Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Kaspersky and EVERYTHING else gets bypassed... See YouTube Link (Antivirus Reviews).
Message
<blockquote data-quote="Andy Ful" data-source="post: 799354" data-attributes="member: 32260"><p>That is a known fact for many years. The attacker has to compile/obfuscate something that can be detected as suspicious, but not suspicious enough to trigger the detection as malware.</p><p>Most of bypassed AVs, detected it probably as suspicious but allowed it to run without or with only a few restrictions.</p><p>As [USER=36043]@harlan4096[/USER] noticed, some of Kaspersky (also WD and possibly other AVs) advanced modules were not configured (Application Control, ASR, etc), so the tests were not performed on max settings. Furthermore, the malware was allowed to run with Administrator rights, and was not downloaded from the Internet as an EXE file (probably in the compressed archive - no SmartScreen alert).</p><p></p><p>It is not so easy to create the malware that could bypass Kaspersky's enhanced (but not max) settings, anyway.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p><p>Yet, it is not so difficult too, for a knowledgeable coder.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite111" alt=":(" title="Frown :(" loading="lazy" data-shortname=":(" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 799354, member: 32260"] That is a known fact for many years. The attacker has to compile/obfuscate something that can be detected as suspicious, but not suspicious enough to trigger the detection as malware. Most of bypassed AVs, detected it probably as suspicious but allowed it to run without or with only a few restrictions. As [USER=36043]@harlan4096[/USER] noticed, some of Kaspersky (also WD and possibly other AVs) advanced modules were not configured (Application Control, ASR, etc), so the tests were not performed on max settings. Furthermore, the malware was allowed to run with Administrator rights, and was not downloaded from the Internet as an EXE file (probably in the compressed archive - no SmartScreen alert). It is not so easy to create the malware that could bypass Kaspersky's enhanced (but not max) settings, anyway.(y) Yet, it is not so difficult too, for a knowledgeable coder.:( [/QUOTE]
Insert quotes…
Verification
Post reply
Top
