MRG Effitas MRG Effitas 360 Degree Assessment & Certification Q4 2020

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

James246

Level 1
Jan 19, 2018
42
198
Could you give us the source of the above information? I still doubt that these features are fully implemented.
I also noticed that the Nebula Console has the ability to change the Malwarebytes Policies and can load several profiles. Although one test means nothing, the Malwarebytes Endpoint Protection got perfect scoring in MRG Effitas which is in clear contradiction with many other tests for MB.
As you know Defender free has got also the core technology of the full product. Simply some features cannot be configured from Security Center and some are available only via Enterprise Licences.
So using the Katana engine in MB and in Endpoint Protection can be different.
I am also interested in knowing if there are any differences in the core technology of the Malwarebytes - persona;;y I suspect there isn't - perhaps this result is a one off anomaly.
 

Nightwalker

Level 22
Verified
Trusted
Content Creator
May 26, 2014
1,189
7,899
Could you give us the source of the above information? I still doubt that these features are fully implemented.
I also noticed that the Nebula Console has the ability to change the Malwarebytes Policies and can load several profiles. Although one test means nothing, the Malwarebytes Endpoint Protection got perfect scoring in MRG Effitas which is in clear contradiction with many other tests for MB.
As you know Defender free has got also the core technology of the full product. Simply some features cannot be configured from Security Center and some are available only via Enterprise Licences.
So using the Katana engine in MB and in Endpoint Protection can be different.

The source is the blog, the official forum with years and years of changelogs of the beta + release versions and the Staff comments, so if one is actually involved with it can see clearly how their technology is implemented; they still keep beta versions of standalone modules like Anti Exploit and Anti Ransomware just to port the technology for Malwarebytes Premium and them for the Endpoint Protection.

Example:


All the protection features are ported from those standalone betas modules to Malwarebytes Premium (consumer) and them the stable release of Malwarebytes Premium becomes the Endpoint Protection.

https://www.malwarebytes.com/pdf/guides/MBAEBGuide.pdf (take a look of this old Malwarebytes Anti Exploit features)

There is no tweak or downgrade of those technologies while ported to Malwarebytes Premium, in the same sense there is no "upgrade" or more advanced features in the enterprise versions, save for the Response Module and the cloud management.

Your argument about those features being not fully implemented in the consumer version is just a speculation, I dont want to search for literally years of posts, so if you dont believe in my word and my experience with their products you can just ask in their forums.

Their technology:
Why Choose Malwarebytes | Malwarebytes

Capturar.PNG


TLDR: Malwarebytes Endpoint Protection is Malwarebytes Premium + Console
 
Last edited:

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,276
42,813
...
Your argument about those features being not fully implemented in the consumer version is just a speculation, I dont want to search for literally years of posts, so if you dont believe in my word and my experience with their products you can just ask in their forums.
I do not say that you must be wrong. Anyway, there is a reasonable doubt, because several vendors do it. But my primary hesitation is related to the disproportion in MB scorings between the MRG Effitas test and other tests. Something like a comparison of features between different MB versions would help, but I could not find any.:(

By the way, Nebula uses cloud sandbox to investigate unknown threats. Does MB use this feature?
 
Last edited:

Nightwalker

Level 22
Verified
Trusted
Content Creator
May 26, 2014
1,189
7,899
It is reasonable doubt, because several vendors do it. By the way, Nebula uses cloud sandbox investigations for unknown threats. Does MB use this feature?

Not applicable in this test, this feature is for malware remediation, not prevention and this isnt the scope of the test and that wasnt the product that was tested.


Here the difference:
Malwarebytes Endpoint Protection for Business (the product that was actually tested)
Malwarebytes Endpoint Detection and Response for Business (The endpoint protection plus "Response" module).
 

