Mahesh Sudula

Level 16
Verified
Malware Tester
I do like to see a BB test where:
-internet connection is disabled(no cloud signature/reputation lookups)
-all other protection components are disabled but BB
-different types of malwares tested
Internet is required for majority of the malwares to begin the work > Like downloading payloads..
BB depends on the behaviour of sample > This depends on internet connectivity>
Sometimes BB goes well with cloud (not all cases)
 

sepik

Level 2
What is the purpose of BB if it depends on internet connection? Its purpose is to catch unknown threaths.
But yes, you are right about internet connection when for example browser memory modifications are detected.
BB is good for system tampering etc, you dont need i internet connection for that.
 

ichito

Level 6
Verified
Content Creator
I don't know who among BB in AV/IS is the best but for me the last 3 BB was standalone apps - DSA, Mamutu and ThreatFire (it's alphabetical order but my favoutite was TF). Each of them didn't need to be connected to the internet but each of them could detect trying of making connection or port listening.
So...test with disabled internet connection make sens for me.