AV-TEST Security vs. Ransomware: 34 Solutions in the Advanced Threat Protection Test

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

F

ForgottenSeer 95367

I will have to get back on this I have had all blocked except MS. But I am going to try them too just for the heck of it
Blocking these processes on the basis that they are Microsoft digitally signed will result in a "black screen system":
  • system (ntoskernel.exe)
  • smss.exe
  • winnit.exe
  • services.exe
  • csrss.exe
1661432896574.png


Whatever you are using to block processes might not apply its block rules early enough in the system boot sequence to quash processes such as smss.exe, csrss.exe and services.exe. (NOTE: winlogon.exe is not digitally signed). Consequently, a partially bootable system might still happen even if you are blocking critical Windows processes that are signed.

Additionally, if you test in a virtual machine, you might get unexpected results whereby system boots despite blocking critical Microsoft signed processes.

In your testing, you can try a single "catch-all" block rule that will block everything unsigned and unsigned:

block= *
 
Last edited by a moderator:

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,869
Not even in dreams I look at this rag that calls itself "Anti-Ransomware test" 😑

I take the example of GDATA which also has DeepRay, Beast and also other modules...what makes me laugh is that we have no information about the activated defenses...because if a malware is going to try to infect the system, it will automatically go into Beast and get stopped...
Same with FSecure and DeepGuard
I don't think there is any issue with this test. If there was a problem, then G-Data would dispute the result, and it would be corrected/mentioned by AV-Test in the report.
 
F

ForgottenSeer 95367

I don't think there is any issue with this test. If there was a problem, then G-Data would dispute the result, and it would be corrected/mentioned by AV-Test in the report.
There are those that are just in denial about G DATA. There's lots of AV test lab results that prove beyond any doubt or skepticism that G DATA has a troublesome performance and protection history.
 
  • Like
Reactions: franz and Shadowra

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
621
I will have to get back on this I have had all blocked except MS. But I am going to try them too just for the heck of it

Hopefully you have a recent full system image backup on hand. All it takes is blocking one or two critical processes and you will be facing what @Furyo mentioned above.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top