Malware Bytes Realtime test against 1000+ recent samples

kC77

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
232
OhioRebel said:
Can you share the results for GDATA?
Click to expand...
well it was too slow to complete the test, most here can do 1000 samples in 6-15 minutes....
after 1 hour 30, g-data hadnt even got through 100, it was really slow at deciding what to do with the samples, now if it was this slow and 100% accurate i could understand..... but it did miss a lot
gdata3.png

also IDS alerts were tirggered showing whatever was missed was talking to the outside world
g-data-duringtest1.jpg

being so slow, it would probably take around 20+ hours to complete this test (if it even could as it was already infected after 1/10th of the samples being ran)

but again this is an unrealistic/extreme test - G-Data is in a league of its own for how slow it is though, I wouldnt retest this
 
  • Like
Reactions: [correlate], cryogent, M4RT1NE2 and 1 other person
L0ckJaw

L0ckJaw

Level 19
Verified
Content Creator
Well-known
Feb 17, 2018
870
kC77 said:
well it was too slow to complete the test, most here can do 1000 samples in 6-15 minutes....
after 1 hour 30, g-data hadnt even got through 100, it was really slow at deciding what to do with the samples, now if it was this slow and 100% accurate i could understand..... but it did miss a lot
View attachment 265448

also IDS alerts were tirggered showing whatever was missed was talking to the outside world
View attachment 265449

being so slow, it would probably take around 20+ hours to complete this test (if it even could as it was already infected after 1/10th of the samples being ran)

but again this is an unrealistic/extreme test - G-Data is in a league of its own for how slow it is though, I wouldnt retest this
Click to expand...
You keep bla bla slow , it’s not slow. Everything you test is fail,slow , can not and will not wait anymore….. if you want to become a serious tester FINiSH the tests !
 
  • Like
Reactions: [correlate]
kC77

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
232
L0ckJaw said:
You keep bla bla slow , it’s not slow. Everything you test is fail,slow , can not and will not wait anymore….. if you want to become a serious tester FINiSH the tests !
Click to expand...
no not everything ive tested is slow, the ONLY "slow" has been G-Data
every other product runs all samples on average 6-15minutes.... after 90 minutes g-data had only ran around 100 of the 1000. (and still totally compromised)

and as for successful passes, defender/avast free/f-secure safe/mbam all aced it.... and very close to passes were arcabit/ emsisoft

once again, just take test this with a grain of salt, its a very very very unrealistic and hard test, and is not representative of normal daily usage.
also when i say pass or fail, it doesn't mean any product is good or bad and shouldnt be used, its just that it failed to stop the execution of 1 or more of 1000 recent samples.
a pass (for my own testing) is a product that stopped all 1000 without any executions, I am only sharing my findings here, and please do as I have done to you and find that ignore button.
 
  • Like
Reactions: peterfat11, [correlate], Miyagi and 4 others
kC77

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
232
  • Like
  • Applause
  • Thanks
Reactions: peterfat11, [correlate], cryogent and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
kC77 said:
Hi yes sorry
HC with all SRP on, CD in Highest
Click to expand...

The samples should be blocked by SRP or Forced SmartScreen when executing normally. When any AV is tested with H_C, then the result would be probably the same as for Defender.
So, it would be better to test Defender only with ConfigureDefender settings.:)(y)
The test with MAX settings will give a 100% result (or close to that) due to the ASR prevalence rule.
The test with HIGH settings should miss a few samples (due to the EXE test error).
malwaretips.com

The peculiarity of EXE malware testing.

The peculiarity of EXE malware testing. Let's look at the distribution of malware in the wild by file types: https://static.poder360.com.br/2021/07/relatorio.pdf We know that archives contain mostly EXE files, documents, and scripts. So, we can conclude that roughly 1/3 of initial malware...
malwaretips.com malwaretips.com

There is also one important question: Did the samples get MOTW?
If so then Avast uses CyberCapture for EXE files (detonation in the Sandbox) and all samples will be automatically blocked on execution for several minutes (up to a few hours). In the real scenario, about 2/3 EXE malware will be executed without the MOTW, so CyberCapture will not be triggered.

I am not sure if Norton did really miss any sample. It uses Download Insight for EXE files, which is as strong as Avast CyberCapture (or even stronger). In this case, you must carefully inspect the results for false-negative events.

