Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Learn more about Remediation Time – response time to security incidents (the results from protection test in January 2023)
Message
<blockquote data-quote="Trident" data-source="post: 1026692" data-attributes="member: 99014"><p>Indeed. For majority of users it would matter whether or not their CV and wedding pictures got encrypted, and whether or not the passwords saved in Chrome got harvested.</p><p>The pre-launch and post-launch is a bit more detailed information (frequently YouTubers do it too) but it doesn’t really provide enough information on whether or not files and information were really kept safe.</p><p></p><p>Since you use monitoring and logging, I guess you should be able to conclude if the system was compromised before remediation or if the product quickly terminated the infection chain before anything could be done(that is not linked to remediation time as most of the malware employs long sleeps with the belief that it will evade emulation and virtualisation). In the event of a ransomware infection you should be able to tell if the product could reverse the encryption (if it was performed).</p><p>Behavioural blocking may have handled all related processes, services, files, folders, scheduled tasks, shortcuts, registry entries and even notes, but that doesn’t help a lot if it wasn’t done on time/files were left encrypted.</p><p></p><p>For products that offer implementation of controlled access to folders, you can consider monitoring these folders only - if a product offers certain protection feature, it is not there to beatify the UI. Users are expected to read the product guide and make use of all features properly.</p><p></p><p>Not sure who considers which products to submit, but it’s important to note that Bitdefender for example, offers AMSI integration (script scanning in settings), command line scanning and memory scanning (both new) only in its paid versions. Vendors may wish to reconsider what’s tested.</p></blockquote><p></p>
[QUOTE="Trident, post: 1026692, member: 99014"] Indeed. For majority of users it would matter whether or not their CV and wedding pictures got encrypted, and whether or not the passwords saved in Chrome got harvested. The pre-launch and post-launch is a bit more detailed information (frequently YouTubers do it too) but it doesn’t really provide enough information on whether or not files and information were really kept safe. Since you use monitoring and logging, I guess you should be able to conclude if the system was compromised before remediation or if the product quickly terminated the infection chain before anything could be done(that is not linked to remediation time as most of the malware employs long sleeps with the belief that it will evade emulation and virtualisation). In the event of a ransomware infection you should be able to tell if the product could reverse the encryption (if it was performed). Behavioural blocking may have handled all related processes, services, files, folders, scheduled tasks, shortcuts, registry entries and even notes, but that doesn’t help a lot if it wasn’t done on time/files were left encrypted. For products that offer implementation of controlled access to folders, you can consider monitoring these folders only - if a product offers certain protection feature, it is not there to beatify the UI. Users are expected to read the product guide and make use of all features properly. Not sure who considers which products to submit, but it’s important to note that Bitdefender for example, offers AMSI integration (script scanning in settings), command line scanning and memory scanning (both new) only in its paid versions. Vendors may wish to reconsider what’s tested. [/QUOTE]
Insert quotes…
Verification
Post reply
Top