New Update How the hell WD works on Windows Home & Pro?

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Is there any advantage of BAFS on Windows Home and Pro?

Yes, it is, and this is a very important WD feature. BAFS is enabled by default in all Windows editions for all Windows 10 versions supported by Microsoft.
By design, it works only for files with MOTW. Furthermore, only PE executables (EXE, DLL, etc.) and some script types (JS, VBS, VBA macros, etc.) can be protected.
Usually, BAFS is automatically triggered when the file has been downloaded from the Internet via Edge or Chrome.


What is the advantage of BAFS protection?

Without BAFS, the downloaded files are checked only against local signatures, which in the case of WD are optimized to minimize false positives. These signatures are only average for fighting new threats.
BAFS was introduced to cover new threats by applying additional protection:
  1. It forces scanning the file against fast signatures in the WD Cloud. Fast signatures are created when malicious files have been executed on any computer connected to the cloud. This also includes any computer which uses Windows E3 or E5. So, fast signatures can take advantage of advanced WD features like: "Advanced machine learning and AI based protection for apex level viruses and malware threats", and "Advanced cloud protection that includes deep inspection and detonation". All fast signatures ale available for any computer which uses the BAFS feature (also with installed Windows Home or Pro).
  2. If the file is not known, then it is automatically blocked just as in the case of executing it. This prevents the user from running files after the download, until they are checked by behavior-based cloud features. The behavior-based features are activated just like in the case of file execution and the user can see the usual WD behavior block warning:

    BB.png

So, for the unknown malware, BASF on Windows E5 is still stronger than on Windows Home and Pro.

In the Real world malware tests, the samples have MOTW attached, so BASF is triggered and the WD scoring is high.
In the video tests, BASF is usually inactive due to the test procedure. The tester unpacks the password-protected archive with malware samples by using 3rd party unpackers (like 7-ZIP). Most unpackers do not transfer the MOTW from archive to extracted samples. The malware samples do not have MOTW, so they are ignored by BASF.
The MOTW can be transferred from the archive downloaded from the Internet to extracted malware samples when using Bandizip.

Edit.
The conclusion that fast signatures are not used when the malware file without MOTW is executed, follows from some tests made on Malware Hub in this year. I do not understand the purpose of such counterintuitive behavior, except when it is for updating fast signatures. It should be confirmed by other tests, because Microsoft can allow fast signatures with any update also for files without MOTW.
 
Last edited:

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
In the Real world malware tests, the samples have MOTW attached, so BASF is triggered and the WD scoring is high.
In the video tests, BASF is usually inactive due to the test procedure. The tester unpacks the password-protected archive with malware samples by using 3rd party unpackers (like 7-ZIP). Most unpackers do not transfer the MOTW from archive to extracted samples. The malware samples do not have MOTW, so they are ignored by BASF.

Yes, I think this is what we see in YouTube tests like TPSC, etc. when testing WD and thus the poor results. Leo @TPSC apparently doesn't understand how WD features work so he can continually advertise its "horrible" protection.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Yes, I think this is what we see in YouTube tests like TPSC, etc. when testing WD and thus the poor results. Leo @TPSC apparently doesn't understand how WD features work so he can continually advertise its "horrible" protection.
guy works for emsisoft, few last hub results;
emsisoft on default settings = infected
Windows defender + configurefender = Protected

Make video about above, and the odds change , cheeky :alien:
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
The YouTube testers do reflect a certain segment of the population, and that is the pirates who download their stuff in rar files and then unpack them. Their unpacked stuff doesn't have MOTW. But that's irrelevant, because even if every AV in the world would detect it as malware, they would turn off their AV anyways, so they can run their crack. People who do that have forfeited their right to complain.
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
The YouTube testers do reflect a certain segment of the population, and that is the pirates who download their stuff in rar files and then unpack them. Their unpacked stuff doesn't have MOTW. But that's irrelevant, because even if every AV in the world would detect it as malware, they would turn off their AV anyways, so they can run their crack. People who do that have forfeited their right to complain.
Amen to that! I don’t think people who work around their AV when it’s inconvenient count as security conscious people.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Some precautions can be made to maximize protection for files shared via USB sources and files extracted from archives:
  1. The ASR rule "Block untrusted and unsigned processes that run from USB" should be activated. This rule works also for files which were blocked when executed from the USB source and next copied to hard disk. The protection is removed after renaming the file on the hard disk.
  2. The user should install Bandizip if he/she needs something more that is available via Windows built-in ZIP unpacker.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
I found this graphic...is it current?
should we upgrade to Windows 10 pro?


View attachment 225821
This is a document mentioned by me in the first post. If you want to use the features which are not available on Windows Home (but are present in Pro ed.) then you can upgrade to Windows Pro.
 
9

93803123

I found this graphic...is it current?
should we upgrade to Windows 10 pro?


View attachment 225821

This table is accurate, but what they do not explain in it is that the ASR features for E3 and E5 are not simply settings in the GUI, GPO or AppLocker. All those additional items shown for E3 and E5 have to be manually configured individually on a policy which resides on an Enterprise master configuration system. Then that policy needs to be pushed and installed to the other systems that comprise the group or domain. How the policy gets configured and then pushed (e.g. via subscription Insight service or one's own policy server) is flexible and up to a company to configure.

In other words, @Andy Ful just cannot decide that he wants to enable ASR HIPS rules and then make them work on Home or Pro via Hard Configurator.

To be honest, not even I am sure how it all works because getting access to a fully functioning setup is difficult and expensive. I've had to do just like most people - which is to piece together little tidbits of infos that are available here and there.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
In other words, @Andy Ful just cannot decide that he wants to enable ASR HIPS rules and then make them work on Home or Pro via Hard Configurator.
...
That is right. The situation is rather complicated and dimmed by Microsoft. In fact, first I discovered that some advanced rules work, because they blocked a few of my scripts. Next, I found this document, which shows that really some advanced features should work on Windows Home and Pro.
 
Last edited:
9

93803123

That is right. The situation is rather complicated and dimmed by Microsoft. In fact, first I discovered that some advanced rules work, because they blocked a few of my scripts. Next, I found this document, which shows that really some advanced features should work on Windows Home and Pro.

To complicate matters further there is also the problem of Microsoft changing (tweaking) ASR rules as they go along. The Windows security division is actually small. It's not as if there are literally thousands of people sitting there just waiting for reports to come in from the field and then they pound-out fixes. It's just a guess, but I'm thinking the main players in the Microsoft Windows security division totals 50 or less. What I do know is that whatever the actual number is, it is a very small number relative to the entire organization.

So what. We just deal with it. As if we have any real choice in the matter except to switch to another operating system - and we all know that isn't a practical solution for many people.
 
Last edited by a moderator:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Does WD use behavior blocking?

It is funny, but many people think that WD cannot use behavior blocking. Yet, this is the most evident and sometimes annoying WD feature. If WD uses it, then the file execution is temporarily blocked and WD usually shows the alert:

View attachment 225230

The time required for scanning is set by default to 10s and can be changed up to 60s. After finishing the scan WD takes the below actions:
  1. The file is allowed to run.
  2. The file is not allowed to run. WD removes or quarantines it.
  3. The file is allowed to run, but analysis in the cloud is continued. If the malware is recognized as malicious then WD tries to stop the malware. In some cases, the reboot is required to remove or quarantine the malware.
How does it work on Windows Home and Pro?
WD uses the local signatures and local Machine Learning (ML) models to find out if the file behavior can be malicious or suspicious. If it is suspicious, then the file metadata is sent to WD cloud for quick detection or analysis. This can take several milliseconds. If ML models in the cloud still cannot classify the sample, then it is uploaded to the cloud and analyzed by more comprehensive ML models - this can take several seconds.
Each suspicious action is scored and an overall score is computed for each process. High scoring will trigger the detection of the process as malicious. The threshold when the detection is triggered depends on WD setting (CloudBlockLevel).

