Well I spent some time with it. Dan they have you beat with pretty, but in terms of performance, it's bad. No threat here. I'll write up detail tomorrow.
Thank you Pete for your insight.
BTW, it looks like VS was bypassed!!!!!!
Current state of malicious Powershell script blocking
Ooops. Nope, it wasn't. Another false alarm from the testing squad... so the squad's false alarm rate remains at 100%.
Here is why it is not a bypass...
The attacker must be able to automatically run the command prompt or macro... then it will be a bypass.
The problem is that VS is going to block the command prompt or the macro long before the attacker has a chance to run their command line.
Think of it this way... if the user opens a command prompt (which VS allows command prompts if the user launched it), and runs the format d: command, VS will not block that either.
If I am missing something, please let me know.
BTW, White Cipher is just a silly "alter-ego" I came up with in reaction to Black Cipher's youtube videos .
Seventh Knight said:
- Built on a patented “whitelisting” engine originally designed for the U.S. Defense DepartmentShow me the US patent numbers (like VoodooShield has) and show me the US Army awards (like AppGuard has ), then show me the money (show that SeventhKnight blocks malware where VS and AG fail with tests we can reproduce/fact check)
@danb: cool to come over here, I guess you missed me
By the way the marketing of Seventh Knight is called VoodooMarketing. VoodooMarketing is named after Voodoo Economics which was build on President Ronald Reagan's promise to cut tax and increase deregulation and the free market powers would restore the eonomy by themselves. Despite the negative annotation Reagan's supply side policies actually worked and the economy and employment recovered based on higher consumer trust and spendings (less tax) and business initiatives and investments (deregulation).
@Peter2150: The idea of VoodooMarketing is that consumers believe those bold big statements, you are not supposed to check them
its called default deny by comodo and its block my newer office program like powerpoint and word. so sad.