Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Why are we even messing with anything other than WD these days?
Message
<blockquote data-quote="Andy Ful" data-source="post: 888013" data-attributes="member: 32260"><p>Such a statement can be misguiding for many people. WD free is great when SmartScreen is triggered, but can be also very good without SmartScreen. The most important protection comes from the Block of First Sight (BAFS) feature and AMSI. BAFS is triggered when the executable is downloaded via the web browser or another application that can add the MOTW to the file. Such protection is as good as for any AV without ATP.</p><p></p><p>If the executable is downloaded & executed without the MOTW, then the protection is worse (SmartScreen and BAFS are not triggered), but still comparable with free AVs due to cloud-delivered protection (slightly worse than top free AVs). Such a situation usually can happen for files shared via flash drives. The files can be also executed without the MOTW as the payloads. Although this can pass-by the protection based on SmartScreen, It is not strictly the SmartScreen bypass, and such events you probably can see in the WLC. The SmartScreen bypass can happen when the malware with MOTW can be executed - it is a possible but very rare event in the wild.</p><p></p><p>If WD is used as offline protection, then its detection is significantly worse than for good free AVs.</p><p></p><p></p><p>Yes, that can be an issue in enterprises. One has to use Microsoft Defender with ATP or whitelisting (default-deny) approach, or some third-party solutions.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 888013, member: 32260"] Such a statement can be misguiding for many people. WD free is great when SmartScreen is triggered, but can be also very good without SmartScreen. The most important protection comes from the Block of First Sight (BAFS) feature and AMSI. BAFS is triggered when the executable is downloaded via the web browser or another application that can add the MOTW to the file. Such protection is as good as for any AV without ATP. If the executable is downloaded & executed without the MOTW, then the protection is worse (SmartScreen and BAFS are not triggered), but still comparable with free AVs due to cloud-delivered protection (slightly worse than top free AVs). Such a situation usually can happen for files shared via flash drives. The files can be also executed without the MOTW as the payloads. Although this can pass-by the protection based on SmartScreen, It is not strictly the SmartScreen bypass, and such events you probably can see in the WLC. The SmartScreen bypass can happen when the malware with MOTW can be executed - it is a possible but very rare event in the wild. If WD is used as offline protection, then its detection is significantly worse than for good free AVs. Yes, that can be an issue in enterprises. One has to use Microsoft Defender with ATP or whitelisting (default-deny) approach, or some third-party solutions. [/QUOTE]
Insert quotes…
Verification
Post reply
Top