Serious Discussion Turtle‘s Enhanced Realworld Tests ( updated )

[Xeno1234]

not sure how aggressive my Di settings are, but ref non-malicious, I've only had 1 false positive in past 160 days, and Di was not wrong in blocking it.

I tried DI once. It false positived 10+ times. I’m still willing to try it on my new PC as I can’t risk anything bad happening to it, but I’m enjoying CheckPoint a lot even though I’ve bypassed its Behavior Guard.

 

[Trident]

I tried DI once. It false positived 10+ times. I’m still willing to try it on my new PC as I can’t risk anything bad happening to it, but I’m enjoying CheckPoint a lot even though I’ve bypassed its Behavior Guard.

In that case I recommend you send the sample to Check Point Research or Check Point Threat Operations Centre by emailing cpr@checkpoint.com | toc@checkpoint.com
They very quickly add any C&Cs to the denylists and then create the necessary protections.
In addition, it is possible to initialise manual forensic analysis from the Threat Hunting section. This will reverse malicious activity as much as possible.

Was the sample picked up by other engines?

 

[Xeno1234]

In that case I recommend you send the sample to Check Point Research or Check Point Threat Operations Centre by emailing cpr@checkpoint.com | toc@checkpoint.com
They very quickly add any C&Cs to the denylists and then create the necessary protections.
In addition, it is possible to initialise manual forensic analysis from the Threat Hunting section. This will reverse malicious activity as much as possible.

Was the sample picked up by other engines?

Was picked up by the Kaspersky Anti-Malware engine.
What’s a bit weird about it though is that it’s flagged by Sophos Intelix and Kaspersky, but according to Triage it only drops a startup file and doesn’t do anything according to the MITRE ATT&CK matrix.

I sent the sample to you if you want to look at it.