On Windows E5 some more advanced features are available, which can take several minutes:
  • Advanced machine learning and AI based protection for apex level viruses and malware threats
  • Advanced cloud protection that includes deep inspection and detonation
  • Emergency outbreak protection from the Intelligent Security Graph
  • Monitoring, analytics and reporting for Next Generation Protection capabilities
Here are some examples of ML behavior-based detections on Windows Pro (default, high or max ConfigureDefender settings):
The update about behavior blocking:
"Components of behavioral blocking and containment
  • On-client, policy-driven attack surface reduction rules Predefined common attack behaviors are prevented from executing, according to your attack surface reduction rules. When such behaviors attempt to execute, they can be seen in the Microsoft Defender Security Center https://securitycenter.windows.com as informational alerts. (Attack surface reduction rules are not enabled by default; you configure your policies in the Microsoft Defender Security Center.)
  • Client behavioral blocking Threats on endpoints are detected through machine learning, and then are blocked and remediated automatically. (Client behavioral blocking is enabled by default.)
  • Feedback-loop blocking (also referred to as rapid protection) Threat detections are observed through behavioral intelligence. Threats are stopped and prevented from running on other endpoints. (Feedback-loop blocking is enabled by default.)
  • Endpoint detection and response (EDR) in block mode Malicious artifacts or behaviors that are observed through post-breach protection are blocked and contained. EDR in block mode works even if Microsoft Defender Antivirus is not the primary antivirus solution. (EDR in block mode, currently in preview, is not enabled by default; you turn it on in the Microsoft Defender Security Center.)"

From the tests on Malware Hub it follows that the first two components work on any Windows edition (also Windows Home and Pro). The last component seems to work only on Windows E5 (also Microsoft 365 E3 with the Identity & Threat Protection offering subscription). I am not sure about feedback-loop blocking, but this component should work (at least) via "Block At First Sight" feature.

The behavior-based detections related to Client behavior blocking (Behavior:Win32/Persistence.*!ml , Behavior:Win32/Generic.*!ml, ... ) can be seen in the tests made by @SeriousHoax. Also, the behavior blocks related to the ASR rules can be easily recognized in these tests.
In addition to ASR rules, the below techniques should be detected on Windows 10 Home and Pro:


TacticDetection threat name
Initial AccessBehavior:Win32/InitialAccess.*!ml
ExecutionBehavior:Win32/Execution.*!ml
PersistenceBehavior:Win32/Persistence.*!ml
Privilege EscalationBehavior:Win32/PrivilegeEscalation.*!ml
Defense EvasionBehavior:Win32/DefenseEvasion.*!ml
Credential AccessBehavior:Win32/CredentialAccess.*!ml
DiscoveryBehavior:Win32/Discovery.*!ml
Lateral MovementBehavior:Win32/LateralMovement.*!ml
CollectionBehavior:Win32/Collection.*!ml
Command and ControlBehavior:Win32/CommandAndControl.*!ml
ExfiltrationBehavior:Win32/Exfiltration.*!ml
ImpactBehavior:Win32/Impact.*!ml
UncategorizedBehavior:Win32/Generic.*!ml
 
Last edited:

mazskolnieces

Level 3
Well-known
Jul 25, 2020
117
The update about behavior blocking:
"Components of behavioral blocking and containment
  • On-client, policy-driven attack surface reduction rules Predefined common attack behaviors are prevented from executing, according to your attack surface reduction rules. When such behaviors attempt to execute, they can be seen in the Microsoft Defender Security Center https://securitycenter.windows.com as informational alerts. (Attack surface reduction rules are not enabled by default; you configure your policies in the Microsoft Defender Security Center.)
  • Client behavioral blocking Threats on endpoints are detected through machine learning, and then are blocked and remediated automatically. (Client behavioral blocking is enabled by default.)
  • Feedback-loop blocking (also referred to as rapid protection) Threat detections are observed through behavioral intelligence. Threats are stopped and prevented from running on other endpoints. (Feedback-loop blocking is enabled by default.)
  • Endpoint detection and response (EDR) in block mode Malicious artifacts or behaviors that are observed through post-breach protection are blocked and contained. EDR in block mode works even if Microsoft Defender Antivirus is not the primary antivirus solution. (EDR in block mode, currently in preview, is not enabled by default; you turn it on in the Microsoft Defender Security Center.)"