Reiner

Level 2
Jan 26, 2021
74
405
Guys, don't take this test as an absolute truth, it's just a test like those of AV TEST, AV-Comparatives and etc, all questionable, and always.. always take it like a grain of salt, If there’s anything we can trust, it’s on the site’s hub
 

blackice

Level 33
Verified
Apr 1, 2019
2,211
12,987
Guys, don't take this test as an absolute truth, it's just a test like those of AV TEST, AV-Comparatives and etc, all questionable, and always.. always take it like a grain of salt, If there’s anything we can trust, it’s on the site’s hub
Maybe we need to ask @harlan4096 kindly to test Malwarebytes Premium (I can help with a license if necessary) next.
 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,276
42,813

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,276
42,813
Guys, don't take this test as an absolute truth, it's just a test like those of AV TEST, AV-Comparatives and etc, all questionable, and always.. always take it like a grain of salt, If there’s anything we can trust, it’s on the site’s hub
You are talking to guys who are already very suspicious::)

Simply, such a perfect result in many different categories would not be especially probable for MB Premium even in a single test.
 
Last edited:

Nightwalker

Level 22
Verified
Trusted
Content Creator
May 26, 2014
1,189
7,899
@Andy Ful

Malwarebytes staff finally answered you.

 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,276
42,813
Last edited:

James246

Level 1
Jan 19, 2018
42
198
@AlexSmith (Technical Product Manager) answered:

"Outside of the Nebula platform specific features, Malwarebytes Endpoint Protection is the technical equivalent to Malwarebytes Premium."

I have invited him to post here about MB protection.
https://forums.malwarebytes.com/topic/271328-mb-version-differences/?do=findComment&comment=1442775
So either Malwarebytes has made some kind of breakthrough or the result is a one off ( the latter is probably more likely though the former would be preferred )
 

pbust

Level 1
Sep 4, 2012
26
26
Hi, was pointed to this post. Pedro Bustamante here, head of research and innovation at malwarebytes... excuse the old Panda icon :)

I can confirm both the MB4core and corporate EP core detection is exactly the same. We do have a separate EDR business product that includes a few more cloud-based detection technologies, but that was not tested at MRG. The bad performance rating was a config error on our part as we provisioned EDR instead of EP (even though the EDR detections don't count for points in the MRG test). In the next test you'll see the real performance impact comparative.

In terms of participating and focusing on 3rd party tests, we made the decision about a year ago to focus on improving in these tests. The launch of Katana by incorporating a few more static (sig and heuristic) and dynamic (runtime sandbox) engine layers has helped bridge the historic gap. During the process we found and fixed bugs as well as created new protection and detection capabilities for existing engine layers, so the exercise to adapt to testing was valuable. We signed up for AV-Comparatives (for both MB4 and Malwarebytes EP) and also AV-Test business tests. You will start seeing Malwarebytes for the first time ever in these tests soon.
 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,276
42,813
We signed up for AV-Comparatives (for both MB4 and Malwarebytes EP) and also AV-Test business tests. You will start seeing Malwarebytes for the first time ever in these tests soon.
I wish that the results will be as perfect as in the MRG Effitas test.:)(y)
I noticed that in the Exploit/Fileless test all the samples were detected by signatures. Does MB4 use also a kind of Attack Surface Reduction rules to fight non-PE files?
 

pbust

Level 1
Sep 4, 2012
26
26
We don't get to see the details of the testcases which were blocked, only the misses. So it was hard to distinguish what qualifies as signature vs behavior block.In the case of Malwarebytes, our anti-exploit's application behavior protection technology (we call it mbae layer3), is like a beefed up Attack Surface Reduction that protects against both PE and non-PE payloads. I am guessing that those exploits/fileless were blocked by MBAE's layer3, but they do show as signature for some odd reason.
 

Andy Ful

Level 73
Verified
Trusted
Developer
Dec 23, 2014
6,276
42,813
From the report, it follows that MRG Effitas count signature blocks in Exploit / Fileless test as follows:

"The test case is marked as “Signature Block” if the security application blocks the URL (infected URL, exploit kit URL, redirection URL, malware URL) by the URL database (local or cloud)."

So maybe MB could recognize by URLs the exploit kits used in the test (Koadic, Empire, Metasploit).
 
Last edited:
Top