App Review K7 Total Security vs CXK-NMSL ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
D

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
Not surprising, K7‘s biggest weakness is Ransomware.
At least DataLocker safes you in 98% percent of cases (I‘ve seen it getting bypassed, too!)
I have a dozen related tickets submitted, they actually fixed the flaws for the samples (maybe families), but it seems very granular and therefore, new variants / other RW will bypass with a chance of 40-50%.
 
  • Like
Reactions: Fel Grossi, Nevi, roger_m and 6 others
stefanos

stefanos

Level 28
Thread author
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Der.Reisende said:
Not surprising, K7‘s biggest weakness is Ransomware.
At least DataLocker safes you in 98% percent of cases (I‘ve seen it getting bypassed, too!)
I have a dozen related tickets submitted, they actually fixed the flaws for the samples (maybe families), but it seems very granular and therefore, new variants / other RW will bypass with a chance of 40-50%.
Click to expand...
The same 360 TS.
 
  • Like
Reactions: Fel Grossi, [correlate], Der.Reisende and 4 others
Parsh

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
If I'm not wrong, this hub sample was a similar variant @Der.Reisende tested - that was modified by CS.
It did fail against batch file there too. Though the exe was blocked.
In the video K7 says that it blocked an untrusted program (cmd) from modifying the protected folders but it could trash the rest apparently. Uhm.
 
  • Like
  • +Reputation
Reactions: Fel Grossi, [correlate], Der.Reisende and 4 others
D

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
Parsh said:
If I'm not wrong, this hub sample was a similar variant @Der.Reisende tested - that was modified by CS.
It did fail against batch file there too. Though the exe was blocked.
In the video K7 says that it blocked an untrusted program (cmd) from modifying the protected folders but it could trash the rest apparently. Uhm.
Click to expand...
It's K7 DataLocker protecting folders (by default Documents and Pictures; with multiple users, it autodetects the folders). It's not a part of the Behaviour Blocking mechanism. It's rather the last line of defense, which can also fail.
I removed dllhost.exe from, and added SoftMaker Office to the trusted list.
1586976720093.png

EDIT: K7 DataLocker will block write access for everything not in the list, and to protected folders.
It even blocks Snipping Tool from saving pictures to the same name folder, with same error message, if not whitelisted.
 
  • Like
Reactions: Behold Eck, Parsh, upnorth and 6 others

Similar threads

Shadowra
    • +Reputation
    • Like
    • Thanks
App Review K7 Total Security 2024
Replies
10
Views
1,024
Video Reviews - Security and Privacy
tofargone
tofargone
NB InfoTech
    • Like
App Review Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024
Replies
4
Views
405
Video Reviews - Security and Privacy
bazang
bazang
NB InfoTech
    • Like
App Review Bitdefender vs Ransomware | Bitdefender Total Security Antivirus Review | 2023 [TESTED]
Replies
0
Views
892
Video Reviews - Security and Privacy
NB InfoTech
NB InfoTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top