From the tests on Malware Hub it follows that the first two components work on any Windows edition (also Windows Home and Pro). The last component seems to work only on Windows E5 (also Microsoft 365 E3 with the Identity & Threat Protection offering subscription). I am not sure about feedback-loop blocking, but this component should work (at least) via "Block At First Sight" feature.

The behavior-based detections related to Client behavior blocking (Behavior:Win32/Persistence.*!ml , Behavior:Win32/Generic.*!ml, ... ) can be seen in the tests made by @SeriousHoax. Also, the behavior blocks related to the ASR rules can be easily recognized in these tests.
In addition to ASR rules, the below techniques should be detected on Windows 10 Home and Pro:


TacticDetection threat name
Initial AccessBehavior:Win32/InitialAccess.*!ml
ExecutionBehavior:Win32/Execution.*!ml
PersistenceBehavior:Win32/Persistence.*!ml
Privilege EscalationBehavior:Win32/PrivilegeEscalation.*!ml
Defense EvasionBehavior:Win32/DefenseEvasion.*!ml
Credential AccessBehavior:Win32/CredentialAccess.*!ml
DiscoveryBehavior:Win32/Discovery.*!ml
Lateral MovementBehavior:Win32/LateralMovement.*!ml
CollectionBehavior:Win32/Collection.*!ml
Command and ControlBehavior:Win32/CommandAndControl.*!ml
ExfiltrationBehavior:Win32/Exfiltration.*!ml
ImpactBehavior:Win32/Impact.*!ml
UncategorizedBehavior:Win32/Generic.*!ml

MS is using MITRE ATTACK IQ matrix Tactic names.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
1597908317044.png

There are also other partners:

The integration with MITRE ATTACK IQ can be visible via Microsoft Defender Security Center with the paid ATP subscription.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
There is an interesting podcast on the web: Security Unlocked—A new podcast exploring the people and AI that power Microsoft Security solutions.

"
In each episode, hosts Nic Fillingham and Natalia Godyla take a closer look at the latest in threat intelligence, security research, and data science. Our expert guests share insights into how modern security technologies are being built, how threats are evolving, and how machine learning and artificial intelligence are being used to secure the world.
Each episode will also feature an interview with one of the many experts working in Microsoft Security. Guests will share their unique path to Microsoft and the infosec field, what they love about their calling and their predictions about the future of ML and AI.
New episodes of Security Unlocked will be released twice a month with the first three episodes available today on all major podcast platforms. We will talk about specific topics in future blogs and provide links to podcasts to get more in-depth.
"

The experts are people that actually work on Microsoft Defender (AI/ML , AMSI, etc.). :)(y)
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
MDATP.png


WD in Windows Home includes some ATP features, e.g. part of Attack surface reduction and Next Generation protection. The available features on Windows Home are in green & bold.

Attack surface reduction
The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitation.
Not included in Windows Home and Pro:
  • HIPS rules
  • Enterprise management of Application Guard (Edge browser)
  • Allow/deny lists (IP/URL, files, certificates)
  • Device based conditional access


Next-generation protection
To further reinforce the security perimeter of your network, Microsoft Defender ATP uses next-generation protection designed to catch all types of emerging threats.
Not included in Windows Home and Pro:
  • Advanced ML/AI based protection for apex level viruses and malware threats.
  • Advanced cloud protection (deep inspection and detonation in the sandbox).
  • Emergency outbreak protection.
  • Monitoring, analytics, and reporting.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Windows Defender Ransomware Protection on Windows Home and Pro.

WD can prevent/fight ransomware by using several features:
  1. Deep Learning and heuristic-based behavior detections. This is a common way of detecting ransomware by modern AVs. Unsupervised Deep Learning is used to detect totally unknown ransomware families.
  2. ASR rule "Use advanced protection against ransomware". This works as a behavior blocker.
  3. Other ASR rules prevent popular scripting attacks and other attacks used to finally execute the ransomware payload.
  4. "Ransomware Protection" feature available via Security Center. It enables Controlled Folder Access, which is smart-default-deny for applications/processes that want to access the protected folders and system protected disk areas.
The article about Deep Learning:

The articles about ASR rules:

The articles about Controlled Folder Access:

When using Controlled Folder Access (CFA) the user should bear in mind some inconvenience. The 3rd party applications like: system optimizers, backup software, disk management software, media management applications, document editors, etc. will be usually blocked from accessing the protected folders and system protected disk areas. So, the user has to have some skills to identify access issues and exclude the right executables in CFA.

One can use Windows Event Log or use ConfigureDefender to create the Log of events related to Windows Defender. The events related to CFA starts with:
  • Event ID: 1123
    (Blocked by Controlled Folder Access)
  • Event ID: 1127
    (Blocked by Controlled Folder Access - sector write block event)
The first event is a typical block when the application is blocked from accessing a file in the protected folder.
The second event is not related to protected folders, but to blocked processes when they try to access system protected disk areas.
 

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
How strong is WD (default settings) in the Home environment?

WD was is tested for a long time by professional AV testing labs (home or consumer reports):
AV-Comparatives (Real-world, Malware Protection): Test Results - AV-Comparatives (av-comparatives.org)
AV-Test: Home users (av-test.org)
Se Labs: SE Labs

One should not be excited or disappointed by the results of the particular test because any such test has a strong random factor. This is noted for example in the AV-Comparatives test methodology:
"Our tests use much more test cases (samples) per product and month than any similar test performed by other testing labs. Because of the higher statistical significance this achieves, we consider all the products in each results cluster to be equally effective, assuming that they have a false-positives rate below the industry average."
Real-World Protection Test Methodology - AV-Comparatives (av-comparatives.org)
As can be seen from the reports, the best AVs are usually in the first cluster (10 Avs or more), so they can be equally effective on malware in-the-wild (despite the differences in the particular test).

So, the best method is to gather the results of 4 types of tests (AV-Comparatives Real-World, AV-Comparatives Malware Protection, AV-Test, and SE Labs) for a long period. I did it for the period April 2018-June (October) 2020. Here are the results (1-9 places) for AVs that participated in all these tests (with exception of Bitdefender):

AV-Comparatives Real-World (July 2018 - October 2020)
1. TrendMicro, 2. F-Secure, 3. Norton, 4. Avira Pro, 5. Bitdefender, 6. Kaspersky, 7. Microsoft, 8. Avast, 9. McAfee

AV-Comparatives Malware Protection (September 2018 - September 2020)
1. Avast, 2. Norton, 3. Bitdefender, 4. Avira Pro, 5. Microsoft, 6. Kaspersky, 7. F-Secure, 8. McAfee, 9. Trend Micro

AV-Test (June 2018 - June 2020)
1. Norton, 2. Kaspersky, 2. Trend Micro, 4. Bitdefender, 4. F-Secure, 6. Avira Pro, 7. Avast, 7. Microsoft, 9. McAfee,

SE Labs (April 2018 - June 2020)
1. Norton, 2. Kaspersky, 3. Trend Micro, 3. F-Secure, 5. Microsoft, 6. Avira Free, 7. *Bitdefender, 8. McAfee, 9. Avast
Bitdefender participated only in one SE Labs test and missed 5 samples. The first 5 AVs never missed more than 3 samples in any SE Lab test.

(1) AV-Comparatives - Consumer Real-World Protection Test July-October 2020 | MalwareTips Community
(1) AVLab.pl - Microsoft Defender - pros and cons (November 2020) | MalwareTips Community
(1) AVLab.pl - Microsoft Defender - pros and cons (November 2020) | MalwareTips Community

It is hard to do the proper statistics, so let's make the simplest one (average place):

April 2018-June (October) 2020 Final List of 4 types of tests (rounded +- 0.25).
Norton ................... (3+2+1+1)/4 ~ 2
Trend Micro ...........(1+9+2+3)/4 ~ 4
F-Secure .................(2+7+4+3)/4 = 4
Kaspersky ..............(6+6+2+2)/4 = 4
* Bitdefender ............(5+3+4+7)/4 ~ 5
Avira .......................(4+4+6+6)/4 = 5

Microsoft ...............(7+5+7+5)/4 = 6
Avast ......................(8+1+7+9)/4 ~ 6

McAfee ..................(9+8+8+8)/4 ~ 8

It seems that even when considering 2 year testing period and 4 types of tests, we have very little differences between the most popular AVs (most are grouped around the 5th place). Furthermore, the second-best AV on the final scoring (Trend Micro) was the last (and far away) in the AV-Comparatives Malware Protection tests and there is no AV that could be consistently better in all 4 types of tests than Avast (second-last on the final list).
My personal opinion is that these tests cannot measure the real differences between malware protection (home environment) of the most popular AVs (marked in green on the list), because the differences are too small. Probably, only Norton and McAfee can be distinguished from the other due to very consistent high (Norton) and low (McAfee) scorings.

So, the answer for Microsoft is that WD anti-malware protection for the home users is as good as the protection of most AVs (free or Home versions). It does not mean that WD (on default settings) is as strong as for example Kaspersky (KIS participated in all tests). The advantage of some solutions (like KIS) can be seen in the business environment.

Edit1.
If we include the false positives rate which is consistently biggest for Norton and Trend Micro in AV-Comparatives False Alarm tests, then the differences will be even smaller.
For example in AV-Comparatives False Alarm tests September 2018 - September 2020 (6 tests):

-----------------------The number of false positives -------
Kaspersky.........5 + 3 + 0 + 10 + 3 = 21
Bitdefender.......9 + 6 + 7 + 7 + 6 = 35
Avira..................2 + 4 + 1 + 24 + 8 = 39
Avast.................5 + 15 + 7 + 15 +10 = 52
F-Secure..........15 + 17 + 4 + 24 + 9 = 69
McAfee............35 + 9 + 2 + 25 + 10 = 81
Microsoft.........32 + 8 + 13 + 9 + 21 = 83
Norton..............47 + 19 + 7 + 25 + 41 = 139
Trend Micro.....40 + 81 + 14 + 1 + 5 = 141
False Alarm Tests Archive - AV-Comparatives (av-comparatives.org)

It easy to see that Norton and Trend Micro which have the best anti-malware scoring, also have the worst false positives rate.
It is also interesting that Trend Micro scored very very poorly in the AV-Comparatives Malware Protection test in the year 2020, just when the false positives rate was the best (1+5 false positives). On the contrary, when Trend Micro had stellar protection results, the false positives rate was very very high.

Edit2.
The phenomenon of consistently high results of Norton worried me because it cannot probably be understood as the statistical (random) effect.

But, when looking at consistently high false positives rate and user-dependent choices in the tests, it is clear that Norton uses aggressive file reputation check (something similar to SmartScreen and PUA protection in Edge). So, one could use Windows Defender + Edge web browser (SmartScreen + PUA enabled) to get similar strong protection.
Respond to incorrect Norton alerts about unsafe downloaded files

Edit3
Corrected the error in the AV-Test Kaspersky scoring and added the scorings of AV-Comparatives Real-World test from September 2018 to be closer to the testing period of other tests.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top