Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Giveaways
Giveaways, Promotions and Contests
McAfee Endpoint Unmanaged client - no term limits
Message
<blockquote data-quote="bayasdev" data-source="post: 884599" data-attributes="member: 41799"><p>I don't think this is the panacea of "free" AVs, it needs a lot of tweaking with exploit prevention rules to get optimal protection against fileless attacks.</p><p></p><p>I've conducted a personal test with ENS using my custom settings and Avast Free with HM vs a Netwalker fileless ransomware sample with very low detection (4/59).</p><p>[URL unfurl="true"]https://www.virustotal.com/gui/file/68cf2072515bb9cf6ad418615c1f52dcdf24ca1ee46d115a3de2146d1d40d59e/detection[/URL]</p><p></p><p>ENS at default exploit prevention rules failed against Netwalker</p><p></p><p>[ATTACH=full]241051[/ATTACH]</p><p>[ATTACH=full]241055[/ATTACH]</p><p></p><p></p><p>Avast already detected the file by signatures, so I rolled back the test VM to an old snapshot and cut the internet access to prevent it from calling the cloud.</p><p></p><p>[ATTACH=full]241052[/ATTACH]</p><p>[ATTACH=full]241049[/ATTACH]</p><p>[ATTACH=full]241053[/ATTACH]</p><p>[ATTACH=full]241054[/ATTACH]</p><p></p><p>Behavior shield managed to block it and protected our files from fileless Netwalker.</p><p></p><p>PD: With this post I'm not saying "hey go and install Avast right now", instead I'm clarifying about the default settings of McAfee ENS.</p></blockquote><p></p>
[QUOTE="bayasdev, post: 884599, member: 41799"] I don't think this is the panacea of "free" AVs, it needs a lot of tweaking with exploit prevention rules to get optimal protection against fileless attacks. I've conducted a personal test with ENS using my custom settings and Avast Free with HM vs a Netwalker fileless ransomware sample with very low detection (4/59). [URL unfurl="true"]https://www.virustotal.com/gui/file/68cf2072515bb9cf6ad418615c1f52dcdf24ca1ee46d115a3de2146d1d40d59e/detection[/URL] ENS at default exploit prevention rules failed against Netwalker [ATTACH type="full" alt="McAfee Enterprise-2020-05-23-09-27-20.png"]241051[/ATTACH] [ATTACH type="full" alt="McAfee Enterprise-2020-05-23-09-44-46.png"]241055[/ATTACH] Avast already detected the file by signatures, so I rolled back the test VM to an old snapshot and cut the internet access to prevent it from calling the cloud. [ATTACH type="full" alt="Avast VM-2020-05-24-08-33-19.png"]241052[/ATTACH] [ATTACH type="full" alt="Avast VM-2020-05-24-08-36-07.png"]241049[/ATTACH] [ATTACH type="full" alt="Avast VM-2020-05-24-08-36-26.png"]241053[/ATTACH] [ATTACH type="full" alt="Avast VM-2020-05-24-08-40-42.png"]241054[/ATTACH] Behavior shield managed to block it and protected our files from fileless Netwalker. PD: With this post I'm not saying "hey go and install Avast right now", instead I'm clarifying about the default settings of McAfee ENS. [/QUOTE]
Insert quotes…
Verification
Post reply
Top