MRG Effitas Q2 and Sophos

N

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
This is fairly old news, a month ago MRG Effitas included Sophos Intercept X in their tests


Sophos did pretty well , I found the fileless section interesting in that report and also the financial malware section as its BB seemed to do very well there, while Defender did poorly ( on default settings though ).

If I recall, excluding cooperation with the Sophos firewall device which is not used in the tests anyhow, SHP is meant to be fully equivalent to Intercept X.
 
  • Like
Reactions: oldschool, upnorth, Venustus and 3 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
About Windows Defender, at first I thought the same too but someone pointed me out that the Fileless test is the only test which is done in Window 7. So the thing is, Windows 7 doesn't even have Windows Defender. How did they test then? Did they test Microsoft Security Essential instead? If so then that's not a fair test at all.
 
  • Like
  • Applause
  • HaHa
Reactions: oldschool, upnorth, bribon77 and 7 others
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
SeriousHoax said:
About Windows Defender, at first I thought the same too but someone pointed me out that the Fileless test is the only test which is done in Window 7. So the thing is, Windows 7 doesn't even have Windows Defender. How did they test then? Did they test Microsoft Security Essential instead? If so then that's not a fair test at all.
Click to expand...
That's a very good question. I think if it was in Window 10 the results may look a bit different.
 
  • Like
Reactions: oldschool, plat, Venustus and 2 others
N

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
SeriousHoax said:
About Windows Defender, at first I thought the same too but someone pointed me out that the Fileless test is the only test which is done in Window 7. So the thing is, Windows 7 doesn't even have Windows Defender. How did they test then? Did they test Microsoft Security Essential instead? If so then that's not a fair test at all.
Click to expand...

Good spot !

I looked at their exploit protection https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG_Exploit_Protection.pdf and there they say where they use W10 vs W7 in detail.

if the exploit test is to be taken seriously (no clue if this is or is-not the case), it looks like Sophos is the only suite with good exploit protection, probably due to HMP.A .
 
  • Like
Reactions: oldschool, upnorth, bribon77 and 3 others
SeriousHoax

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,862
notabot said:
Good spot !

I looked at their exploit protection https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG_Exploit_Protection.pdf and there they say where they use W10 vs W7 in detail.

if the exploit test is to be taken seriously (no clue if this is or is-not the case), it looks like Sophos is the only suite with good exploit protection, probably due to HMP.A .
Click to expand...
In the methodology section they said they used Windows 7 virtual machine. For test case 1 & 6 they wrote about the os being Windows 7 but other samples they haven't written anything about the os. But at the bottom they wrote Windows 10/7. So, it's very confusing.
Anyway, yes Sophos did an impressive job here. Everything were blocked by their exploit protection, no signatures were needed. Same for Bitdefender.
 
  • Like
Reactions: oldschool, upnorth, bribon77 and 4 others
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
SeriousHoax said:
About Windows Defender, at first I thought the same too but someone pointed me out that the Fileless test is the only test which is done in Window 7. So the thing is, Windows 7 doesn't even have Windows Defender. How did they test then? Did they test Microsoft Security Essential instead? If so then that's not a fair test at all.
Click to expand...

So true and there is no AMSI support in Windows 7, a feature that is a game changer against fileless malware.

www.microsoft.com

Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV | Microsoft Security Blog

Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.
www.microsoft.com www.microsoft.com
 
  • Like
  • +Reputation
Reactions: oldschool, notabot, SeriousHoax and 3 others
N

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Nightwalker said:
So true and there is no AMSI support in Windows 7, a feature that is a game changer against fileless malware.

www.microsoft.com

Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV | Microsoft Security Blog

Removing the need for files is the next progression of attacker techniques. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.
www.microsoft.com www.microsoft.com
Click to expand...

AMSI is a good point, I’m not sure if SHP supports AMSI, last year it didn’t
 
  • Like
Reactions: oldschool
N

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
The article below is quite older (2017), when most vendors didn't yet support AMSI,

www.mrg-effitas.com

Current state of malicious Powershell script blocking - MRG Effitas

The current state of malicious Powershell script blocking is bad, very bad. There is room for improvement … Only two […]
www.mrg-effitas.com www.mrg-effitas.com

HMP.A did well with powershell malware, still, it's 2019 now and I'd like to see SHP support AMSI to be able to take the product seriously.

Overall though I'd say participating in reviews is a positive step as are the good results, as next steps I'd like to see it participate in the German and Austrian testing as well and add AMSI support too, this product has potential but it needs to implement a long roadmap before it can be a serious contender
 
  • Like
Reactions: oldschool

Similar threads

Andy Ful
    • Like
MRG Effitas MRG Effitas 360 Degree Assessment & Certification Q2 2021
Replies
1
Views
1,520
Security Statistics and Reports
Andy Ful
Andy Ful
Andy Ful
    • Like
    • +Reputation
MRG Effitas MRG Effitas Assessment & Certification – Q2 2020
Replies
8
Views
2,460
Security Statistics and Reports
SeriousHoax
SeriousHoax
SeriousHoax
    • Like
MRG Effitas MRG Effitas 360 Degree Assessment & Certification – Q3 2020
Replies
15
Views
2,721
Security Statistics and Reports
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top