- Jul 27, 2019
- 13
- Content source
- https://www.youtube.com/watch?v=sdKujBZqtxE
K7 Doesn't prevent from Ransomware encryption.
K7 Total Security Vs Nemty Ransomware
- Thread starter ksgsystem
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
At least K7‘s „Data Locker“ feature should have protected user folders (like Pictures, Documents).
v16.x does have specific ransomware protection, it‘s highlighted as new feature over v15.
Anyway, i try grabbing some recent Nemty samples tomorrow, i have K7 TS v16.0.0123 installed, to see how K7 fares.
Their ransomware protection is indeed a big let down, 50% of the samples i tested against it were not recognized by BB / Anti-RW Standalone protection, files outside Data Locker protected locations are doomed.
v16.x does have specific ransomware protection, it‘s highlighted as new feature over v15.
Anyway, i try grabbing some recent Nemty samples tomorrow, i have K7 TS v16.0.0123 installed, to see how K7 fares.
Their ransomware protection is indeed a big let down, 50% of the samples i tested against it were not recognized by BB / Anti-RW Standalone protection, files outside Data Locker protected locations are doomed.
VT: VirusTotal
AnyRun: cd8129dd-d898-40c7-8b3f-b9acd7964e12 (MD5: 9F39C185C3CB3EA935D829D5280633EB) - Interactive analysis - ANY.RUN
K7 TS custom settings:
#Nemty v2.3 results: Firewall alert (blocked), intercepted almost instantly by BB, no files encrypted.
(Tested with RealTime Scanning disabled, to prevent signature detection.)
AnyRun: cd8129dd-d898-40c7-8b3f-b9acd7964e12 (MD5: 9F39C185C3CB3EA935D829D5280633EB) - Interactive analysis - ANY.RUN
K7 TS custom settings:
Containment: Shadow Defender v1.4.0.680
Guest/OS: Win10 Home v1909 (Build 18363.535)
Product: K7 Total Security v16.0.0123
VPN: OkayFreedom v1.8.7.12547
Guest/OS: Win10 Home v1909 (Build 18363.535)
Product: K7 Total Security v16.0.0123
VPN: OkayFreedom v1.8.7.12547
eMail:
Enable Worm Blocking, Scan outgoing eMails
Scanner:
also Scan Memory, Tracking Cookies, Unwanted Registry Entries, Unwanted Files
System Monitor:
High Level of Protection
Always Prompt if a new Software is installed when changes are found
Do not automatically allow signed files / recognized by the System Monitor
Firewall:
Display critical alerts
Ask for outbound connections of non-whitelisted apps
Intrusion Rules: Activate also SMB Exploit Detection 1, HTTP Server Exploit Detection 1 and FTP Server Exploit Detection 1
Enable Worm Blocking, Scan outgoing eMails
Scanner:
also Scan Memory, Tracking Cookies, Unwanted Registry Entries, Unwanted Files
System Monitor:
High Level of Protection
Always Prompt if a new Software is installed when changes are found
Do not automatically allow signed files / recognized by the System Monitor
Firewall:
Display critical alerts
Ask for outbound connections of non-whitelisted apps
Intrusion Rules: Activate also SMB Exploit Detection 1, HTTP Server Exploit Detection 1 and FTP Server Exploit Detection 1
(Tested with RealTime Scanning disabled, to prevent signature detection.)
Similar threads
