and here comes the role of post-execution containment by tools such as WHHLight.
McAfee: how bad is the worst antivirus?
- Thread starter Khushal
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
The business version of McAfee also includes the Dynamic Application Containment. It is not included in the home products cuz the rest is deemed sufficient to protect the users in a real-world scenario.
This can depend on the environment. In Enterprises, the second approach is effective when Administrators do a good job when investigating the post-launch alarms.
Different MSPs would adopt different approaches. Usually, security would start in the email inbox where most attacks start too. Then there additional layers such as emulation/CDR, IPS and so on that can vastly reduce the risks. The post-launch alarms are more suitable to detect users with malicious intent, but aren’t amazing when it comes to controlling the risk of programmatic attacks.
The attacks on Enterprises can last weeks/months until the attackers are successful with lateral movement. There are many alarms/signals in the meantime, but they are usually hidden under an enormous number of normal events. The efficiency of post-launch protection can highly depend on how the team of administrators/experts can react to anomalous events. The strength of EDR depends on how it can help manage those anomalous events (event monitoring and filtering).
A recent report from CrowdStrike that requires a business email states that lateral movement can be observed as quickly as 51 seconds after the initial compromise and the average attack time from initial compromise to crown jewels exfiltration can be as quick as ~50 minutes. So often, the approach relying on the human factor and on a million of alerts generated by the XDR/EDR on a monthly basis doesn’t really keep pace. It is a race now, adversaries understand how XDR works.
Anyway, this is not really related to McAfee’s home version.
Edit: report linked
Last edited:
I could not resist posting this joke:
Leo pulls a fish out of the pond. After some time, he concludes that this kind of fish is short-lived compared to frogs.
But seriously. The Leo's videos are mainly demonstrations of his experience. He truly believes that it is better to be prepared for a possible (even rare) drought.
Leo pulls a fish out of the pond. After some time, he concludes that this kind of fish is short-lived compared to frogs.
But seriously. The Leo's videos are mainly demonstrations of his experience. He truly believes that it is better to be prepared for a possible (even rare) drought.
He was just lazy to adapt the test, yet he wanted his monetised content.I could not resist posting this joke:
Leo pulls a fish out of the pond. After some time, he concludes that this kind of fish is short-lived compared to frogs.
But seriously. The Leo's videos are mainly demonstrations of his experience. He truly believes that it is better to be prepared for a possible (even rare) drought.
Fully Agreed but it needs to be understood that Mcafee in memory protection is subpar.The seatbelts intended by the manufacturer for use in a sedan should be used in a sedan.
The author took the seatbelts from a sedan and tried to use them in his truck. The latch seatbelts did not fit, and the seatbelts did not work.
The wrong conclusion: The seatbelts are not recommended.
The right conclusion: The seatbelts should be used as intended by the manufacturer.
The useful information from the test: Those seatbelts are not universal (which was expected because the manufacturer did not mention universality in the instructions). However, it does not hurt to check whether the manufacturer tells the truth.
Unfortunately, most watchers do not notice that this is a very special kind of "test" and the author's conclusions highly prefer "frogs" over "fishes".
Last edited:
If you mean in-memory protection as in memory content scan, McAfee doesn’t offer that even in their business products and I am not sure if they integrate with TDT (I haven’t seen an article about it but they could be using it now). If you mean behavioural blocking, their behavioural blocking is way too focused on user-mode monitoring via the hook and AMSI integration.
They released their behavioural monitoring quite late (2018, more than 10 years after all major vendors) and it’s still nothing special.
They do have ransomware restoration (even though it is not particularly mentioned anywhere) but it doesn’t work very well.
I wish PCSecurityChannel would return to a normal user testing method. There is no way McAfee is this bad, right?
The program on an ordinary home computer is very effective; the cloud protection is strict and does not allow the execution of files outside of those known and safe. As shown in the test, the program does not scan network drives. Indeed, an average home user practically doesn’t use them. Was the test intentional? I don’t know. Nevertheless, I’m curious how other (competing) programs would perform in such a test. I also believe the manufacturer (support) should comment on the matter
Even if the average home user had shared drives, these drives would be residing on another device within their home network and with the multi-license options, it is assumed that McAfee will also be installed on them too. So these files would have been scanned by McAfee already, this is the reason why it is not being done again.
Even the business security products have options to trust content within the same network, because it is assumed that all devices within the whole organisation will be having the software installed.
There is a possible attack vector against some home users via IoT / Router / NAS vulnerabilities.
Compromised IoT / Router ----> malware exploits the NAS vulnerability ----> malware stored on NAS ----> user runs infected file directly from NAS
However, most home users do not use NAS. Furthermore, the above hacking method is used in highly targeted attacks. Any result of testing this, cannot have a visible impact on the overall protection of AV at home.
Compromised IoT / Router ----> malware exploits the NAS vulnerability ----> malware stored on NAS ----> user runs infected file directly from NAS
However, most home users do not use NAS. Furthermore, the above hacking method is used in highly targeted attacks. Any result of testing this, cannot have a visible impact on the overall protection of AV at home.
Last edited:
Apparently not according to Shadowra's latest testing
I don't want to analyze what the author did step by step, but it looks like he is bombarding the system with downloaded programs and files that have not been verified for harmfulness.
This includes determining whether a file is corrupted, whether it is potentially unwanted software (PUA), or whether the payload is being downloaded.
I'm sorry, but this is pure bullshit.
This includes determining whether a file is corrupted, whether it is potentially unwanted software (PUA), or whether the payload is being downloaded.
I'm sorry, but this is pure bullshit.
What is the methodology of verifying harmfulness?
Some MT members do not consider PCSecurityChannel videos as real tests, but rather as "educational videos" (the term used by the author of PCSecurityChannel videos). Unfortunately, the term "test" has a broad meaning, so people often disagree about the usefulness of "video tests."
They are interesting while having my morning coffee, & an improvement on look at at international news as most things are
You may also like...
-
-
Kaspersky Premium vs McAfee Advanced
- Started by Shadowra
- Replies: 87
-
Comparative Entreprise AV : CrowdStrike - Cynet - SentinelOne - Trend Micro Apex
- Started by Shadowra
- Replies: 21
-
-
McAfee Internet Security 1 device - 1 year € 7, 52- Started by Brownie2019
- Replies: 1