- May 7, 2016
- 1,287
Which AV Company has best Ransomware protection and why? Now days Ransomware is a headache to AV company.
Note: Please give valid reasons for voted AV.
Note: Please give valid reasons for voted AV.
Last edited:
Which AV Company has best Ransomware protection and why?
- Thread starter Captain Awesome
- Start date
- Oct 30, 2015
- 1,251
- May 7, 2016
- 1,287
No room for that.Why there's no none option?
Sorry.
- Sep 22, 2016
- 211
If we compare ONLY antiviruses, then - Kaspersky's System Watcher and KSN do a great job, also Emsisoft's behavior blocker. These two are my favorites, Qihoo 360 and maybe Bitdefender are quite good too.
- Jul 3, 2013
- 152
Out of the options given I voted Kaspersky , as pointed out above Kaspersky's System Watcher and KSN do a mighty fine job. Comodo firewall is another great option, settings tweaked of course (@cruelsister settings recommended) .
COMODO is the only one who can prevent any malware (including Ransomware)
Valid reason = If the file is unknown (all new threats are borning as unknown) then it will goes into sandbox.
I couldn't vote, because Comodo is not in the list
(anyway, this thread will be another "I'am using X and happy with it" thread) (Good job AV fans)
Valid reason = If the file is unknown (all new threats are borning as unknown) then it will goes into sandbox.
I couldn't vote, because Comodo is not in the list
(anyway, this thread will be another "I'am using X and happy with it" thread) (Good job AV fans)
- Oct 14, 2016
- 194
Which AV
I voted Kaspersky.
Why
"The core idea is straightforward: if Kaspersky Internet Security detects some strange modification of your files, it immediately creates fresh copies of these files to prevent them from being ‘stolen’. Then it examines the software that attempted to modify your files. If it is really suspicious, then our product blocks it."
Tip the day
Don't forget about Offline Backups
I voted Kaspersky.
Why
"The core idea is straightforward: if Kaspersky Internet Security detects some strange modification of your files, it immediately creates fresh copies of these files to prevent them from being ‘stolen’. Then it examines the software that attempted to modify your files. If it is really suspicious, then our product blocks it."
Tip the day
Don't forget about Offline Backups
- Jul 3, 2015
- 8,153
MT malware testing usually shows Kaspersky as doing very well.
- Jul 3, 2015
- 8,153
COMODO is utilizing default/deny , and that is beyond the realm of AVs.COMODO is the only one who can prevent any malware (including Ransomware)
Valid reason = If the file is unknown (all new threats are borning as unknown) then it will goes into sandbox.
I couldn't vote, because Comodo is not in the list
(anyway, this thread will be another "I'am using X and happy with it" thread) (Good job AV fans)
- Jul 25, 2014
- 272
for me kaspersky + WinAntiRansom or Nod + WinAntiRansom is a very good combo for ransomware protection
WinAntiRansom | Protects you like no other Anti-Ransom. Prevents encryption of your files.
WinAntiRansom | Protects you like no other Anti-Ransom. Prevents encryption of your files.
- Aug 16, 2016
- 126
Trend Micro has a feature that prevents ransomware from encrypting files in selected folders, by default this is my documents, however I have also seen Trends Feature where is detects unusual activity targeting files malware normally targets and backs those targets up, restoring them once the user allows the encryption or allows Trend to remove the threat
Comodo also has "Protected Data Folders" and "Protected Files" feature, if we count this. No escape from this one
Protected Data Folders, Virus Protection Programs, Comodo Internet Security
&
Protected Files, PC Files, Folders Protection From Malicious Software | COMODO
So the the "unknown" file, lets say Ransomware cannot modificate or change or crypt your files in that list. Any word more than that.
Last edited by a moderator:
I am sure that it is Bitdefender i have to believe that,but my nr two is Kaspersky(i have been rescued from Ransomeware 3 times today acording to Bitdefender)
- Sep 26, 2014
- 2,973
That is my answer too. Comodo sandbox can protect you from ransomware.COMODO is the only one who can prevent any malware (including Ransomware)
Valid reason = If the file is unknown (all new threats are borning as unknown) then it will goes into sandbox.
I couldn't vote, because Comodo is not in the list
At least it did that to me when i was using it
Before giving an opinion specifically to the topic, IMO a few considerations.
Determining feature of the recent malware/ransomware has the ability to avoid antivirus detection.
We analyse the structure of these cyber attacks: if we click on a mail attachment or on infected web page, running a dropper that has essentially the task of communicating with a remote server to download the ransomware.
The dropper injects a process that gets information about the host system and communicates to the remote server.
