Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
The Shadowra's Battlefield Antivirus 2021
Message
<blockquote data-quote="WiseVector" data-source="post: 968934" data-attributes="member: 76851"><p>Thanks for the test. This reminds us that we need to improve WVSX to fight phishing URLs.</p><p></p><p>Malware testing is never an easy task, especially for large volume samples as it involves two important questions,</p><p></p><p>(1. Are these samples indeed malicious or not?</p><p>(2. Are these malicious samples still functional?</p><p></p><p>The criteria for determining whether a software is malicious are not quite the same for each vendor, ESET eventually found 3 PUPs After testing WVSX, for the first PUP (slimware DriverUpdate) we had analyzed it manually and decided not to detect it. The second PUP is incodesolutions RemoveIT, it should be abandoned, we did not find the download address from their official website. For the third PUP all the information about it we can find on the Internet is six years old, if you can send the sample to us we will analysis it for conclusions. Also for corrupted files, WVSX does not detect them. I noticed in the video that Windows Defender detects corrupted files when you executed them, I can't understand this because corrupted files won't run and therefore cannot harm the system.</p><p></p><p>Malware often has a short life cycle, many of them will not produce malicious behavior after their CC servers die, and the CC servers are usually short-lived, so it is better for testers to use fresh samples to test AV, the fresher the better. During the testing process you can use a variety of tools to determine if the malware is still functional or not, such as Process Hacker, TCPVIEW, IDA, AutoRun, etc. For example, if malware always has 0 CPU usage means it may have been dormant because you don't meet the certain conditions, such as geographic location, software installed on the system, etc. If the malware's network connection gets stuck in SYN_SENT state, that probably means its CC servers are down. In our daily work, we also execute some fresh malware samples to test the effectiveness of WVSX, if the malware refuses to perform the malicious behavior, we will reverse engineer to determine what are the conditions needed to trigger it.</p><p></p><p>Based on this test video, I think there are a lot of corrupt, gray, and even legit files in there, so "Attack all" isn't really a good thing.</p></blockquote><p></p>
[QUOTE="WiseVector, post: 968934, member: 76851"] Thanks for the test. This reminds us that we need to improve WVSX to fight phishing URLs. Malware testing is never an easy task, especially for large volume samples as it involves two important questions, (1. Are these samples indeed malicious or not? (2. Are these malicious samples still functional? The criteria for determining whether a software is malicious are not quite the same for each vendor, ESET eventually found 3 PUPs After testing WVSX, for the first PUP (slimware DriverUpdate) we had analyzed it manually and decided not to detect it. The second PUP is incodesolutions RemoveIT, it should be abandoned, we did not find the download address from their official website. For the third PUP all the information about it we can find on the Internet is six years old, if you can send the sample to us we will analysis it for conclusions. Also for corrupted files, WVSX does not detect them. I noticed in the video that Windows Defender detects corrupted files when you executed them, I can't understand this because corrupted files won't run and therefore cannot harm the system. Malware often has a short life cycle, many of them will not produce malicious behavior after their CC servers die, and the CC servers are usually short-lived, so it is better for testers to use fresh samples to test AV, the fresher the better. During the testing process you can use a variety of tools to determine if the malware is still functional or not, such as Process Hacker, TCPVIEW, IDA, AutoRun, etc. For example, if malware always has 0 CPU usage means it may have been dormant because you don't meet the certain conditions, such as geographic location, software installed on the system, etc. If the malware's network connection gets stuck in SYN_SENT state, that probably means its CC servers are down. In our daily work, we also execute some fresh malware samples to test the effectiveness of WVSX, if the malware refuses to perform the malicious behavior, we will reverse engineer to determine what are the conditions needed to trigger it. Based on this test video, I think there are a lot of corrupt, gray, and even legit files in there, so "Attack all" isn't really a good thing. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
