Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Qihoo Total Security- An initial test
Message
<blockquote data-quote="cruelsister" data-source="post: 555297" data-attributes="member: 7463"><p>Shmu- I've actually done just some minor work with the HIPS module as I never have it active (the terminate and reverse functionality is admittedly pretty nifty). Although I'll include this in a Qihoo +CF video that I hope I have time to do, I hope you will please accept a text report of CF's protection (no HIPS):</p><p></p><p>I just ran a Locky wsf file- something the maladvertisers love- on execution (and this is at Partially Limited sandbox level) wscrpt.exe is immediately sandboxed. When this process tries to connect to command to get the payload you will get a firewall warning (unless to have checked the Block access when using Firewall safe mode- then it will just die there). But if you will allow network access and and let the payload to be downloaded and run, the payload as well as any malware dll's and bat files to maintain persistence will also be sandboxed. Yes, at Partially Limited you will see the ransom messages- but who cares? Clean the box (or reboot) and they also die. The only residual system change would be the desktop background changed to solid black. Easy enough to change back to what it was, though.</p><p></p><p>Using the Untrusted setting will kill the entire process at inception, by the way.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 555297, member: 7463"] Shmu- I've actually done just some minor work with the HIPS module as I never have it active (the terminate and reverse functionality is admittedly pretty nifty). Although I'll include this in a Qihoo +CF video that I hope I have time to do, I hope you will please accept a text report of CF's protection (no HIPS): I just ran a Locky wsf file- something the maladvertisers love- on execution (and this is at Partially Limited sandbox level) wscrpt.exe is immediately sandboxed. When this process tries to connect to command to get the payload you will get a firewall warning (unless to have checked the Block access when using Firewall safe mode- then it will just die there). But if you will allow network access and and let the payload to be downloaded and run, the payload as well as any malware dll's and bat files to maintain persistence will also be sandboxed. Yes, at Partially Limited you will see the ransom messages- but who cares? Clean the box (or reboot) and they also die. The only residual system change would be the desktop background changed to solid black. Easy enough to change back to what it was, though. Using the Untrusted setting will kill the entire process at inception, by the way. [/QUOTE]
Insert quotes…
Verification
Post reply
Top