Kaspersky Cloud Free Vs 1000 recent samples test

kC77

Level 4
Thread author
Aug 16, 2021
191
windows 10 vm, with kaspersky cloud free, v's 1000 recent samples.....

not much to say...
Malware was allowed to run and did trigger my IDS

KAV free - IDS.jpg

Gif of test Gif of test download from dropbox 84mb
 

kC77

Level 4
Thread author
Aug 16, 2021
191
Which IDS are you using?
the one built into the UDM-Pro
 

kC77

Level 4
Thread author
Aug 16, 2021
191
What tool is this you are running? Looks good.

View attachment 265439
Hi its the IDS (intrusion detection system) built into my gateway (udm pro) it flags up and blocks malicious traffic, it was the alerts from that during the test that let me know the machine was compromised.
i would imagine without this, many of these failure tests from Bit defender/Kaspersky would of been a lot worse as the payloads could of got delivered without this on

you can customize what it detects and have this allowed disallowed etc on different vlans...
fw2.jpg
fw.jpg

idsmap.jpg


And the UDM has good geoblocking built in to block rogue countries completely
 
Last edited:

Trooper

Level 15
Verified
Top poster
Well-known
Aug 28, 2015
736
Hi its the IDS (intrusion detection system) built into my gateway (udm pro) it flags up and blocks malicious traffic, it was the alerts from that during the test that let me know the machine was compromised.
i would imagine without this, many of these failure tests from Bit defender/Kaspersky would of been a lot worse as the payloads could of got delivered without this on

you can customize what it detects and have this allowed disallowed etc on different vlans...

Wow that is awesome. I may look into this at some point. Cheers!
 

kC77

Level 4
Thread author
Aug 16, 2021
191
Interesting.
Care to test everybodys favourite here on MT, WiseVector StopX?
Hi i already have given that a go last week and it did well! (didnt record any test though) Im personally not fan of having all your data trundled off to china!
but its detection's were spot on!
Will give it another go tomorrow!
 

pxxb1

Level 6
Jan 17, 2018
275
Hi i already have given that a go last week and it did well! (didnt record any test though) Im personally not fan of having all your data trundled off to china!
but its detection's were spot on!
Will give it another go tomorrow!

Looking forward to it, as i am sure many others do.
 
  • Like
Reactions: Venustus and kC77

kC77

Level 4
Thread author
Aug 16, 2021
191
You'll end up competing with me :D

(Just kidding, I'm glad to see new testers, especially since we have a different approach :) )
Hi Im not trying to compete... my testing is way more crude, I dont test the web protections/features/extras I only run samples against an av engine, and ideally like to see 0 executions.... that for me is a pass.
its amazing how many products cannot do this.
I also am probably strange in that I personally dont find an antivirus that important.... (layering protections/gateway/vlans/adblocks/piholes/dns/os updates/srp/hardening OS/firmwares & safe browsing & common sense all come before an AV for me)
 
Last edited:

Shadowra

Level 20
Verified
Malware Tester
Sep 2, 2021
962
Hi Im not trying to compete... my testing is way more crude, I dont test the web protections/features/extras I only run samples against an av engine, and ideally like to see 0 executions.... that for me is a pass.
its amazing how many products cannot do this.
I also am probably strange in that I personally dont find an antivirus that important.... (layering protections/gateway/vlans/adblocks/piholes/dns/os updates/srp/hardening OS/firmwares & safe browsing & common sense all come before an AV for me)

I was joking, I even followed you :p
 

Andy Ful

Level 81
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,006
Hi Im not trying to compete... my testing is way more crude, I dont test the web protections/features/extras I only run samples against an av engine, and ideally like to see 0 executions.... that for me is a pass.
its amazing how many products cannot do this.
I also am probably strange in that I personally dont find an antivirus that important.... (layering protections/gateway/vlans/adblocks/piholes/dns/os updates/srp/hardening OS/firmwares & safe browsing & common sense all come before an AV for me)

Do you test also non-PE files, like scripts, documents, document templates, document Add-ins, ... .?
 

kC77

Level 4
Thread author
Aug 16, 2021
191
Do you test also non-PE files, like scripts, documents, document templates, document Add-ins, ... .?
Hi Andy not in this test its pureley .exe only, i actually only setup the test vm to test defender and hardening with .exe but it grew arms and legs!
but i do have plenty of vbs/batch/xlsx/dlls samples, im sure results would be totally different with each
 

Andy Ful

Level 81
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,006
Hi Andy not in this test its pureley .exe only, i actually only setup the test vm to test defender and hardening with .exe but it grew arms and legs!
but i do have plenty of vbs/batch/xlsx/dlls samples, im sure results would be totally different with each
I posted here, because pure EXE tests cannot be easily interpreted as protection tests. A better AV can get systematically worse results in such tests, if the samples are not extremely fresh.
 

kC77

Level 4
Thread author
Aug 16, 2021
191
I posted here, because pure EXE tests cannot be easily interpreted as protection tests. A better AV can get systematically worse results in such tests, if the samples are not extremely fresh.
Understood, I only really use malware bazaar as its free and easy and no registration, and while samples are added there hourly/daily im not sure just how "fresh" they are .... but all of today's tests had today;s samples from there aswell as the pack from the past 10+days
 

Andy Ful

Level 81
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,006
Understood, I only really use malware bazaar as its free and easy and no registration, and while samples are added there hourly/daily im not sure just how "fresh" they are .... but all of today's tests had today;s samples from there aswell as the pack from the past 10+days

The reaction of the AV to the successful infection can be very quick nowadays (usually from a few minutes to a few hours). The test samples are often much older.
The pure EXE test favors AVs that depend more on EXE detections compared to some other AVs that can depend more on non-EXE detections. Non-EXE detections can prevent many infections via EXE payloads.
Such tests usually show only the difference in a protection method, but can hardly show the protection strength. This is especially true for AVs that get very good results in Real-World tests.

Edit.
It would be much easier to interpret pure EXE tests if the samples were related to initial EXE malware (payloads excluded).
 
Last edited: