Mahesh Sudula

Level 12
Verified
Joined
Sep 3, 2017
Messages
558
Operating System
Windows 8.1
Antivirus
Doctor Web
#41
I do like to see a BB test where:
-internet connection is disabled(no cloud signature/reputation lookups)
-all other protection components are disabled but BB
-different types of malwares tested
Internet is required for majority of the malwares to begin the work > Like downloading payloads..
BB depends on the behaviour of sample > This depends on internet connectivity>
Sometimes BB goes well with cloud (not all cases)
 
Joined
Aug 21, 2018
Messages
34
Operating System
Windows 7
Antivirus
Norton
#42
What is the purpose of BB if it depends on internet connection? Its purpose is to catch unknown threaths.
But yes, you are right about internet connection when for example browser memory modifications are detected.
BB is good for system tampering etc, you dont need i internet connection for that.
 

ichito

Level 4
Verified
Joined
Dec 12, 2013
Messages
191
#43
I don't know who among BB in AV/IS is the best but for me the last 3 BB was standalone apps - DSA, Mamutu and ThreatFire (it's alphabetical order but my favoutite was TF). Each of them didn't need to be connected to the internet but each of them could detect trying of making connection or port listening.
So...test with disabled internet connection make sens for me.