notabot

Level 15
This is fairly old news, a month ago MRG Effitas included Sophos Intercept X in their tests


Sophos did pretty well , I found the fileless section interesting in that report and also the financial malware section as its BB seemed to do very well there, while Defender did poorly ( on default settings though ).

If I recall, excluding cooperation with the Sophos firewall device which is not used in the tests anyhow, SHP is meant to be fully equivalent to Intercept X.
 

SeriousHoax

Level 13
Verified
Malware Tester
About Windows Defender, at first I thought the same too but someone pointed me out that the Fileless test is the only test which is done in Window 7. So the thing is, Windows 7 doesn't even have Windows Defender. How did they test then? Did they test Microsoft Security Essential instead? If so then that's not a fair test at all.
 

blackice

Level 13
Verified
About Windows Defender, at first I thought the same too but someone pointed me out that the Fileless test is the only test which is done in Window 7. So the thing is, Windows 7 doesn't even have Windows Defender. How did they test then? Did they test Microsoft Security Essential instead? If so then that's not a fair test at all.
That's a very good question. I think if it was in Window 10 the results may look a bit different.
 

notabot

Level 15
About Windows Defender, at first I thought the same too but someone pointed me out that the Fileless test is the only test which is done in Window 7. So the thing is, Windows 7 doesn't even have Windows Defender. How did they test then? Did they test Microsoft Security Essential instead? If so then that's not a fair test at all.
Good spot !

I looked at their exploit protection https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG_Exploit_Protection.pdf and there they say where they use W10 vs W7 in detail.

if the exploit test is to be taken seriously (no clue if this is or is-not the case), it looks like Sophos is the only suite with good exploit protection, probably due to HMP.A .
 

SeriousHoax

Level 13
Verified
Malware Tester
Good spot !

I looked at their exploit protection https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG_Exploit_Protection.pdf and there they say where they use W10 vs W7 in detail.

if the exploit test is to be taken seriously (no clue if this is or is-not the case), it looks like Sophos is the only suite with good exploit protection, probably due to HMP.A .
In the methodology section they said they used Windows 7 virtual machine. For test case 1 & 6 they wrote about the os being Windows 7 but other samples they haven't written anything about the os. But at the bottom they wrote Windows 10/7. So, it's very confusing.
Anyway, yes Sophos did an impressive job here. Everything were blocked by their exploit protection, no signatures were needed. Same for Bitdefender.
 

Nightwalker

Level 18
Verified
Content Creator
About Windows Defender, at first I thought the same too but someone pointed me out that the Fileless test is the only test which is done in Window 7. So the thing is, Windows 7 doesn't even have Windows Defender. How did they test then? Did they test Microsoft Security Essential instead? If so then that's not a fair test at all.
So true and there is no AMSI support in Windows 7, a feature that is a game changer against fileless malware.

 

notabot

Level 15
So true and there is no AMSI support in Windows 7, a feature that is a game changer against fileless malware.

AMSI is a good point, I’m not sure if SHP supports AMSI, last year it didn’t
 
  • Like
Reactions: oldschool

notabot

Level 15
The article below is quite older (2017), when most vendors didn't yet support AMSI,


HMP.A did well with powershell malware, still, it's 2019 now and I'd like to see SHP support AMSI to be able to take the product seriously.

Overall though I'd say participating in reviews is a positive step as are the good results, as next steps I'd like to see it participate in the German and Austrian testing as well and add AMSI support too, this product has potential but it needs to implement a long roadmap before it can be a serious contender
 
  • Like
Reactions: oldschool