- Sep 2, 2021
- 2,586
Real World, Evasive Malware and Performance Test by Trident
- Thread starter Trident
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Feb 1, 2013
- 970
What exactly happened with Norton IPS detection that they were a miss anyway?
- Feb 7, 2023
- 2,349
Norton had multiple misses. Even though the redline stealer was blocked from communicating by inspecting the packets, there was another miss as well and the system was still infected. This malware is highly evasive though, it’s cherry-picked to be difficult.
- Feb 1, 2013
- 970
So, protection wise only, was it better at those evasive malwares than kaspersky & fsecure?
Congratulations for the test and your choices by the way
- Feb 25, 2017
- 2,585
Any chance of you adding Microsoft Defender at Agressive level with DefenderUI? @Trident
- Nov 9, 2022
- 602
- Feb 7, 2023
- 2,349
At that point it should not be tested, because as soon as you disable ZoneAlarm real time protection (which malware did but then the system rebooted with BSOD and my recording was gone) Microsoft Defender turns on and it asked me to send some files, which I did. So this malware now may be known to Microsoft. Some malware has managed to render it useless later on. There was a java archive in the Microsoft Defender folder. It will have unfair advantage over others.
- Feb 25, 2017
- 2,585
Understandable. Thank you anyway for the effort
- Feb 7, 2023
- 2,349
Unfortunately all three left the system compromised. Norton had more misses on this occasion than F-secure and Kaspersky and I did not tweak Application Control here, all products are tested with their default settings. Because the samples were not many (I could've done a large pack but that would not be evasive, it will be packed with well known malware), there is no point to count hits and misses. Rather it is a pass and fail situation. Apart from Bitdefender, they all failed. Needles to say is that users absolutely do not need the Java platform. Users can install it and block the Javaw.exe execution. Not installing it at all is not protection, as malware can easily download it and launch the installer with an /s argument (silent).
To be honest, they all did better than I expected them to do on this test.
Last edited:
- Feb 1, 2013
- 970
Really nasty malware. It seems strange to me that at defaults, Bitdefender is the only one from those big players who managed to nail it.
- Feb 1, 2013
- 970
Another interesting perspective would be the answer to this: Who warned the user better about malware that it could not remove at all?
I think such information is crucial to the user, as such malware often makes someone use extra tools for removal, or even formatting the disk.
At last, a less infected system with a silent AV seems worse that a more infected system with an AV that has warned about heavy threats present, no matter how well it removed it.
I think such information is crucial to the user, as such malware often makes someone use extra tools for removal, or even formatting the disk.
At last, a less infected system with a silent AV seems worse that a more infected system with an AV that has warned about heavy threats present, no matter how well it removed it.
- Feb 7, 2023
- 2,349
Well Norton advised that Power Eraser should be ran. Power Eraser was capable of cleaning the system (almost).
- Dec 23, 2014
- 8,510
Hi,
Thanks for the video. Can you repeat this test a few times in the next few months (the same AVs)? It would be interesting to see if the results are consistent over time. In such tests, there is usually a big random factor.
Thanks for the video. Can you repeat this test a few times in the next few months (the same AVs)? It would be interesting to see if the results are consistent over time. In such tests, there is usually a big random factor.
- Feb 7, 2023
- 2,349
I sure can. In the future, I can collaborate maybe with @SeriousHoax, @Shadowra and anyone else willing. I will do the malware hunting and we can test together.Hi,
Thanks for the video. Can you repeat this test a few times in the next few months (the same AVs)? It would be interesting to see if the results are consistent over time. In such tests, there is usually a big random factor.
- Sep 2, 2021
- 2,586
I just reproduced the test with F-Secure (thanks @Trident for the pack )
The malware tried to escape, but this time DeepGuard blocked a lot.
But the machine ends up infected (remaining JS script and Java running)
)The malware tried to escape, but this time DeepGuard blocked a lot.
But the machine ends up infected (remaining JS script and Java running)
- Feb 7, 2023
- 2,349
It blocked a lot on my test as well. It blocked everything (including on the desktop there was one script which I downloaded from a link in the real world protection test on purpose). But the java malware was a miss and wscript was running.I just reproduced the test with F-Secure (thanks @Trident for the pack
The malware tried to escape, but this time DeepGuard blocked a lot.
But the machine ends up infected (remaining JS script and Java running)
View attachment 274086
View attachment 274087
DeepGuard unfortunately doesn’t delete, it just blocks.
Last edited:
- Sep 2, 2021
- 2,586
- Feb 7, 2023
- 2,349
- Jan 13, 2019
- 204
Can you add Emsisoft Antimalware to your test above?
- Feb 7, 2023
- 2,349
I am going out and by the time I come back this pack will already be old. I collected everything yesterday between 2 and 3 PM. Maybe @Shadowra can test Emsi and we’ll see the scoring.
C:/Program Files
C:/Program Files (x86)
C:/Program Files/Common Files
C:/ProgramData
Need to be examined to determine the size on disk.
They usually write in the Users directory as well, but not that much information.
The RAM usage can be seen in task manager as well.
If it’s an online installer, does it install the latest version of the software or does it download program update?
Does it bombard with notifications?
It uses Bitdefender engine, so I would imagine everything will be detected.
Similar threads
