Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
May 2022: Advanced In The Wild Malware Test (changes based on user suggestions)
Message
<blockquote data-quote="Andy Ful" data-source="post: 995226" data-attributes="member: 32260"><p>@<a href="https://malwaretips.com/posts/995090/reactions" target="_blank">Adrian Ścibor</a></p><p></p><p>I think that the testing methodology for Avast can be improved.</p><p>For now, the samples are detected by the Avast signatures, or CyberCapture is triggered. If CyberCapture is unable to confirm that the EXE file with MOTW is safe, then it is always detonated in the Avast cloud sandbox.</p><p></p><p>[ATTACH=full]267808[/ATTACH]</p><p></p><p>[URL unfurl="true"]https://support.avast.com/en-us/article/54/#pc[/URL]</p><p></p><p>The problem is that the sandbox analysis can last a few hours and the file is locked until it will be recognized as safe. So many samples are considered by the AVLab testing environment as blocked before the sandbox analysis will be finished. Among 2000 samples there can be several samples that will run in the sandbox but refuse to do malicious things. </p><p>I do not know how close to perfection is the Avast cloud sandbox. But, if it would not perfect, the test results will be still perfect.</p><p></p><p>Post edited/shortened for more clarity.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 995226, member: 32260"] @[URL='https://malwaretips.com/posts/995090/reactions']Adrian Ścibor[/URL] I think that the testing methodology for Avast can be improved. For now, the samples are detected by the Avast signatures, or CyberCapture is triggered. If CyberCapture is unable to confirm that the EXE file with MOTW is safe, then it is always detonated in the Avast cloud sandbox. [ATTACH type="full" alt="1656693297552.png"]267808[/ATTACH] [URL unfurl="true"]https://support.avast.com/en-us/article/54/#pc[/URL] The problem is that the sandbox analysis can last a few hours and the file is locked until it will be recognized as safe. So many samples are considered by the AVLab testing environment as blocked before the sandbox analysis will be finished. Among 2000 samples there can be several samples that will run in the sandbox but refuse to do malicious things. I do not know how close to perfection is the Avast cloud sandbox. But, if it would not perfect, the test results will be still perfect. Post edited/shortened for more clarity. [/QUOTE]
Insert quotes…
Verification
Post reply
Top