooted.
4). A scan with Malwarebytes was performed, results were noted.
5). A scan with HerdProtect was run, results were noted.

Findings:

1). The MB scan on reboot showed 14 unique malware files on the system; 5 running malicious memory processes were resident. I'm ignoring any registry changes (but obviously there were a bunch).
2). The HerdProtect scan on reboot resulted in 2 (yes, two) detections. It picked up the worm and the PWS. That's it.

Conclusion- Perhaps HerdProtect should concentrate on one scanner before trying to incorporate 68.
 
Last edited:
Status
Not open for further replies.