- Apr 13, 2013
- 3,224
Kaspersky AntiRansomware for Business beta- Part 1
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Feb 7, 2014
- 1,540
Thank you. I was waiting on this test from you impatiently.
- Mar 1, 2014
- 1,708
Good video again, cruelsister!
As far as I know, "PDM" is the behavioral detection of Kaspersky, and "UDS" is the cloud detection. From what is seen on the video, all detections are PDM detections.
As far as I know, "PDM" is the behavioral detection of Kaspersky, and "UDS" is the cloud detection. From what is seen on the video, all detections are PDM detections.
- Jan 9, 2013
- 1,457
I pitted Kaspersky AntiRansomware with Ransomware #3.zip (MalwareTips, Sept 10) and it did a great job of allowing the sample to encript my files
- May 11, 2014
- 1,639
Wow, failed on the true zero-day malware. That's why I run (in edition to an antivirus) AppGuard so it will block everything, especially in lock down mode.
Welcome back cruelsister! Love your video's, shows us what the AV companies do not!
Welcome back cruelsister! Love your video's, shows us what the AV companies do not!
- Mar 15, 2011
- 13,070
In my presumption, Kaspersky should do well cause they have good behavior detection and cloud analysis.
But seems these techniqies should incorporate more deep and not rely on what's available on AV.
But seems these techniqies should incorporate more deep and not rely on what's available on AV.
- Apr 28, 2015
- 8,915
Are You referring to this samples pack: https://malwaretips.com/threads/10-09-2016-3.63266/#post-541864 ?
- Mar 13, 2016
- 1,298
@FORUM_MODS and @FORUM_MEMBERS
I hope you don't take this as an insult, I do value your contributions, but ......
@cruelsister video's have the same appeal to me as new episodes of house of cards or ghomorrah to name a few of my favourite block buster TV series
Regards Kees
I hope you don't take this as an insult, I do value your contributions, but ......
@cruelsister video's have the same appeal to me as new episodes of house of cards or ghomorrah to name a few of my favourite block buster TV series
Regards Kees
- Nov 19, 2014
- 2,350
Nice test once more. Good job and can't wait for the second part which will be the important part for me.
- Aug 2, 2015
- 4,286
It's a "beta" taking that into consideration it did pretty well
in the first test. Thanks CruelSis
in the first test. Thanks CruelSis
it does better than some other antiransomware tools and some cloud AVs + it's free
It's like a trimmed down version of Kaspersky free (KFA) for RU
It's like a trimmed down version of Kaspersky free (KFA) for RU
Great vid, as always, thank you for sharing
About Kitty, the wallpaper looks like some ransomware I've seen before (please don't ask me which, so many variants in the wild). Is it done by you or a reprogrammed version of...?
Looking forward eagerly to Pt. 2!
About Kitty, the wallpaper looks like some ransomware I've seen before (please don't ask me which, so many variants in the wild). Is it done by you or a reprogrammed version of...?
Looking forward eagerly to Pt. 2!
- Apr 13, 2013
- 3,224
Kitty is a Locky variant that I morphed. This is what the serious Gangs will do to keep the ransomware fresh- every 8-12 hours one will be retired and a morphed one distributed. The reasoning here is that any malware newly released should be assumed to have a detection free period of 8-12 hours (if widely distributed and not targeted); so the longer a given sample remains in the wild, the more AV's will pick it up leading to diminishing returns.
I have seen exploited sites where the malc0der monitored site activity in real-time and changed the distributed malicious file every hour or so. It became easy to track the malc0der's habits; he\she followed a schedule. The attack was active at 11 am every day until 2 pm - with two or three new variants pushed within that time period.
And no, in these particular cases, the attack was not fully automated; the malc0der was actually on-line during every single attack.
Last edited by a moderator:
- Jun 22, 2014
- 864
Another good job C.S.
Nasty, nasty Kitty can`t wait to see pt2 of this cliffhanger.
Regards Eck
Nasty, nasty Kitty can`t wait to see pt2 of this cliffhanger.
Regards Eck
Thank you for the fast & comprehensive reply
I wonder if those guys can make their living out of that, as something like that must cost lots of time.
Great addition to this topic, thank you!
Not only can they make a living, it can make them rich...
- Feb 15, 2014
- 77
No. MBAR doesn't have the best track record.
Besides, one can eventually find a ransomware that will defeat\bypass all anti-ransomware products.
Last edited by a moderator:
"PDM.Trojan.Win32.Bazon.a" is a cloud behavioral detection. You'll see that the detection name won't appear in an offline test- only PDM.Trojan.Win32.Generic and similar Generic detection names (local behavioral detection rules).
Similar threads
