Malware Hub Report Thor Premium - February 2020 Report

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Thor Premium - February 2020 Report
Due to the small number of samples used in this tests, you should take results with a grain of salt. We encourage you to compare these results with others and take informed decisions on what security products to use.
__

C: Clean / P: Protected / P - NC: Protected - Not Clean / I: Infected / E: Encrypted


* Dynamic BB Bonus Test (Real Time Protection Disabled)
* Partially Blocked
* BSR: Before System Reboothttps://malwaretips.com/threads/10-2-2020-1.98390/post-859199
* ASR: After System Reboot


February
2020
Samples
Pack
Static
Detection
Dynamic
Detection
Total
Detection
System Files
Encrypted
2nd Opinion
Scanners
System
Final Status
Thread
Link
01/02/2020​
3​
3 / 3​
N/A*
3 / 3​
No​
N/A​
C
02/02/2020​
11​
5 / 1​
1 / 6​
6 / 11​
No​
C (WV NPE)
I (NPE)
BSR: I
ASR: I
03/02/2020​
2​
2 / 2​
N/A*
2 / 2​
No​
N/A​
C
04/02/2020​
1​
1 / 1​
N/A*
1 / 1​
No​
N/A​
C
04/02/2020​
15​
3 / 15​
4 / 12​
7 / 15​
No​
I
BSR: I
ASR: I
05/02/2020​
6​
5 / 6​
0 / 1​
5 / 6​
No​
C
BSR: I
ASR: P
06/02/2020​
1​
0 / 1​
0 / 1​
0 / 1​
No​
C (WV NPE)
I (NPE)
BSR: I
ASR: I
06/02/2020​
7​
6 / 7​
0 / 1​
6 / 7​
Yes
N/A​
I + E
06/02/2020​
13​
7 / 13​
1* / 6​
7 + 1* / 13​
No​
I
I
11/02/2020​
1​
0 / 1​
0 / 1​
0 / 1​
Yes
N/A​
I + E
11/02/2020​
1​
1 / 1​
N/A*
1 / 1​
No​
N/A​
C
13/02/2020​
1​
1 / 1​
N/A*
1 / 1​
No​
N/A​
C
17/02/2020​
6​
3 / 6​
1 / 3​
4 / 6​
No​
C (WV NPE)
I (NPE)
BSR: I
ASR: I
19/02/2020​
1​
1 / 1​
N/A*
1 / 1​
No​
N/A​
C
21/02/2020​
12​
6 / 12​
3 / 6​
9 / 12​
No​
C (NPE)
I (HMP WV)
P - NC
25/02/2020​
4​
0 / 4​
1 + 1* / 4​
1 + 1* / 4​
No​
I
BSR: I
ASR: I
26/02/2020​
1​
0 / 1​
0 / 1​
0 / 1​
Yes
N/A​
I + E
27/02/2020​
1​
0 / 1​
1 / 1​
1 / 1​
No​
C
P
27/02/2020​
17​
7 / 17​
1 + 1* / 10​
8 + 1* / 17​
No​
C (WV HMP)
I (NPE)
BSR: I
ASR: I
28/02/2020​
9​
5 / 9​
1 / 4​
6 / 9​
No​
C
BSR: I
ASR: P
/02/2020​
/​
/​
/​
Post#​
 
Last edited:

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Hi guys on February I will stop testing for a while WiseVector StopX (until 2.5 stable version) and F-Secure beta.

I will test Thor Premium for a while, I would like to thanks user @Durden who kindly yielded one of his device licenses :)

In previous days I have already performed some preliminary malware tests and I don't want to advance the results but I can say Thor Premium should improve the integration of Avira engine in the product...
 

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
I will not perform a Bonus Dynamic Behaviour Blocker with Thor Premium, since it has a very simple settings in AV module, only Enable/Disable, no settings to tweak BB module (surely does not have it)...

There isn't also any manual setting to force a signature updates, the only settings about it is to tweak the schedule, minimum every 2 hours...

So it seems the integration of Avira engine in Thor Premium is very poor...

I also can't get any warning when malware is detected/processed :unsure: don't know if a bug, because in Settings are all notifications enabled and the tests work fine... but I get notification when a malicious URL or inbound/outbound connection is blocked...

The notifications in Thor are not integrated also into Windows Notification Center...
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
There isn't also any manual setting to force a signature updates, the only settings about it is to tweak the schedule, minimum every 2 hours...
I'm not sure, but I wonder if it's possible to bypass that schedule when one press the Scan button on the main page. :unsure: I know that feature for example re-set the DNS setting if not correct and also update softwares in the X-Ploit Resilience module if available.
I also can't get any warning when malware is detected/processed :unsure: don't know if a bug, because in Settings are all notifications enabled and the tests work fine... but I get notification when a malicious URL or inbound/outbound connection is blocked...

