McAfee TP IS - January 2022 Report

harlan4096

Super Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,924
McAfee TP - January 2022 Report
Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.
__

System Status Abbreviations
:

P : Protected
NC : Not Clean
I : Infected
E : Encrypted

* : Partially Blocked
* : BB Dynamic Bonus Test (only Behavior Blocker module running)

Second Opinion Scanners Status Abbreviations:

C : Clean
I : Infected

Additional Abbreviations:

WV : WiseVector StopX
HMP : HitManPro
NPE : Norton Power Eraser
EEK: EmsiSoft Emergency Kit
KVRT : Kaspersky Virus Removal Tool

BSR : Before System Reboot
ASR : After System Reboot



January
2022​
Samples
Pack​
Static
Detection​
Dynamic
Detection​
Total
Detection​
System Files
Encrypted​
2nd Opinion
Scanners​
System
Final Status​
Thread
Link​
04/01/2022
3
2 / 3
1* / 1
2 + 1* / 3
No
C: WV HMP
I: NPE KVRT
BSR: I
ASR: NC
06/01/2022
2
0 / 2
0 / 2
0 / 2
No
C: WV HMP
I: NPE KVRT
BSR: I
ASR: I
13/01/2022
1
0 / 1
0 / 1
0 / 1
No
C: WV EEK
I: KVRT
BSR: I
ASR: I
15/01/2022
2
1 / 2
0 / 1
1 / 2
No
C: WV EEK
I: EEK NPE KVRT
BSR: I
ASR: I
18/01/2022
1
0 / 1
0 / 1
0 / 1
No
C
P
21/01/2022
3
1 / 3
0 / 2
1 / 3
No
I
BSR: I
ASR: I
25/01/2022
4
3 / 4
1 / 1
4 / 4
No
C
NC
28/01/2022
2
1 / 2
1 / 1
2 / 2
No
C
P
31/01/2022
5
0 / 5
3 + 1* / 5
3 + 1* / 5
No
I
BSR: I
ASR: I
/01/2022
-
/
/
/
No Yes
C: WV EEK HMP NPE KVRT
I: WV EEK HMP NPE KVRT
P NC I
Post#​
 
Last edited:

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Great choice @harlan4096 . Looking forward to the results. Last time McAfee was tested :

 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
I believe all in-memory threats being detected by KVRT can also be detected by WVSX with memory protection enabled.
WVSX's quick scan can only detect file-based threats but no in-memory threats.;)
This needs to be mentioned!

It's not only memory threats. WVSX have not been able to catch dropped payloads that other SOS tools/vendors have. I strongly recommend you check back a few on the latest tests and analyse them. But just as @harlan4096 clearly mentioned and personal I thought was crystal clear, he can not have also WVSX fully enabled when he obviously at the moment is testing McAfee. That's not how testing in the Hub works.
 

WiseVector

From WiseVector
Verified
Top Poster
Developer
Well-known
Dec 14, 2018
643
It's not only memory threats. WVSX have not been able to catch dropped payloads that other SOS tools/vendors have.
That's true.
I said all in-memory threats (MEM:Trojan.Win32.SEPEH by KVRT) but not all threats can be detected .
I strongly recommend you check back a few on the latest tests and analyse them.
I'm a big fan of the tests. I read every post of them.
 

harlan4096

Super Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,924
Thanks, in future tests, for Second Opinion Scanning, I will enable in WVSX -> Real-Time Deep Memory Inspection and Instruction Traces :)

Also, Second Opinion Scanning with WVSX, I don't run a Quick Scan (quite slow / time-consuming), but a Selective Scan over system folders:

C:\ProgramData\
C:\Users\

And sometimes some additional folders in C:\ created by malware during dynamic test :)
 

harlan4096

Super Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,924
But it's true that for some months since I changed from WVSX 2.73 to 3.x, WVSX in my tests, while SOS, it is getting fewer detections, probably because of a change in the internal structure of WVSX 🤔

Probably those 2 mentioned modules (disabled so far) may do the difference, We'll see :)
 

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Last day today for McAfee in the Malware Hub, and personal I would say it looks pretty similar as previous test 2020. The developers has for sure some improvements that needs to be implemented, but hopefully some of the submissions help.

Big thanks @harlan4096 for another great test and well created thread! (y)

Disclaimer!
This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions. We encourage you to compare these results with others and take informed decisions on what security products to use. Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top