Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
7,594
McAfee TP - January 2022 Report
Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.
__

System Status Abbreviations
:

P : Protected
NC : Not Clean
I : Infected
E : Encrypted

* : Partially Blocked
* : BB Dynamic Bonus Test (only Behavior Blocker module running)

Second Opinion Scanners Status Abbreviations:

C : Clean
I : Infected

Additional Abbreviations:

WV : WiseVector StopX
HMP : HitManPro
NPE : Norton Power Eraser
EEK: EmsiSoft Emergency Kit
KVRT : Kaspersky Virus Removal Tool

BSR : Before System Reboot
ASR : After System Reboot



January
2022​
Samples
Pack​
Static
Detection​
Dynamic
Detection​
Total
Detection​
System Files
Encrypted​
2nd Opinion
Scanners​
System
Final Status​
Thread
Link​
04/01/2022
3
2 / 3
1* / 1
2 + 1* / 3
No
C: WV HMP
I: NPE KVRT
BSR: I
ASR: NC
06/01/2022
2
0 / 2
0 / 2
0 / 2
No
C: WV HMP
I: NPE KVRT
BSR: I
ASR: I
13/01/2022
1
0 / 1
0 / 1
0 / 1
No
C: WV EEK
I: KVRT
BSR: I
ASR: I
15/01/2022
2
1 / 2
0 / 1
1 / 2
No
C: WV EEK
I: EEK NPE KVRT
BSR: I
ASR: I
18/01/2022
1
0 / 1
0 / 1
0 / 1
No
C
P
/01/2022
-
/
/
/
No Yes
C: WV EEK HMP NPE KVRT
I: WV EEK HMP NPE KVRT
P NC I
Post#​
/01/2022
-
/
/
/
No Yes
C: WV EEK HMP NPE KVRT
I: WV EEK HMP NPE KVRT
P NC I
Post#​
/01/2022
-
/
/
/
No Yes
C: WV EEK HMP NPE KVRT
I: WV EEK HMP NPE KVRT
P NC I
Post#​
 
Last edited:

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,560
Great choice @harlan4096 . Looking forward to the results. Last time McAfee was tested :

 

WiseVector

From WiseVector
Verified
Top poster
Developer
Well-known
Dec 14, 2018
543
I believe all in-memory threats being detected by KVRT can also be detected by WVSX with memory protection enabled.
WVSX's quick scan can only detect file-based threats but no in-memory threats.;)
 
Last edited:

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,560
I believe all in-memory threats being detected by KVRT can also be detected by WVSX with memory protection enabled.
WVSX's quick scan can only detect file-based threats but no in-memory threats.;)
This needs to be mentioned!

It's not only memory threats. WVSX have not been able to catch dropped payloads that other SOS tools/vendors have. I strongly recommend you check back a few on the latest tests and analyse them. But just as @harlan4096 clearly mentioned and personal I thought was crystal clear, he can not have also WVSX fully enabled when he obviously at the moment is testing McAfee. That's not how testing in the Hub works.
 

WiseVector

From WiseVector
Verified
Top poster
Developer
Well-known
Dec 14, 2018
543
It's not only memory threats. WVSX have not been able to catch dropped payloads that other SOS tools/vendors have.
That's true.
I said all in-memory threats (MEM:Trojan.Win32.SEPEH by KVRT) but not all threats can be detected .
I strongly recommend you check back a few on the latest tests and analyse them.
I'm a big fan of the tests. I read every post of them.
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
7,594
Thanks, in future tests, for Second Opinion Scanning, I will enable in WVSX -> Real-Time Deep Memory Inspection and Instruction Traces :)

Also, Second Opinion Scanning with WVSX, I don't run a Quick Scan (quite slow / time-consuming), but a Selective Scan over system folders:

C:\ProgramData\
C:\Users\

And sometimes some additional folders in C:\ created by malware during dynamic test :)
 

harlan4096

Moderator
Verified
Staff member
Malware Hunter
Well-known
Apr 28, 2015
7,594
But it's true that for some months since I changed from WVSX 2.73 to 3.x, WVSX in my tests, while SOS, it is getting fewer detections, probably because of a change in the internal structure of WVSX 🤔

Probably those 2 mentioned modules (disabled so far) may do the difference, We'll see :)
 
Top