This is the sample:
MalwareBazaar | Checking your browser
The file is not found on VT as of yet (copy pasted the hash).
McAfee: how bad is the worst antivirus?
- Thread starter Khushal
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
The file is not found on VT as of yet (copy pasted the hash).
Did you see more in my image through the hash? lolThis is the sample:
MalwareBazaar | Checking your browser
bazaar.abuse.ch
I pressed CTRL + F on the bazar page and typed few letters of the hash hahaDid you see more in my image through the hash? lol
This is the VT report.
Seems like Trend Micro has a rule in the pattern.
missed by Avast and B.
Are you referring to scanning the sample file through VT?
Yap. Remcos Backdoor is the signature name and it's not generic.I pressed CTRL + F on the bazar page and typed few letters of the hash haha
This is the VT report.
Seems like Trend Micro has a rule in the pattern.
This file is fairly new dated July 14.
Results show some AV are still catching up on heuristics but soon that will change to official names.
It's like I said in my comment, you pick things up quickly. While the tram is still moving, you've already been back for a long time. Some people can't grasp that, if you know what I mean. I'm not being annoying, there are things right in front of us that sometimes people don't notice.Yep
I believe that if it were executed, they detected it by behavior.
They will catch up soon now that the samples are in VT. Once shared in VT, all those AV vendors get a sample copy.
I updated the report and Avast appeared now. Trend Micro detections with names are sometimes hash-based, they recently got patents on better threat correlation through clustering and calculations of N-grams. Only a test can confirm. Their detections have become much better named lately.
Nevertheless, it is detected.
Probably yes; however, I prefer to rely on pre-execution detection; post-execution detection is more risky, and ultimately need to reinstall Windows as not everytime I can revert changes to registry, scheduled tasks, and others.
B is still in BedB is still sleeping
I wonder what B is doing with the largest size of signatures I have ever seen than ruining SSD!
Yes, no problem. Of course, since it's not a VM or a dedicated test machine like @Trident has, it's better not to take any chances. Plus, K would block it because of application control and system inspector. Since it's an unknown file, without a signature, downloaded from the internet, K would probably put it in High Restriction and block its execution. This is a backdoor. If it tried to change something on your system, K would block it, shut down the process, and revert it, causing no damage to your machine. That's in the paid version of K. I don't know if the free version has application control and system inspector. Although no AV is perfect, I've never seen K fail in the paid versions, even with 0-day attacks.
Bitdefender together with it's babies that use BD Engine ( Emsisoft, arcabit, vipre etc) are lagging behind.
This is where having your own labs and support is important. You can deploy and act fast unlike relying with 3rd party.
This is where having your own labs and support is important. You can deploy and act fast unlike relying with 3rd party.
You may also like...
-
-
Kaspersky Premium vs McAfee Advanced
- Started by Shadowra
- Replies: 87
-
Comparative Entreprise AV : CrowdStrike - Cynet - SentinelOne - Trend Micro Apex
- Started by Shadowra
- Replies: 21
-
-
McAfee Internet Security 1 device - 1 year € 7, 52- Started by Brownie2019
- Replies: 1