Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
WiseVector Free AI Driven Security
Message
<blockquote data-quote="WiseVector" data-source="post: 926990" data-attributes="member: 76851"><p>Thanks for the test. I didn't notice that the malicious samples were causing serious damage to the system. For example, I didn't see files being encrypted. Most of the infected items were IEFO hijack registry keys. In addition, i saw a malicious file was found in the startup directory, normally WVSX's behavior blocker will not allow malware to create startup items or malicious IEFO keys. This may be related to the execution of multiple harmful files at the same time. It is worth mentioning that that many old samples do not exhibit malicious behavior because their CC servers were dead.</p><p></p><p>This massive old samples test is actually a test of the ability to collect malicious samples. I know these are old samples because WVSX will upload files that trigger behavior detection. These samples are about 6 months to 3 years old. The more malware you can collect, the better you can get a good score. I have observed that for some Emotet samples, Kaspersky may not be able to detect it at the first time. But at most no more than 5 hours, it will be detected by its cloud with name :"UDS<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" />angerousObject.Multi.Generic". Large companies are well-funded and have more channels to collect malicious samples, so static scans often score 100% in thees tests (vb100, AVC, youtube tests, etc.). The samples that can be collected by these testing are only a subset of samples be collected by these large manufacturers. For security software that uses machine learning, such as WVSX, the biggest advantage is to protect users from zero-day threats, such as malware that have just appeared for a few minutes. But unfortunately, there are too few tests to test zero-day malware, I have only seen MalwareHub which is kind of a test to test zero-day malware. Most of the malware tests are testing a lot of old samples which are very beneficial for the big players.</p><p></p><p>In fact. Defending against zero-day threats is far more difficult than detecting old threats. It is not difficult to get very good results on such tests, it might not even take a week to make one, you just need a private VT key and do a cloud hash matching for samples being scanned or launched. Samples in these tests are 100% present on VT. If only we knew that these tests had such a strong impact on users, maybe we don't need to spend years developing memory scanning, behavioral defense, instruction tracer, ransomware rollback, etc. We just need a hash checker...</p><p></p><p>We have decided to change our work plan and add cloud protection asap to achieve better results in such tests.</p></blockquote><p></p>
[QUOTE="WiseVector, post: 926990, member: 76851"] Thanks for the test. I didn't notice that the malicious samples were causing serious damage to the system. For example, I didn't see files being encrypted. Most of the infected items were IEFO hijack registry keys. In addition, i saw a malicious file was found in the startup directory, normally WVSX's behavior blocker will not allow malware to create startup items or malicious IEFO keys. This may be related to the execution of multiple harmful files at the same time. It is worth mentioning that that many old samples do not exhibit malicious behavior because their CC servers were dead. This massive old samples test is actually a test of the ability to collect malicious samples. I know these are old samples because WVSX will upload files that trigger behavior detection. These samples are about 6 months to 3 years old. The more malware you can collect, the better you can get a good score. I have observed that for some Emotet samples, Kaspersky may not be able to detect it at the first time. But at most no more than 5 hours, it will be detected by its cloud with name :"UDS:DangerousObject.Multi.Generic". Large companies are well-funded and have more channels to collect malicious samples, so static scans often score 100% in thees tests (vb100, AVC, youtube tests, etc.). The samples that can be collected by these testing are only a subset of samples be collected by these large manufacturers. For security software that uses machine learning, such as WVSX, the biggest advantage is to protect users from zero-day threats, such as malware that have just appeared for a few minutes. But unfortunately, there are too few tests to test zero-day malware, I have only seen MalwareHub which is kind of a test to test zero-day malware. Most of the malware tests are testing a lot of old samples which are very beneficial for the big players. In fact. Defending against zero-day threats is far more difficult than detecting old threats. It is not difficult to get very good results on such tests, it might not even take a week to make one, you just need a private VT key and do a cloud hash matching for samples being scanned or launched. Samples in these tests are 100% present on VT. If only we knew that these tests had such a strong impact on users, maybe we don't need to spend years developing memory scanning, behavioral defense, instruction tracer, ransomware rollback, etc. We just need a hash checker... We have decided to change our work plan and add cloud protection asap to achieve better results in such tests. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
