Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Malwarebytes
Malware Bytes Realtime test against 1000+ recent samples
Message
<blockquote data-quote="Andy Ful" data-source="post: 982497" data-attributes="member: 32260"><p>The samples should be blocked by SRP or Forced SmartScreen when executing normally. When any AV is tested with H_C, then the result would be probably the same as for Defender.</p><p>So, it would be better to test Defender only with ConfigureDefender settings.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p><p>The test with MAX settings will give a 100% result (or close to that) due to the ASR prevalence rule.</p><p>The test with HIGH settings should miss a few samples (due to the EXE test error).</p><p>[URL unfurl="true"]https://malwaretips.com/threads/the-peculiarity-of-exe-malware-testing.112854/[/URL]</p><p></p><p>There is also one important question: Did the samples get MOTW?</p><p>If so then Avast uses CyberCapture for EXE files (detonation in the Sandbox) and all samples will be automatically blocked on execution for several minutes (up to a few hours). In the real scenario, about 2/3 EXE malware will be executed without the MOTW, so CyberCapture will not be triggered.</p><p></p><p>I am not sure if Norton did really miss any sample. It uses Download Insight for EXE files, which is as strong as Avast CyberCapture (or even stronger). In this case, you must carefully inspect the results for false-negative events.</p><p></p><p>As you correctly mentioned, "take test this with a grain of salt, its a very very very unrealistic and hard test, and is not representative of normal daily usage". Of course, the tests + discussion about results can help many readers to learn something.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite130" alt="(y)" title="Thumbs up (y)" loading="lazy" data-shortname="(y)" /></p></blockquote><p></p>
[QUOTE="Andy Ful, post: 982497, member: 32260"] The samples should be blocked by SRP or Forced SmartScreen when executing normally. When any AV is tested with H_C, then the result would be probably the same as for Defender. So, it would be better to test Defender only with ConfigureDefender settings.:)(y) The test with MAX settings will give a 100% result (or close to that) due to the ASR prevalence rule. The test with HIGH settings should miss a few samples (due to the EXE test error). [URL unfurl="true"]https://malwaretips.com/threads/the-peculiarity-of-exe-malware-testing.112854/[/URL] There is also one important question: Did the samples get MOTW? If so then Avast uses CyberCapture for EXE files (detonation in the Sandbox) and all samples will be automatically blocked on execution for several minutes (up to a few hours). In the real scenario, about 2/3 EXE malware will be executed without the MOTW, so CyberCapture will not be triggered. I am not sure if Norton did really miss any sample. It uses Download Insight for EXE files, which is as strong as Avast CyberCapture (or even stronger). In this case, you must carefully inspect the results for false-negative events. As you correctly mentioned, "take test this with a grain of salt, its a very very very unrealistic and hard test, and is not representative of normal daily usage". Of course, the tests + discussion about results can help many readers to learn something.(y) [/QUOTE]
Insert quotes…
Verification
Post reply
Top