As you correctly mentioned, "take test this with a grain of salt, its a very very very unrealistic and hard test, and is not representative of normal daily usage". Of course, the tests + discussion about results can help many readers to learn something.(y)
 
Last edited:
  • Like
Reactions: [correlate], SeriousHoax, Shadowra and 2 others
kC77

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
232
Andy Ful said:
The samples should be blocked by SRP or Forced SmartScreen when executing normally. When any AV is tested with H_C, then the result would be probably the same as for Defender.
So, it would be better to test Defender only with ConfigureDefender settings.:)(y)
The test with MAX settings will give a 100% result (or close to that) due to the ASR prevalence rule.
The test with HIGH settings should miss a few samples (due to the EXE test error).
malwaretips.com

The peculiarity of EXE malware testing.

The peculiarity of EXE malware testing. Let's look at the distribution of malware in the wild by file types: https://static.poder360.com.br/2021/07/relatorio.pdf We know that archives contain mostly EXE files, documents, and scripts. So, we can conclude that roughly 1/3 of initial malware...
malwaretips.com malwaretips.com

There is also one important question: Did the samples get MOTW?
If so then Avast uses CyberCapture for EXE files (detonation in the Sandbox) and all samples will be automatically blocked on execution for several minutes (up to a few hours).

I am not sure if Norton did really miss any sample. It uses Download Insight for EXE files, which is as strong as Avast CyberCapture (or even stronger). In this case, you must carefully inspect the results for false-negative events.(y)
Click to expand...

avast was similar to defender on highest mode... all samples 0 executions...
Norton failed massively... I think it got overwhelmed and the service crashed allowing hundreds of samples to run (test done twice same result)
 
  • Like
Reactions: [correlate], SeriousHoax and Andy Ful
Andrew3000

Andrew3000

Level 11
Verified
Top Poster
Malware Hunter
Well-known
Feb 8, 2016
537
kC77 said:
avast was similar to defender on highest mode... all samples 0 executions...
Norton failed massively... I think it got overwhelmed and the service crashed allowing hundreds of samples to run (test done twice same result)
Click to expand...
In my tests I have never seen Norton crashing.
Have you tried reinstalling everything? Could be a bug.
 
  • Like
  • Applause
Reactions: [correlate], SeriousHoax and Shadowra
kC77

kC77

Level 5
Thread author
Verified
Well-known
Aug 16, 2021
232
Andrew3000 said:
In my tests I have never seen Norton crashing.
Have you tried reinstalling everything? Could be a bug.
Click to expand...
installed test... crashed... infected...

reset test vm
install again..update... reboot. test... service or tray icon vanished mid test... infected

as with anything that fails so bad (eset/sophos/Norton I ran tests twice to confirm)

this is a hard test though and not exactly normal having 1000 potential malwares run one after the other.

proof of total compromise / fail is captured here the second test (gif) norton-test2(fail).gif (needs to be downloaded)
 
Last edited:
  • Like
Reactions: Neno, [correlate] and SeriousHoax
marcopaone

marcopaone

Level 7
Verified
Well-known
Jul 15, 2016
321
Gj, Malwarebytes. A totally disaster as it has always been.
More holes than Emmental cheese.
I can say, "there is an operating system in these malware."
:^)

80 objects found with EEK.
25 NPE.
15 KVRT
10 ESET
F-Secure Scanner is dead.
Panda 2 malware, 28 unknown.
24 GetSusp


5.png
 
  • Wow
  • Like
Reactions: harlan4096, SeriousHoax, kC77 and 1 other person
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,868
marcopaone said:
Gj, Malwarebytes. A totally disaster as it has always been.
More holes than Emmental cheese.
I can say, "there is an operating system in these malware."
:^)

80 objects found with EEK.
25 NPE.
15 KVRT
10 ESET
F-Secure Scanner is dead.
Panda 2 malware, 28 unknown.
24 GetSusp


View attachment 265576
Click to expand...
Also, Malwarebytes can't detect scripts on the disk. It doesn't have signature for scripts. Scripts are handled by their exploit protection module. So usually I won't even consider it as an option for a second opinion scanner.
 
  • Like
Reactions: harlan4096 and kC77

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
    • +Reputation
AV-Comparatives Consumer Malware Protection Test September 2024
Replies
2
Views
639
Security Statistics and Reports
Sorrento
Sorrento
Adrian Ścibor
    • +Reputation
    • Like
    • Applause
AVLab.pl Summary of the Advanced In-The-Wild Malware Test – September 2024
Replies
7
Views
942
Security Statistics and Reports
Vitali Ortzi
Vitali Ortzi
Trident
    • Like
    • Applause
    • +Reputation
  • Poll
Battle Planned: Real-world Test of Trend Micro, ZoneAlarm, Eset and Webroot
Replies
203
Views
12,240
Software Comparison
Vitali Ortzi
Vitali Ortzi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top