- Apr 5, 2021
- 621
Default settings. In most cases it means enabled cloud protection, if exist.
*EDIT*
Default settings > however we chose silent mode and/or move threat to quarantinne automatically without user confirmation.
Thank you, Adrian.
This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.
Default settings. In most cases it means enabled cloud protection, if exist.
*EDIT*
Default settings > however we chose silent mode and/or move threat to quarantinne automatically without user confirmation.
@Andy Ful
I like how you take the calm, cool, and reflective approach and ask the hard hitting questions that should to be asked, rather than than just blindly accepting the results as an unequivocal declaration
Clearly you do your homework.
The test case is marked as “Behaviour Blocked” if the security application blocks the malicious binary when it is executed and either automatically blocks it or postpones its execution and warns the user that the file is malicious and awaiting user input.
No, if you have meant SafeSearch:would it have made a difference if safe search was enabled or not on Chrome?
We can also gather the results of Avast and Avira for a similar number of samples in AVLab tests:
AVLab (about 18 000 samples in 13 tests, January 2020 - January 2022)
Avast+Avira ............... 0+1
would it have made a difference if safe search was enabled or not on Chrome?
I have got something diffrent information when it comes to fail result for Avira since 2020. For example:
January 2022> Recent Results - Advanced In The Wild Malware Test
10 samples missed by Avira.
November 2021: 33 missed by Avira: The November 2021 Results - Advanced In The Wild Malware Test
...
Additionally, the value to vendors is not only the results, but also the malware detection errors found. Thanks to that, almost every two months our tests fix something in the tested products. This makes you more secure.
...
The discussion keeps coming back from Andy every time then MD is tested. In his opinion the MD should not be tested on the default settings. In my opinion is completely different -> if a vendor is not willing or able to configure their antivirus better by default, let them not expect it from a normal user who is not technically literate. To compare several products with each other, you need to give them the same conditions. I don't want to repeat the same thing over and over again
I’m not singling out Andy here. When I was casually testing a few AVs behavior blockers I heard from many users who wanted their favorite AV’s settings changed….. particularly ESET which has a dizzying number of options and I’m honestly not convinced half of the Low/Normal/Aggressive switches do anything.The discussion keeps coming back from Andy every time then MD is tested. In his opinion the MD should not be tested on the default settings. In my opinion is completely different -> if a vendor is not willing or able to configure their antivirus better by default, let them not expect it from a normal user who is not technically literate. To compare several products with each other, you need to give them the same conditions. I don't want to repeat the same thing over and over again
Does the way that you download the samples allow them to receive the mark of the web?Hi, the SS technology is enabled in Chrome. Hovewer we do not download malware from their oroginal source, instead of this we use own DNS server to generate different domain for every malware samples, to bypass / cheat blacklist IPs/malware domain. Why? Because it's harder for AV that way to detect sample, and so we can somehow show malware downloads from the "0-day domain".
*EDIT*
I do not know how they did on AV-C / AV-T - malware downloading - because it is probably hidden in their methodology. I'm not sure, please correct me, if I'm wrong. I think one of these labs uses EDGE browser.
...
Additionally, the value to vendors is not only the results, but also the malware detection errors found. Thanks to that, almost every two months our tests fix something in the tested products. This makes you more secure.
...
The discussion keeps coming back from Andy every time then MD is tested. In his opinion the MD should not be tested on the default settings. In my opinion is completely different -> if a vendor is not willing or able to configure their antivirus better by default, let them not expect it from a normal user who is not technically literate. To compare several products with each other, you need to give them the same conditions. I don't want to repeat the same thing over and over again
@MacDefender @Andy FulDefender is interesting especially in the consumer case where the performance is so drastically different between the default settings and the tweaked ones, but when testing, I think every product should be tested in its standard configuration for many reasons. ...
Does the way that you download the samples allow them to receive the mark of the web?
@MacDefender @Andy Ful
We can test MD on 1. default settings and 2. the user settings - to compare both configuration. The next edition in May 2022 will be fine, therefore please contact me in April to discuss the configuration and help me with that.
Based on this screen shoot it should be disabled or disabled? There appear to be two conflicting pieces of information...
Additional, to be clear, the UAC is disabled as you can read our methodology to bypass the user prompt.
So, finally the MOTW marked is disabled, becasue the file proporties do not have the MOTW information - seems to be necessary to bypass a user prompt.
As far as I remember we implemented it, because it gives the same results as Powershell a Unblock-File / Remove-Item from PS command line to run file without a prompt:
No, I was mean MOTW isteed. The SS works only on EDGE / Internet Explorer browsers (and another too?), therefore it is unused, because we use a Chrome browser in our tests.You probably have meant SmartScreen for Explorer instead of UAC.
UAC ignores MOTW,
Does AVLab use it to unblock all the samples downloaded by Google Chrome?
Very much the same point of view of the Malware Hub on this forum. It's the same thing with macro prompts in office samples. We want the actual AntiVirus ( AV ) product to be tested as much as possible and see how it reacts, not every other single layer in a OS or in other extra added software. Otherwise a genuine AV test will risk become automatic skewed and less accurate and one should start another whole set of different type of tests, methodology etc if the AV itself ain't interesting.From a test point of view, it doesn't matter because the prompt has to be accepted to see what the malware is doing.
You seem to not see the difference between SmartScreen in the web browser (Edge, IE) and SmartScreen for Explorer (Windows File Explorer). These are different things. SmartScreen in Explorer works system-wide and it is independent of SmartScreen in Edge or IE. It was introduced in Windows 8. SmartScreen for Explorer is usually disabled when testing malware. As I said several times, this does not remove MOTW from files.No, I was mean MOTW isteed. The SS works only on EDGE / Internet Explorer browsers (and another too?), therefore it is unused, because we use a Chrome browser in our tests.
My point was that some malware requires UAC to be accepted to run, therefore the UAC it is permanently disabled. From a test point of view, it doesn't matter because the prompt has to be accepted to see what the malware is doing.
The files downloaded from Chrome do not contain MOTW information, so there is no need to remove "unblock".