Kaspersky Cloud Free Vs 1000 recent samples test

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
230
windows 10 vm, with kaspersky cloud free, v's 1000 recent samples.....

not much to say...
Malware was allowed to run and did trigger my IDS

KAV free - IDS.jpg

Gif of test Gif of test download from dropbox 84mb
 

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
230
Which IDS are you using?
the one built into the UDM-Pro
 

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
230
What tool is this you are running? Looks good.

View attachment 265439
Hi its the IDS (intrusion detection system) built into my gateway (udm pro) it flags up and blocks malicious traffic, it was the alerts from that during the test that let me know the machine was compromised.
i would imagine without this, many of these failure tests from Bit defender/Kaspersky would of been a lot worse as the payloads could of got delivered without this on

you can customize what it detects and have this allowed disallowed etc on different vlans...
fw2.jpg
fw.jpg

idsmap.jpg


And the UDM has good geoblocking built in to block rogue countries completely
 
Last edited:

Trooper

Level 16
Verified
Top Poster
Well-known
Aug 28, 2015
772
Hi its the IDS (intrusion detection system) built into my gateway (udm pro) it flags up and blocks malicious traffic, it was the alerts from that during the test that let me know the machine was compromised.
i would imagine without this, many of these failure tests from Bit defender/Kaspersky would of been a lot worse as the payloads could of got delivered without this on

you can customize what it detects and have this allowed disallowed etc on different vlans...

Wow that is awesome. I may look into this at some point. Cheers!
 

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
230
Wow that is awesome. I may look into this at some point. Cheers!
you could also look into crowdsec which is a cloud IPS system CrowdSec, the open-source & collaborative IPS (not sure on your linux skills) but you could possibly run it up on a raspberry pi.... Ive never used it but if i didnt have the one inbuilt to the ubiqiti Id have a go at it
 

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
230
Interesting.
Care to test everybodys favourite here on MT, WiseVector StopX?
Hi i already have given that a go last week and it did well! (didnt record any test though) Im personally not fan of having all your data trundled off to china!
but its detection's were spot on!
Will give it another go tomorrow!
 

pxxb1

Level 9
Verified
Well-known
Jan 17, 2018
436
Hi i already have given that a go last week and it did well! (didnt record any test though) Im personally not fan of having all your data trundled off to china!
but its detection's were spot on!
Will give it another go tomorrow!

Looking forward to it, as i am sure many others do.
 
  • Like
Reactions: Venustus and kC77

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
230
You'll end up competing with me :D

(Just kidding, I'm glad to see new testers, especially since we have a different approach :) )
Hi Im not trying to compete... my testing is way more crude, I dont test the web protections/features/extras I only run samples against an av engine, and ideally like to see 0 executions.... that for me is a pass.
its amazing how many products cannot do this.
I also am probably strange in that I personally dont find an antivirus that important.... (layering protections/gateway/vlans/adblocks/piholes/dns/os updates/srp/hardening OS/firmwares & safe browsing & common sense all come before an AV for me)
 
Last edited:

Shadowra

Level 33
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,247
Hi Im not trying to compete... my testing is way more crude, I dont test the web protections/features/extras I only run samples against an av engine, and ideally like to see 0 executions.... that for me is a pass.
its amazing how many products cannot do this.
I also am probably strange in that I personally dont find an antivirus that important.... (layering protections/gateway/vlans/adblocks/piholes/dns/os updates/srp/hardening OS/firmwares & safe browsing & common sense all come before an AV for me)

I was joking, I even followed you :p
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Hi Im not trying to compete... my testing is way more crude, I dont test the web protections/features/extras I only run samples against an av engine, and ideally like to see 0 executions.... that for me is a pass.
its amazing how many products cannot do this.
I also am probably strange in that I personally dont find an antivirus that important.... (layering protections/gateway/vlans/adblocks/piholes/dns/os updates/srp/hardening OS/firmwares & safe browsing & common sense all come before an AV for me)

Do you test also non-PE files, like scripts, documents, document templates, document Add-ins, ... .?
 

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
230
Do you test also non-PE files, like scripts, documents, document templates, document Add-ins, ... .?
Hi Andy not in this test its pureley .exe only, i actually only setup the test vm to test defender and hardening with .exe but it grew arms and legs!
but i do have plenty of vbs/batch/xlsx/dlls samples, im sure results would be totally different with each
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Hi Andy not in this test its pureley .exe only, i actually only setup the test vm to test defender and hardening with .exe but it grew arms and legs!
but i do have plenty of vbs/batch/xlsx/dlls samples, im sure results would be totally different with each
I posted here, because pure EXE tests cannot be easily interpreted as protection tests. A better AV can get systematically worse results in such tests, if the samples are not extremely fresh.
 

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
230
I posted here, because pure EXE tests cannot be easily interpreted as protection tests. A better AV can get systematically worse results in such tests, if the samples are not extremely fresh.
Understood, I only really use malware bazaar as its free and easy and no registration, and while samples are added there hourly/daily im not sure just how "fresh" they are .... but all of today's tests had today;s samples from there aswell as the pack from the past 10+days
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Understood, I only really use malware bazaar as its free and easy and no registration, and while samples are added there hourly/daily im not sure just how "fresh" they are .... but all of today's tests had today;s samples from there aswell as the pack from the past 10+days

The reaction of the AV to the successful infection can be very quick nowadays (usually from a few minutes to a few hours). The test samples are often much older.
The pure EXE test favors AVs that depend more on EXE detections compared to some other AVs that can depend more on non-EXE detections. Non-EXE detections can prevent many infections via EXE payloads.
Such tests usually show only the difference in a protection method, but can hardly show the protection strength. This is especially true for AVs that get very good results in Real-World tests.

Edit.
It would be much easier to interpret pure EXE tests if the samples were related to initial EXE malware (payloads excluded).
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top