How to test antivirus?
- Thread starter neapo
- Start date
- Aug 11, 2014
- 124
Yes but i just would like to know if there's a guideline with software to use and correctly test and quantify how many virus were detected or not.
- Aug 11, 2014
- 124
I know you can easily test you firewall with Comodo leak test, but to test an AV like that..as far as I know, there is nothing similar to it..
You can always check detection rates for the most AV's in Malware Hub.
Sadly, 99% of the members won't run undetected files on their PC's so if you want to go more further..virtual machine is the best way.
Install software like comodo kill switch or process hacker, run the remaining (undetected) files and do a post-scan with malwarebytes/hitmanpro/emsisoft emergency kit. That's how I do it.
You can always check detection rates for the most AV's in Malware Hub.
Sadly, 99% of the members won't run undetected files on their PC's so if you want to go more further..virtual machine is the best way.
Install software like comodo kill switch or process hacker, run the remaining (undetected) files and do a post-scan with malwarebytes/hitmanpro/emsisoft emergency kit. That's how I do it.
++++AV testing procedure++++
1)Always download latest version from publishers site;
2)Always use fresh malware links from today,you can find some of those here;
3)Malware pack must be at least 1 day old to maximum 3;
4)Always use virtualization software like VirtualBox or VMware, but i recommend VBox;
5)Make sure that your AV is 100% up to date, do update after installation;
6)Do NOT change any of settings;
7)If you're trying to make video review always show users that AV has latest updates;
8)Don't disable realtime protection while extracting files from archive because AV is getting higher detection;
9)If anything lefts in folder (pack), execute those samples;
10)Use task managers like Process Hacker or Process Explorer or Comodo Killswitch;
11)For scanners use HitmanPro or Emsisoft Emergency Kit;
12)You can see how i'm doing an review in my videos by clicking here.
Hope that helps.
1)Always download latest version from publishers site;
2)Always use fresh malware links from today,you can find some of those here;
3)Malware pack must be at least 1 day old to maximum 3;
4)Always use virtualization software like VirtualBox or VMware, but i recommend VBox;
5)Make sure that your AV is 100% up to date, do update after installation;
6)Do NOT change any of settings;
7)If you're trying to make video review always show users that AV has latest updates;
8)Don't disable realtime protection while extracting files from archive because AV is getting higher detection;
9)If anything lefts in folder (pack), execute those samples;
10)Use task managers like Process Hacker or Process Explorer or Comodo Killswitch;
11)For scanners use HitmanPro or Emsisoft Emergency Kit;
12)You can see how i'm doing an review in my videos by clicking here.
Hope that helps.
- Jan 8, 2011
- 22,361
Testing an AV isn't all about how much malware can be prevented, there are other more important factors.
First, check if your Antivirus is compatible with your OS, then monitor it's stability and performance (over a period of time) to see it's not hogging the CPU/Network. Also visit other sites' reviews about it's features and whether it's any use to you, you may wish to custom/modify the installation accordingly.
Remember, AV Testing videos on Youtube shouldn't be taken seriously. Most cases, you don't know the other important factors when the tests taken place etc.
Based on my opinion.
Edit: Please see, http://malwaretips.com/threads/protecting-host-machine-from-malware-escaping-a-vm.5730/
First, check if your Antivirus is compatible with your OS, then monitor it's stability and performance (over a period of time) to see it's not hogging the CPU/Network. Also visit other sites' reviews about it's features and whether it's any use to you, you may wish to custom/modify the installation accordingly.
Remember, AV Testing videos on Youtube shouldn't be taken seriously. Most cases, you don't know the other important factors when the tests taken place etc.
Based on my opinion.
Edit: Please see, http://malwaretips.com/threads/protecting-host-machine-from-malware-escaping-a-vm.5730/
- Oct 2, 2014
- 805
It's like talking about cloud based AV's like Panda. Do they deserve all the credit of their high amount of detection rates? I don't think so, just because you compare som hash to the cloud doesn't mean it's actually that good as an overall AV. That's why is actually impossible to measure how good an AV is, or to be accurate about it. The final rule is as simple as the AV that better suit your needs is in the end the best AV for you. Even when the numbers may not say the same.
- Jul 22, 2014
- 2,525
I would also suggest network and file system/registry monitoring tools and to make a backup of your Pc/laptop.
- Sep 22, 2014
- 1,767
Can you recommend some of this tools (network and file system/registry monitoring tools)?
- May 25, 2014
- 1,559
For file System you can use Process Monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645
For Networks you can use the Network Feature from KillSwitch.
For Networks you can use the Network Feature from KillSwitch.
- May 25, 2014
- 1,559
I think its also Monitoring the registry, but you Need a good amount of disk space.
Theres also a small tool with what you can compare a registry before and after, but i dont know the Name.
EDIT: Found it: http://sourceforge.net/projects/regshot/
Theres also a small tool with what you can compare a registry before and after, but i dont know the Name.
EDIT: Found it: http://sourceforge.net/projects/regshot/
- Jul 22, 2014
- 2,525
- Jul 22, 2014
- 2,525
I would also suggest (paranoia/hardened mode) to use a pc/laptop and a router only to test AV vs Malware (to use one router is my idea, again to be in paranoia/hardened/"safer" mode). This because there are malware that might escape from VM (e.g. because they are "advanced", because of bugs in VMs or because of wrong settings or user fault...), that might infect BIOS, device's firmware (e.g USB devices..)....most very very difficult to detect, even more difficult to delete...
