Malware Bytes Realtime test against 1000+ recent samples

kC77

Level 4
Thread author
Aug 16, 2021
191
Can you share the results for GDATA?
well it was too slow to complete the test, most here can do 1000 samples in 6-15 minutes....
after 1 hour 30, g-data hadnt even got through 100, it was really slow at deciding what to do with the samples, now if it was this slow and 100% accurate i could understand..... but it did miss a lot
gdata3.png

also IDS alerts were tirggered showing whatever was missed was talking to the outside world
g-data-duringtest1.jpg

being so slow, it would probably take around 20+ hours to complete this test (if it even could as it was already infected after 1/10th of the samples being ran)

but again this is an unrealistic/extreme test - G-Data is in a league of its own for how slow it is though, I wouldnt retest this
 

L0ckJaw

Level 19
Content Creator
Well-known
Feb 17, 2018
907
well it was too slow to complete the test, most here can do 1000 samples in 6-15 minutes....
after 1 hour 30, g-data hadnt even got through 100, it was really slow at deciding what to do with the samples, now if it was this slow and 100% accurate i could understand..... but it did miss a lot

also IDS alerts were tirggered showing whatever was missed was talking to the outside world

being so slow, it would probably take around 20+ hours to complete this test (if it even could as it was already infected after 1/10th of the samples being ran)

but again this is an unrealistic/extreme test - G-Data is in a league of its own for how slow it is though, I wouldnt retest this
You keep bla bla slow , it’s not slow. Everything you test is fail,slow , can not and will not wait anymore….. if you want to become a serious tester FINiSH the tests !
 
  • Like
Reactions: Correlate

kC77

Level 4
Thread author
Aug 16, 2021
191
You keep bla bla slow , it’s not slow. Everything you test is fail,slow , can not and will not wait anymore….. if you want to become a serious tester FINiSH the tests !
no not everything ive tested is slow, the ONLY "slow" has been G-Data
every other product runs all samples on average 6-15minutes.... after 90 minutes g-data had only ran around 100 of the 1000. (and still totally compromised)

and as for successful passes, defender/avast free/f-secure safe/mbam all aced it.... and very close to passes were arcabit/ emsisoft

once again, just take test this with a grain of salt, its a very very very unrealistic and hard test, and is not representative of normal daily usage.
also when i say pass or fail, it doesn't mean any product is good or bad and shouldnt be used, its just that it failed to stop the execution of 1 or more of 1000 recent samples.
a pass (for my own testing) is a product that stopped all 1000 without any executions, I am only sharing my findings here, and please do as I have done to you and find that ignore button.
 

kC77

Level 4
Thread author
Aug 16, 2021
191

Andy Ful

Level 81
Verified
Helper
Top poster
Developer
Well-known
Dec 23, 2014
7,006
Hi yes sorry
HC with all SRP on, CD in Highest

The samples should be blocked by SRP or Forced SmartScreen when executing normally. When any AV is tested with H_C, then the result would be probably the same as for Defender.
So, it would be better to test Defender only with ConfigureDefender settings.:)(y)
The test with MAX settings will give a 100% result (or close to that) due to the ASR prevalence rule.
The test with HIGH settings should miss a few samples (due to the EXE test error).

There is also one important question: Did the samples get MOTW?
If so then Avast uses CyberCapture for EXE files (detonation in the Sandbox) and all samples will be automatically blocked on execution for several minutes (up to a few hours). In the real scenario, about 2/3 EXE malware will be executed without the MOTW, so CyberCapture will not be triggered.

I am not sure if Norton did really miss any sample. It uses Download Insight for EXE files, which is as strong as Avast CyberCapture (or even stronger). In this case, you must carefully inspect the results for false-negative events.

As you correctly mentioned, "take test this with a grain of salt, its a very very very unrealistic and hard test, and is not representative of normal daily usage". Of course, the tests + discussion about results can help many readers to learn something.(y)
 
Last edited:

kC77

Level 4
Thread author
Aug 16, 2021
191
The samples should be blocked by SRP or Forced SmartScreen when executing normally. When any AV is tested with H_C, then the result would be probably the same as for Defender.
So, it would be better to test Defender only with ConfigureDefender settings.:)(y)
The test with MAX settings will give a 100% result (or close to that) due to the ASR prevalence rule.
The test with HIGH settings should miss a few samples (due to the EXE test error).

There is also one important question: Did the samples get MOTW?
If so then Avast uses CyberCapture for EXE files (detonation in the Sandbox) and all samples will be automatically blocked on execution for several minutes (up to a few hours).

I am not sure if Norton did really miss any sample. It uses Download Insight for EXE files, which is as strong as Avast CyberCapture (or even stronger). In this case, you must carefully inspect the results for false-negative events.(y)

avast was similar to defender on highest mode... all samples 0 executions...
Norton failed massively... I think it got overwhelmed and the service crashed allowing hundreds of samples to run (test done twice same result)
 

Andrew3000

Level 10
Verified
Malware Tester
Well-known
Feb 8, 2016
465
avast was similar to defender on highest mode... all samples 0 executions...
Norton failed massively... I think it got overwhelmed and the service crashed allowing hundreds of samples to run (test done twice same result)
In my tests I have never seen Norton crashing.
Have you tried reinstalling everything? Could be a bug.
 

kC77

Level 4
Thread author
Aug 16, 2021
191
In my tests I have never seen Norton crashing.
Have you tried reinstalling everything? Could be a bug.
installed test... crashed... infected...

reset test vm
install again..update... reboot. test... service or tray icon vanished mid test... infected

as with anything that fails so bad (eset/sophos/Norton I ran tests twice to confirm)

this is a hard test though and not exactly normal having 1000 potential malwares run one after the other.

proof of total compromise / fail is captured here the second test (gif) norton-test2(fail).gif (needs to be downloaded)
 
Last edited:

marcopaone

Level 7
Verified
Well-known
Jul 15, 2016
320
Gj, Malwarebytes. A totally disaster as it has always been.
More holes than Emmental cheese.
I can say, "there is an operating system in these malware."
:^)

80 objects found with EEK.
25 NPE.
15 KVRT
10 ESET
F-Secure Scanner is dead.
Panda 2 malware, 28 unknown.
24 GetSusp


5.png
 

SeriousHoax

Level 42
Verified
Top poster
Well-known
Mar 16, 2019
3,196
Gj, Malwarebytes. A totally disaster as it has always been.
More holes than Emmental cheese.
I can say, "there is an operating system in these malware."
:^)

80 objects found with EEK.
25 NPE.
15 KVRT
10 ESET
F-Secure Scanner is dead.
Panda 2 malware, 28 unknown.
24 GetSusp


Also, Malwarebytes can't detect scripts on the disk. It doesn't have signature for scripts. Scripts are handled by their exploit protection module. So usually I won't even consider it as an option for a second opinion scanner.
 
  • Like
Reactions: harlan4096 and kC77