- Dec 23, 2014
- 8,545
The "gang bang" approach can be a valid test method if the author mentions that the video is a special stress-kind test. The results of such a test can hardly impact overall protection and it should be mentioned in the test.
Of course, the stress test with ransomware does not make any sense. It should be done on general malware samples or even better on "monster installer" samples (if such exists in considerable numbers).
Even such a test would not be a challenging stress-kind for AVs. To make it more interesting one could use the known samples, but slightly modified to get new signatures without changing the malware behavior. That can be done in several ways. In my tests with WDAC ISG, I used known samples and modified the samples by only one letter in a particular text string. I noticed that in many cases Defender suspends the execution of such files and shows the well-known alert :
or
Execution of many such files at once can be a problem for Defender and other AVs.
Last edited: