App Review K7 Total Security vs CXK-NMSL ransomware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Not surprising, K7‘s biggest weakness is Ransomware.
At least DataLocker safes you in 98% percent of cases (I‘ve seen it getting bypassed, too!)
I have a dozen related tickets submitted, they actually fixed the flaws for the samples (maybe families), but it seems very granular and therefore, new variants / other RW will bypass with a chance of 40-50%.
 
  • Like
Reactions: Fel Grossi, Nevi, roger_m and 6 others
Der.Reisende said:
Not surprising, K7‘s biggest weakness is Ransomware.
At least DataLocker safes you in 98% percent of cases (I‘ve seen it getting bypassed, too!)
I have a dozen related tickets submitted, they actually fixed the flaws for the samples (maybe families), but it seems very granular and therefore, new variants / other RW will bypass with a chance of 40-50%.
Click to expand...
The same 360 TS.
 
  • Like
Reactions: Fel Grossi, [correlate], Der.Reisende and 4 others
If I'm not wrong, this hub sample was a similar variant @Der.Reisende tested - that was modified by CS.
It did fail against batch file there too. Though the exe was blocked.
In the video K7 says that it blocked an untrusted program (cmd) from modifying the protected folders but it could trash the rest apparently. Uhm.
 
  • Like
  • +Reputation
Reactions: Fel Grossi, [correlate], Der.Reisende and 4 others
Parsh said:
If I'm not wrong, this hub sample was a similar variant @Der.Reisende tested - that was modified by CS.
It did fail against batch file there too. Though the exe was blocked.
In the video K7 says that it blocked an untrusted program (cmd) from modifying the protected folders but it could trash the rest apparently. Uhm.
Click to expand...
It's K7 DataLocker protecting folders (by default Documents and Pictures; with multiple users, it autodetects the folders). It's not a part of the Behaviour Blocking mechanism. It's rather the last line of defense, which can also fail.
I removed dllhost.exe from, and added SoftMaker Office to the trusted list.
1586976720093.png

EDIT: K7 DataLocker will block write access for everything not in the list, and to protected folders.
It even blocks Snipping Tool from saving pictures to the same name folder, with same error message, if not whitelisted.
 
  • Like
Reactions: Behold Eck, Parsh, upnorth and 6 others

You may also like...