Qihoo 360 and Malwarebytes 3.1.2 vs. NonPetya
- Thread starter Evjl's Rain
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Feb 24, 2017
- 1,661
not surprised that malwarebytes failed the test, it's a laughing stock nowadays.
thanks for the videos, i still can't stand Qihoo's popups and weird stuff.
thanks for the videos, i still can't stand Qihoo's popups and weird stuff.
- Dec 27, 2016
- 1,480
Hey thanks @Evjl's Rain!
I suspect that Qihoo used offline definitions (or cached signatures in its case) while detecting the file on execution... it displays the same name it had for the static detection, with no more info.
If it was HIPS/BB intercepting the attack, there could have been a different alert informing about the action performed by the malware, though I may be wrong here.
I suspect that Qihoo used offline definitions (or cached signatures in its case) while detecting the file on execution... it displays the same name it had for the static detection, with no more info.
If it was HIPS/BB intercepting the attack, there could have been a different alert informing about the action performed by the malware, though I may be wrong here.
something I forgot to tell, after I disabled the internet connection, I scanned the file again, it was not detected. Then I made the video
I also suspect some kind of caching
- Jun 9, 2013
- 6,720
Not surprised here either not been a fan of MB since version 3.0 was released. Very mediocre to say the least.
- Jun 4, 2017
- 174
Thanks @Evjl's Rain!
This shows again that MB is perhaps a little bit overrated....
Regarding 360TS: even if the results are good, I can't warm myself for the look and feel, something doesn't feel right when testing it....
This shows again that MB is perhaps a little bit overrated....
Regarding 360TS: even if the results are good, I can't warm myself for the look and feel, something doesn't feel right when testing it....
- Jul 6, 2015
- 737
I have to agree there froggy, Malwarebytes team must be holding their heads in their hands at how dreadful their product has become.Not surprised here either not been a fan of MB since version 3.0 was released. Very mediocre to say the least.
Finding another on demand scanner thats good now a days is getting harder!
- Feb 24, 2017
- 1,661
Hitman Pro, Zemana, Norton Power Eraser(free), Herdprotect(beta)
all of these are miles better in detecting anything than Malwarebytes
- Dec 29, 2014
- 1,716
Maybe so. This one uses EB/DP to move. Maybe Qihoo found some reason to think someone might be working off line after leanning of the rpresence of NP so added sig.
- Dec 27, 2016
- 1,480
Though we cannot attribute a specific behavior with the detection, that attempt to exploit SMB via EB may be a possibility here.
There can be the enumeration of connected hosts - lookup and SMB copying, attempt of remote execution and what not among the possible interception(s) at different stages...the next and main trashing functionality aside.
- Jan 29, 2017
- 1,201
Actually not. They insist that these videos are not real world tests and that in the "real world" MBAM would protect the system. Of course MB never offers proof of any protection apart from just words.
Last edited:
avast blocked it by IDP
Imgur: The most awesome images on the Internet
but the question is: did they add the rule for nonpetya in IDP before or after the outbreak?
IDP relies on the internet to work and I saw many times that avast was bypassed but a few hours later, the same samples were blocked by IDP
- Apr 28, 2017
- 326
Qihoo is very impressive
But I don't agree with the MB bashing, they're still probably the best at PUP detection. And they certainly detect most common ransom ware.
But I don't agree with the MB bashing, they're still probably the best at PUP detection. And they certainly detect most common ransom ware.
detect by signatures, yes, but if the ransomwares are zero-day, MB won't be able to protect
there are much better free options out there, such as appcheck and ransomoff
signatures and heuristics are covered by AVs
Also I read the official statement from MB that its anti-exploit module CAN'T block eternalblue/doublepulsar exploit
for me, zemana has a slightly better PUP protection and everyone can get it for free
Last edited:
- Jun 9, 2017
- 158
Thanks for the test... MB is one of the worst AV!
- Dec 28, 2016
- 86
- May 8, 2017
- 536
Nice video, again Thanks @Evjl's Rain
Yeah, Malwarebytes will fail. Malwarebytes should not be used as a main av, use as a on-demand scanner only.
Thanks @Evjl's Rain Yeah, Malwarebytes will fail. Malwarebytes should not be used as a main av, use as a on-demand scanner only.
- Jul 6, 2017
- 271
It saddens me to see Malwarebytes performing that badly in latest tests; I've been a loyal customer for almost a decade, ever since it helped me to get rid of the only nasty infection I've ever had and every other thing i tried failed (and even though that happened a long long time ago, I still vividly remember the fear and panic I felt when that rogue crap popped up on my desktop ). It has been my favorite piece of security software for a long time.
To be honest, I don't know much about AV software testing methodology so I don't know what to make of their claims that even though they don't score high on tests, they perform well in real world situations.
). It has been my favorite piece of security software for a long time.To be honest, I don't know much about AV software testing methodology so I don't know what to make of their claims that even though they don't score high on tests, they perform well in real world situations.
it's because we, as home users, rarely get true zero-day malwares. We usually get a week or a few months old malwares so we are usually protected by AVsIt saddens me to see Malwarebytes performing that badly in latest tests; I've been a loyal customer for almost a decade, ever since it helped me to get rid of the only nasty infection I've ever had and every other thing i tried failed (and even though that happened a long long time ago, I still vividly remember the fear and panic I felt when that rogue crap popped up on my desktop
To be honest, I don't know much about AV software testing methodology so I don't know what to make of their claims that even though they don't score high on tests, they perform well in real world situations.
somebody told me that his company were protected by symantec endpoint protection but nonpetya infected many of the machines, although symantec/norton products have scored really well in MT hub tests + symantec can protect against eternalblue/doublepulsar exploit. not sure what happened
Similar threads
