App Review These 3 top-tier AV's failed to stop 10 variants of script Clipper malware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
rifteyy
Please test it, and thank you in advance.
tiktoshi

Post in thread 'POLAR ANTIVIRUS free'

Shadowra said:
I played around with it a bit, and yes, it no longer uses Ikarus. It has VirusTotal and its own engine (it downloads its definitions via GitHub).

Here is its interface.

View attachment 293887View attachment 293888View attachment 293889View attachment 293890

VirusTotal is clearly indicated with the choice of “engines” used (Kaspersky, Avast, etc.), somewhat like Secureaplus/CatchPulse.
Note that the antivirus does not provide the API key; you will have to enter it yourself (unfortunately, it does not indicate that one is required or how to do so).

View attachment 293891

The Polar engine (very little...
Click to expand...
  • Like
  • Thanks
  • Applause

github.com

Release POLAR ANTIVIRUS · tiktoshi40-netizen/polupdate

🐻‍❄️ POLAR ANTIVIRUS POLAR ANTIVIRUS is a modern, lightweight, and powerful security solution designed to provide multi-layered protection for your Windows environment. Combining local signature-ba...
github.com github.com
 
  • Like
Reactions: piquiteco, Brownie2019, Antimalware18 and 2 others
Khushal said:


Verdict: ESET Security Ultimate, BitDefender Free and Malwarebytes Trial all failed to detect 10/10 samples, ending at 0% detection/stop rate.
Click to expand...

Any AV can skip script samples, including K you like, so either use K version with app control or use any other AV bundled with its own app control module or with MS app control.

And after all such measures, there is no 100% guarantee to be infection-free than your knowledeg of how to get infected to avoid being exposed at the first place.
 
  • Like
Reactions: Brownie2019, Antimalware18, Sampei.Nihira and 3 others
Parkinsond said:
Any AV can skip script samples, including K you like, so either use K version with app control or use any other AV bundled with its own app control module or with MS app control.

And after all such measures, there is no 100% guarantee to be infection-free than your knowledeg of how to get infected to avoid being exposed at the first place.
Click to expand...
I don't like K I only admire its near perfection and according to him these 10 were missed by K as well.
 
  • Like
  • +Reputation
Reactions: simmerskool, piquiteco, Brownie2019 and 5 others
Kaspersky is still for me the best solution I've found, however on a personal basis I don't rate some of the YouTube videos very highly at all, & anything in life can be bypassed or broken, its the way things but we can do all we can to avoid malware getting on to our systems in the first place, they don't drop out of the sky they have to be downloaded somehow, so for me that's the first line of defence, not a perfect solution though, but what is?
 
  • Like
  • Applause
  • +Reputation
Reactions: Game Of Thrones, Miravi, lokamoka820 and 8 others
Sorrento said:
Kaspersky is still for me the best solution I've found, however on a personal basis I don't rate some of the YouTube videos very highly at all, & anything in life can be bypassed or broken, its the way things but we can do all we can to avoid malware getting on to our systems in the first place, they don't drop out of the sky they have to be downloaded somehow, so for me that's the first line of defence, not a perfect solution though, but what is?
Click to expand...
The most stealthy method of infection currently are the compromised websites with browser-in-browser malware; can skip web protection and even user cautious behavior.
 
  • Like
Reactions: simmerskool, Brownie2019, Antimalware18 and 3 others
Parkinsond said:
The most stealthy method of infection currently are the compromised websites with browser-in-browser malware; can skip web protection and even user cautious behavior.
Click to expand...

(y)

But they don't bypass an adblock with dynamic filtering set to Medium Mode.
Even Enhanced Easy Mode, (only block 3p-frames) is better than nothing (Easy Mode).;)

P.S.

Many users in this forum should consider using their adblocker, now in 2026, with a leap in quality, setting at least the simplest mode of dynamic filtering.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Miravi, simmerskool, piquiteco and 6 others
Sampei.Nihira said:
(y)

But they don't bypass an adblock with dynamic filtering set to Medium Mode.
Even Enhanced Easy Mode, (only block 3p-frames) is better than nothing (Easy Mode).;)

P.S.

Many users in this forum should consider using their adblocker, now in 2026, with a leap in quality, setting at least the simplest mode of dynamic filtering.
Click to expand...
The real dilemma is the compromised legitimate adblocker may be the portal for such attack 😎
 
  • Wow
  • Like
Reactions: Khushal and Sorrento
Shadowra said:
Quite surprised by Bitdefender's result (which claims to be the best in Behavior), but let's not kid ourselves: no antivirus will protect you 100%.
Click to expand...
Executing malware directly from the desktop exploits Contextual Scoring Bias. Modern EDRs like Bitdefender use a weighted scoring system where a file's location influences its initial "threat score." Because the Desktop is a frequent location for legitimate user-initiated software (installers, tools), the behavioral engine may allow more "initial" actions before reaching the block threshold, compared to a file executing from a hidden or temporary directory.
 
  • Like
  • +Reputation
  • Applause
Reactions: Miravi, simmerskool, piquiteco and 4 others
Divergent said:
Executing malware directly from the desktop exploits Contextual Scoring Bias. Modern EDRs like Bitdefender use a weighted scoring system where a file's location influences its initial "threat score." Because the Desktop is a frequent location for legitimate user-initiated software (installers, tools), the behavioral engine may allow more "initial" actions before reaching the block threshold, compared to a file executing from a hidden or temporary directory.
Click to expand...
At least use a free DropBox or similar cloud storage instance and then create a .LNK file to download the sample with a command line switch to execute it. Let's say download it to a writable non-admin access directory in System Space (C:\Windows\<some_non.admin_folder_path>).

Shakira say, where "HIPS" is used in a substitution cipher to mean "Divergent."

hipsdontlie.gif
 
  • Like
  • Hundred Points
Reactions: Divergent, simmerskool and Divine_Barakah

You may also like...