D

Deleted Member 3a5v73x

Panda is one of the best vs new .exe embedded malware. Knowledgable users don't run any unknown scripts without inspecting them first. For home users Panda Dome Free is perfectly enough paired with OSArmor/SysHardener.
 

Slyguy

Level 43
The results were interesting, the system was protected (no malware running) but was infected/"damaged" via many registry keys, and a couple of inactive exe files in \AppData\Local\Temp but blocked by "Application Control", my Final Status for this is "Protected - Not Clean", will publish the results soon, be a bit patient, now I want my eyes to get a bit of resting :geek:
Nice job.. So with the settings it was protected, but a few pieces of harmless dirt hanging around, some harmless registry keys and a useless EXE in temp. Not bad considering the brutality of that pack. I think it demonstrates that in general, PDA+SG would be exceptionally protective for most people without any adjunct technologies in place. If you added Syshardener it should close-gap enough even for the most reckless user.

I actually have Panda Dome Advanced w/SG settings deployed with family/friends to amazing success and it's dirt cheap off Ebay for unlimited devices. Panda signatures seem pretty slow but with the SG changes, it's sufficiently protective for family/friends stand alone.

Scripts are interesting to test, because most people will never run into them 'out there', but it's not impossible as my son demonstrated getting a script virus through F-Secure, then having it blocked by OSA. It can happen. That one file that sneaked past the AppControl+Datashield was likely the culprit for writing the registry keys that go nowhere since .REG was part of my protected extension in Datashield, no unknown program/file could write to registry.
 
Last edited:

Slyguy

Level 43
@Slyguy
So are you saying that PDA would benefit from adding OSA or SysHardener or that the benefits are going to be negligible?
PDA doesn't really need anything else if you run with the SG settings as shown in Harlan's test where it basically kept the system protected but not fully clean under severe duress. But it surely would benefit by executing Syshardener to prevent those scripts from running. IMO at least.
 

oldschool

Level 54
Verified
PDA doesn't really need anything else if you run with the SG settings as shown in Harlan's test where it basically kept the system protected but not fully clean under severe duress. But it surely would benefit by executing Syshardener to prevent those scripts from running. IMO at least.
Agree with you on SH. One could also use Hard_Configurator. I've found the latest version is pretty user-friendly, basically set and forget.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
Does anyone have the signed malware (AU3.exe) hybrid analysis link? I tried finding it from the topic list but failed.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
Yes, that sample bypassed AC, but after a while auto terminated, don't know if because is digitally signed?
Assuming i was linked the correct file it's not signed. Did i get the wrong one and if yes can you pm me the hybrid analysis link?

EDIT: Confirmed that the file I was linked the correct one and yes it's not signed in any way so panda fail is more weird.
 
Last edited:
Top