The notifications in Thor are not integrated also into Windows Notification Center...
Strange and I was just about to ask you try with the test option. It says it's only available in " Thor Forsight Home " and why wouldn't that also be included in the Premium version? Btw, I'm using the Free version.

I fully agree it should be integrated into Windows notification center. Is it mentioned in the Security Center, I mean that it replaced Defender?
 

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
The future tests (including today) will be performed with the RC version of Thor Premium, some new features:

* Gaming Mode:

1581960926622.png

* Very simple implemented FireWall Settings:

1581960362331.png

* Visual changes in GUI:

1581960401514.png

Thanks again to @Durden tp suggest me to test the new RC version.
 
Last edited:

harlan4096

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
Yes, similar, if You check my test of Avira some months ago in MWHub... in general Avira engine is weak against scripts, jar files and other types of malicious files different than exe files... so I can't understand why it gets such a great results in all those well known official tests...
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Yes, similar, if You check my test of Avira some months ago in MWHub... in general Avira engine is weak against scripts, jar files and other types of malicious files different than exe files... so I can't understand why it gets such a great results in all those well known official tests...
I can guess, one very important factor is the samples themselves here in the Hub. Those are perhaps much more fresh/new when the actual test is performed.

Another thing about Thor I stumbled over yesterday.
After using Heimdal for two days, I have noticed a serious issue with the right-click scan. When you right-click scan an .exe file, the file is launched (and assuming the file is infected and not detected by Heimdal, you're doomed). I was able to reproduce the bug multiple times.

@harlan4096 , can you confirm this?
 
Last edited:

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
I can guess, one very important factor is the samples themselves here in the Hub. Those are perhaps much more fresh/new when the actual test is performed.

Another thing about Thor I stumbled over yesterday.


@harlan4096 , can you confirm this?
I have just tried with several samples to run a direct on demand scan with Thor Premioum RC, and I can't confirm samples are executed upon on demand scanning...

When I first installed Thor Home Premium, I ran a quick scan and then download Cloud Protection test sample from Amtso website. The sample was not detected on access so I ran a right-click scan and immediately a warning from Smart Screen popped up and no scanning was done by Heimdal. I ran another right-click scan on Firefox installer and guess what? The installer was launched. This does not happen when you scan folders. It only happens when you scan individual .exe files. The issue can be no longer reproduced. I have contacted support and provided them with logs and currently waiting for their response. Will keep you updated.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Oh such a disappointment ! I wanted this product to be good :/ . I wish their team could see these tests .
Anyway let's hope they improve in the future.
I'm gonna stick out my nose on that, simply because some parts of Thor is actually good. The AV implementation feels poor at best.

Their software update module ( X-Ploit Resilience ) I personal always found extremely fast and the automatic update working as intended. I know it exist other vendors that can handle much more, but I'm satisfied enough with Thor.
 
Last edited:

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854

Durden

Level 3
Verified
Well-known
Dec 21, 2013
132
I'm using Thor Foresight . I like that DarkLayer is a DNS based traffic filtering and doesn't decrypt secured connections and I think it's pretty good agains malicious urls; it filters things that others miss, I also randomly tested it with bittorrent and it blocks stuff that others don't, however, I'm not sure about how good phishing protectionis though, But complementing it with Adguard (desktop) is great.
Currently I use it along with Adguard, and Kaspersky IS with encrypted connection scanning disabled in kaspersky.
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
I'm using Thor Foresight . I like that DarkLayer is a DNS based traffic filtering and doesn't decrypt secured connections and I think it's pretty good agains malicious urls; it filters things that others miss, I also randomly tested it with bittorrent and it blocks stuff that others don't, however, I'm not sure about how good phishing protectionis though, But complementing it with Adguard (desktop) is great.
Currently I use it along with Adguard, and Kaspersky IS with encrypted connection scanning disabled in kaspersky.
I have tested it against a bunch of phishing urls (confirmed phishing by uploading to VT) but it did not react at all. Anyway, I am keeping it at this time and I will pair it with Adguard Desktop (Thanks for the suggestion).
 

Durden

Level 3
Verified
Well-known
Dec 21, 2013
132
I have tested it against a bunch of phishing urls (confirmed phishing by uploading to VT) but it did not react at all. Anyway, I am keeping it at this time and I will pair it with Adguard Desktop (Thanks for the suggestion).
Yeah that didn't surprise me, I saw a review of it. Malicious protection was good, phishing was subpar.
For me in the meanwhile that's a good enough alternative for SSL scanning.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top