Kaspersky and EVERYTHING else gets bypassed... See YouTube Link (Antivirus Reviews).

harlan4096

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
9,036
About Kaspersky tests and maximum settings bypasses: that is not totally exact :), the tester is only limited to raising the security level to maximum, but it did not tweak, for instead, Application Control settings or other modules, so all those bypasses can be blocked just turning on Interactive Mode and/or setting Unknown Applications to High Restricted in Application Control, as I demonstrated not so long here with Kaspersky + Scorpion 3.1 malware...
 
  • Like
  • Thanks
  • Applause
Reactions: Berny, RXZ6Q, Hollow and 18 others
Nevi

Nevi

Level 12
Verified
Top Poster
Well-known
Apr 7, 2016
573
I would not be too upset by those videos. It seems the person that do these tests, have the agenda that he can let some specific malware go through all antiviruses on the marked. We dont know what and how he do those tests, what settings etc.
Here is a detailed analysis of the "Kyrox ransomware".Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for '5943ad199607384ed7e1a4c58aef4673'

This variant is detected by 44 vendors on VT including Eset which does so as "a variant of Generik.TZCZKH."
 
  • Like
  • Thanks
Reactions: oldschool, roger_m, Brie and 4 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,817
That is a known fact for many years. The attacker has to compile/obfuscate something that can be detected as suspicious, but not suspicious enough to trigger the detection as malware.
Most of bypassed AVs, detected it probably as suspicious but allowed it to run without or with only a few restrictions.
As @harlan4096 noticed, some of Kaspersky (also WD and possibly other AVs) advanced modules were not configured (Application Control, ASR, etc), so the tests were not performed on max settings. Furthermore, the malware was allowed to run with Administrator rights, and was not downloaded from the Internet as an EXE file (probably in the compressed archive - no SmartScreen alert).

It is not so easy to create the malware that could bypass Kaspersky's enhanced (but not max) settings, anyway.(y)
Yet, it is not so difficult too, for a knowledgeable coder.:(
 
Last edited:
  • Like
  • Thanks
Reactions: Durew, Brie, Nevi and 10 others

Similar threads

Gandalf_The_Grey
    • Like
Dedoimedo: OpenSUSE Tumbleweed - Okay, but glory all be from the past
Replies
0
Views
223
ChromeOS & Linux
Gandalf_The_Grey
Gandalf_The_Grey
newandlostbutinterested
    • Like
Bifrost virus and maybe more on ios, plus I collected random data because I thought it might be helpful
Replies
2
Views
622
Mobile Malware Removal Help & Support
newandlostbutinterested
newandlostbutinterested
vtqhtr413
    • Like
Technology The apps, movies, games, and everything else we loved in 2023
Replies
0
Views
924
Technology News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top