In this way, the server is informed about which antivirus is running and if the version of the operating system has known exploitable vulnerabilities .
So the dropper is instructed to download a specific version of the crypto malware.
The dropper has downloaded on the machine, a version of the malware designed to circumvent our specific antivirus application, then it will be running by encrypting the file.
One of the most effective methods to work around AV protection is Process Hollowing.
The malware runs a legitimate process of Windows, but in suspended mode. At that point, it empties the memory in use by the same process and injects the payload, and in this way, the malware is run under the hat of the legitimate process and it does not allow the antivirus to detect it in any way.
Then there are methods to avoid detection within the sandbox.
For example, the ransomware detects, using techniques of increasing complexity (service discovery, registry keys, computational features of the processor, or specific instructions on the use of resources), the presence of a virtual environment, while remaining inert. The user will then consider it safe by running it outside of the protected area, triggering the actual infection.
The other technique is to create the polymorphic viruses, or use the payload that is known code but obfuscated, so avoiding detection by antivirus, also for example, by encrypting the executable with different algorithms, or by compressing it in different containers.
It is obvious how these techniques make it virtually useless the signatures based antivirus.
In my opinion, never as now, the antivirus , alone, can hardly detects all these threats.
Specifically to the topic if I have to choose an AV for the best ransomware protection, whereas, as mentioned above, I might choose Avast/Hardened Mode/Agressive setup.
Because it is free, and although nothing is perfect, it has proven in my tests against ransomware a very good performance.
But remember that all the ransomware that I've tested, however, have been detected by Smartscreen filter at double click time, often people forget that.
But a strategy of prevention must necessarily have, in addition to an effective safety products, also a backup (and restore) reliable plan. Important the education of users and implementation of security policy to mitigate the potential destructive of these malware.
Sorry for prob. OT, but I think that it is necessary to understand the problem in its entirety before giving an opinion.
Determining feature of the recent malware/ransomware has the ability to avoid antivirus detection.
We analyse the structure of these cyber attacks: if we click on a mail attachment or on infected web page, running a dropper that has essentially the task of communicating with a remote server to download the ransomware.
The dropper injects a process that gets information about the host system and communicates to the remote server.
In this way, the server is informed about which antivirus is running and if the version of the operating system has known exploitable vulnerabilities .
So the dropper is instructed to download a specific version of the crypto malware.
The dropper has downloaded on the machine, a version of the malware designed to circumvent our specific antivirus application, then it will be running by encrypting the file.
One of the most effective methods to work around AV protection is Process Hollowing.
The malware runs a legitimate process of Windows, but in suspended mode. At that point, it empties the memory in use by the same process and injects the payload, and in this way, the malware is run under the hat of the legitimate process and it does not allow the antivirus to detect it in any way.
Then there are methods to avoid detection within the sandbox.
For example, the ransomware detects, using techniques of increasing complexity (service discovery, registry keys, computational features of the processor, or specific instructions on the use of resources), the presence of a virtual environment, while remaining inert. The user will then consider it safe by running it outside of the protected area, triggering the actual infection.
The other technique is to create the polymorphic viruses, or use the payload that is known code but obfuscated, so avoiding detection by antivirus, also for example, by encrypting the executable with different algorithms, or by compressing it in different containers.
It is obvious how these techniques make it virtually useless the signatures based antivirus.
In my opinion, never as now, the antivirus , alone, can hardly detects all these threats.
Specifically to the topic if I have to choose an AV for the best ransomware protection, whereas, as mentioned above, I might choose Avast/Hardened Mode/Agressive setup.
Because it is free, and although nothing is perfect, it has proven in my tests against ransomware a very good performance.
But remember that all the ransomware that I've tested, however, have been detected by Smartscreen filter at double click time, often people forget that.
But a strategy of prevention must necessarily have, in addition to an effective safety products, also a backup (and restore) reliable plan. Important the education of users and implementation of security policy to mitigate the potential destructive of these malware.
Sorry for prob. OT, but I think that it is necessary to understand the problem in its entirety before giving an opinion.
- Oct 14, 2016
- 194
Interesting . Has anyone tested it? I have never seen it advertised , because , from what you said , it seems invincible if no one can encrypt a folder . Of course if you want your files encrypted to protect them from strangers, you can 't I suppose
Last edited:
- Oct 14, 2016
- 194
100% security doesn't exist , take care to keep Offline Backups ...
- Aug 16, 2016
- 126
you can, its designed to protect against applications or files behaving in a way that looks suspicious ,but if tbe encryption is performed by a whitelisted application. Like Winzip for example, trend wont block it
Similar threads
