Serious Discussion Turtle‘s Enhanced Realworld Tests ( updated )

Xeno1234

Level 14
Jun 12, 2023
684
not sure how aggressive my Di settings are, but ref non-malicious, I've only had 1 false positive in past 160 days, and Di was not wrong in blocking it.
I tried DI once. It false positived 10+ times. I’m still willing to try it on my new PC as I can’t risk anything bad happening to it, but I’m enjoying CheckPoint a lot even though I’ve bypassed its Behavior Guard.
 

Trident

Level 30
Verified
Top Poster
Well-known
Feb 7, 2023
1,960
I tried DI once. It false positived 10+ times. I’m still willing to try it on my new PC as I can’t risk anything bad happening to it, but I’m enjoying CheckPoint a lot even though I’ve bypassed its Behavior Guard.
In that case I recommend you send the sample to Check Point Research or Check Point Threat Operations Centre by emailing cpr@checkpoint.com | toc@checkpoint.com
They very quickly add any C&Cs to the denylists and then create the necessary protections.
In addition, it is possible to initialise manual forensic analysis from the Threat Hunting section. This will reverse malicious activity as much as possible.

Was the sample picked up by other engines?
 

Xeno1234

Level 14
Jun 12, 2023
684
In that case I recommend you send the sample to Check Point Research or Check Point Threat Operations Centre by emailing cpr@checkpoint.com | toc@checkpoint.com
They very quickly add any C&Cs to the denylists and then create the necessary protections.
In addition, it is possible to initialise manual forensic analysis from the Threat Hunting section. This will reverse malicious activity as much as possible.

Was the sample picked up by other engines?
Was picked up by the Kaspersky Anti-Malware engine.
What’s a bit weird about it though is that it’s flagged by Sophos Intelix and Kaspersky, but according to Triage it only drops a startup file and doesn’t do anything according to the MITRE ATT&CK matrix.

I sent the sample to you if you want to look at it.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top