- Sep 2, 2021
- 2,630
I still have the malware archive and links though.
I take them with pleasure for analysis
I still have the malware archive and links though.
Norton had multiple misses. Even though the redline stealer was blocked from communicating by inspecting the packets, there was another miss as well and the system was still infected. This malware is highly evasive though, it’s cherry-picked to be difficult.What exactly happened with Norton IPS detection that they were a miss anyway?
So, protection wise only, was it better at those evasive malwares than kaspersky & fsecure?Norton had multiple misses. Even though the redline stealer was blocked from communicating by inspecting the packets, there was another miss as well and the system was still infected. This malware is highly evasive though, it’s cherry-picked to be difficult.
At that point it should not be tested, because as soon as you disable ZoneAlarm real time protection (which malware did but then the system rebooted with BSOD and my recording was gone) Microsoft Defender turns on and it asked me to send some files, which I did. So this malware now may be known to Microsoft. Some malware has managed to render it useless later on. There was a java archive in the Microsoft Defender folder. It will have unfair advantage over others.Any chance of you adding Microsoft Defender at Agressive level with DefenderUI? @Trident
Understandable. Thank you anyway for the effortAt that point it should not be tested, because as soon as you disable ZoneAlarm real time protection (which malware did but then the system rebooted with BSOD and my recording was gone) Microsoft Defender turns on and it asked me to send some files, which I did. So this malware now may be known to Microsoft. Some malware has managed to render it useless later on. There was a java archive in the Microsoft Defender folder.
Unfortunately all three left the system compromised. Norton had more misses on this occasion than F-secure and Kaspersky and I did not tweak Application Control here, all products are tested with their default settings. Because the samples were not many (I could've done a large pack but that would not be evasive, it will be packed with well known malware), there is no point to count hits and misses. Rather it is a pass and fail situation. Apart from Bitdefender, they all failed. Needles to say is that users absolutely do not need the Java platform. Users can install it and block the Javaw.exe execution. Not installing it at all is not protection, as malware can easily download it and launch the installer with an /s argument (silent).So, protection wise only, was it better at those evasive malwares than kaspersky & fsecure?
Congratulations for the test and your choices by the way
Really nasty malware. It seems strange to me that at defaults, Bitdefender is the only one from those big players who managed to nail it.Unfortunately all three left the system compromised. Norton had more misses on this occasion than F-secure and Kaspersky and I did not tweak Application Control here, all products are tested with their default settings. Because the samples were not many (I could've done a large pack but that would not be evasive, it will be packed with well known malware), there is no point to count hits and misses. Rather it is a pass and fail situation. Apart from Bitdefender, they all failed. Needles to say is that users absolutely do not need the Java platform. Users can install it and block the Javaw.exe execution. Not installing it at all is not protection, as malware can easily download it and launch the installer with an /s argument (silent).
To be honest, they all did better than I expected them to do on this test.
Well Norton advised that Power Eraser should be ran. Power Eraser was capable of cleaning the system (almost).Another interesting perspective would be the answer to this: Who warned the user better about malware that it could not remove at all?
I think such information is crucial to the user, as such malware often makes someone use extra tools for removal, or even formatting the disk.
At last, a less infected system with a silent AV seems worse that a more infected system with an AV that has warned about heavy threats present, no matter how well it removed it.
I sure can. In the future, I can collaborate maybe with @SeriousHoax, @Shadowra and anyone else willing. I will do the malware hunting and we can test together.Hi,
Thanks for the video. Can you repeat this test a few times in the next few months (the same AVs)? It would be interesting to see if the results are consistent over time. In such tests, there is usually a big random factor.
It blocked a lot on my test as well. It blocked everything (including on the desktop there was one script which I downloaded from a link in the real world protection test on purpose). But the java malware was a miss and wscript was running.I just reproduced the test with F-Secure (thanks @Trident for the pack )
The malware tried to escape, but this time DeepGuard blocked a lot.
But the machine ends up infected (remaining JS script and Java running)
View attachment 274086
View attachment 274087
It blocked a lot on my test as well. It blocked everything (including on the desktop there was one script which I downloaded from a link in the real world protection test on purpose). But the java malware was a miss and wscript was running.
DeepGuard unfortunately doesn’t delete, it just blocks.
Not sure about them, I didn’t test them.And Emsisoft ?
Can you add Emsisoft Antimalware to your test above?Not sure about them, I didn’t test them.
I am going out and by the time I come back this pack will already be old. I collected everything yesterday between 2 and 3 PM. Maybe @Shadowra can test Emsi and we’ll see the scoring.Can you add Emsisoft Antimalware to your test above?