Advice Request Is CCAV enough against 99% of ransomwares?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
W

Wave

It was an example. I didn't say Kaspersky actually has one now even though it might have like any other security software.

@Wave explains it better to might want to check his reply. I suck at explaining things.

Question - Is CCAV enough against 99% of ransomwares?
You don't suck at explaining anything, I've got to go back and Like your previous replies as I was too busy replying just now. :D In fact I would say you explained it better than me. ;)

Good work pointing that out btw :)

As for Kaspersky in general, I can tell you based on testing that it's much more secure than some other vendors products.. Of course they are all prone to security flaws down the line though. I would say Kaspersky is pretty tough though.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
You don't suck at explaining anything, I've got to go back and Like your previous replies as I was too busy replying just now. :D In fact I would say you explained it better than me. ;)

Good work pointing that out btw :)

As for Kaspersky in general, I can tell you based on testing that it's much more secure than some other vendors products.. Of course they are all prone to security flaws down the line though. I would say Kaspersky is pretty tough though.
Thanks mate.

Btw not like i have anything against Kaspersky but it has exploit and issues like all programs. At least they respond to bug reports fast but still nothing is 100% secure.

Project Zero: Kaspersky: Mo Unpackers, Mo Problems.
 
M

MalwareBlockerYT

Sure will try. So one of the arguments lots in the industry have is that security software not only can't protect you but it will create security problems. The reason for that is that all of them run as system applications and have full control to do anything. Let's say someone manages to take control of Kaspersky. Immediately he has access to everything and can force other security application to die. Because it has permissions the same level as the other security applications because of the escalation forced by taking over Kaspersky.

So the more programs you stuck together doesn't necessarily mean you are better protected.
Ah well said :) I get your explanation now ;) It's true that nothing gets 100% but you can try to get as close to 100% as possible.
 
W

Wave

Btw not like i have anything against Kaspersky but it has exploit and issues like all programs. At least they respond to bug reports fast but still nothing is 100% secure.
Don't worry I was actually talking about self-protection when I said that earlier but I was rushing as I had to leave for a bit so I didn't mention it back then... The self protection seems to be tougher, most vendors use the same techniques but if I recall right Kaspersky do some additional things too to protect the GUI processes from remote code execution :)
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
Don't worry I was actually talking about self-protection when I said that earlier but I was rushing as I had to leave for a bit so I didn't mention it back then... The self protection seems to be tougher, most vendors use the same techniques but if I recall right Kaspersky do some additional things too to protect the GUI processes from remote code execution :)
Correct, i believe you are right. Don't like Kaspersky for other reasons but that is personal preference. I rarely like something so doesn't come to a surprise for anyone reading my replies here. :p
 

Evjl's Rain

Level 47
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
I tested CCAV in my VM and this is the result:
- It sandboxed 99% of my samples
- MBR-encrypting ransomwares (petya) successfully damaged the VM => failed

I also installed it in my host host machine, CPU usage was always 0.1%-2.5% and never went back to 0%. Disliked => uninstalled

I tried CF with proactive preset and some personal tweaks, it blocked 100% of ransomwares and didn't cause persistent CPU usage
 
5

509322

Hi everyone,

I would like to ask about CCAV with default sandbox settings
I'm not a fan of highly restricted/untrusted rules, I prefer partially limited (CF& CIS) or a bit higher than partial but less than highly restricted (CCAV)

In this case of CCAV, can it protect agaisnt most ransomwares which are not able to bypass CCAV's sandbox?

thank you

Somewhere in this thread you mention that your objective is to be able to run business management software inside a sandbox.

Just keep in mind that - unless you configure the sandbox to save data - all data will be lost once the sandbox is closed.

Preserving the data dependency of the "business management" software that needs data to be saved and store locally to function correctly might be of paramount importance.
 
Last edited by a moderator:

Brahman

Level 18
Verified
Top Poster
Well-known
Aug 22, 2013
893
I tested CCAV in my VM and this is the result:
- It sandboxed 99% of my samples
- MBR-encrypting ransomwares (petya) successfully damaged the VM => failed

I also installed it in my host host machine, CPU usage was always 0.1%-2.5% and never went back to 0%. Disliked => uninstalled

I tried CF with proactive preset and some personal tweaks, it blocked 100% of ransomwares and didn't cause persistent CPU usage
Thats interesting. i thought they were using the same sandbox tech as it is in CIS.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Thats interesting. i thought they were using the same sandbox tech as it is in CIS.
even in CIS, the sandbox protection varies between the various preset configs. Only proactive config has the heaviest sandbox protection.
 
  • Like
Reactions: Deleted member 2913
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top