App Review Microsoft Defender vs a ransomware Scriptor

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Ophelia

EASTER

Level 4
Verified
Well-known
May 9, 2017
159
This little scriptor test and it's classic failure of CFA is given me renewed hope that now i must have to see how if Secure Folders also will fare. I can manufacture a same similar script from bits and pieces and try. As everyone know Secure Folders (driver enforced) is long abandoned by Promosoft who invented it then left it out there on servers for anyone who might find it useful. SF uses ACL's mods/permission restrictions etc and quite frankly if it proves stronger on sciptors in folders/files protected by SF (haven't crossed my mind to try that-Thanks CS) then it's a very poor showing WD is exposing it's user's/customer's and itself to. Side Note: SF is protected my malware zoo collection for years and is still maximum caged those bugs.

Another neat video BTW. Always intriguing.
 

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
I don't know what I do wrong to always get ignored by her if I ask something
Oh God! I beg your pardon (truly)! I actually did employ Configure Defender, DefenderUI as well as UAC prior to releasing the video. I didn't include this as the results were the same as in the previous Defender videos where they failed to prevent the malicious cascade. Also adding them would mean that I couldn't use Jolie Blonde as the background track.

Once again, my apologies (don't hate me, I'm sensitive!).

m
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
I actually did employ Configure Defender, DefenderUI as well as UAC prior to releasing the video.
Interesting, because @Shadowra had Automatic Sample Submission=Send, and Cloud Protection Level=Highest, and the script was blocked until she encrypted it to avoid its detection.

In your previous Magniber test video you had these settings at: Send & Block respectively, yet the script launched. Did you somehow modify to avoid detection?

Thanks again!
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,598
It would be interesting to test the new Magniber against Defender with enabled ASR rules and also against Comodo. The new samples use obfuscated JavaScript/VBScript files, so they can be used to test some ASR rules related to scripts. This attack is fileless, so Comodo can have a problem with containing the attack, except when wscript.exe is added to untrusted executables. Anyway, Comodo has some anti-script protection that is independent of auto-sandbox, so there are some chances that the attack will be blocked.
https://malwaretips.com/threads/mag...ers-via-javascript-files.117780/#post-1007487
https://threatresearch.ext.hp.com/m...geting-home-users-with-fake-software-updates/
 
Last edited:

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
It would be interesting to test the new Magniber against Defender with enabled ASR rules and also against Comodo
The test of Defender vs the "new" Magniber script was published when they first appeared the last week of September on my channel (with both Controlled Folders and ASR rules in place). A few Magniberr java files recently were released, but sadly Microsoft has been on their game and quickly had definitions against them.

Although I was quite disappointed by these detection's, I did a couple of days ago post a video of Defender (also with ASR and controlled folders enabled) against a freshly coded JAR ransomware that had NOT been released in the wild (so zero detection by Defender). I didn't bother to post it on MT as I'm certain folk are rather bored by the same old thing (but it is the most current thingie on my channel on the off-chance anyone is interested).

As for Comodo, it contains all these ransom scriptors without any effort. If it did not even people in Zakopane would hear my wailing.

m
 
Last edited:

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,788
The test of Defender vs the "new" Magniber script was published when they first appeared the last week of September on my channel (with both Controlled Folders and ASR rules in place). A few Magniberr java files recently were released, but sadly Microsoft has been on their game and quickly had definitions against them.

Although I was quite disappointed by these detection's, I did a couple of days ago post a video of Defender (also with ASR and controlled folders enabled) against a freshly coded JAR ransomware that had NOT been released in the wild (so zero detection by Defender). I didn't bother to post it on MT as I'm certain folk are rather bored by the same old thing (but it is the most current thingie on my channel on the off-chance anyone is interested).

As for Comodo, it contains all these ransom scriptors without any effort. If it did not even people in Zakopane would hear my wailing.

m
please remind some of us (me) where to find your channel, I've been away for nearly 2 years, many brain cells have died.
 
  • Like
Reactions: franz

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top