- Content source
- https://www.youtube.com/watch?v=aCBCrUqQilk
Zero Day Ransomware vs Popular Antivirus and EDR
- Thread starter Kongo
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
He says the file size is 200 MB so it is beyond the size allowed to be scanned.
What is the default size of file to be scanned in MD and different 3rd party AVs?
What is the default size of file to be scanned in MD and different 3rd party AVs?
Since we are looking at a large padded file, they should be testing Evasion. The evasion is almost entirely focused on the download phase. If you bypass the download in your test, you aren't testing the padding's effectiveness.
Defender doesn't have a hard "skip" cap by default, but it relies on a timeout. If a file takes longer than X milliseconds to scan, it stops. 200MB is often too big to finish before the timeout, so it skips the bulk of the data. Most of the other security products vary in limit.
Defender doesn't have a hard "skip" cap by default, but it relies on a timeout. If a file takes longer than X milliseconds to scan, it stops. 200MB is often too big to finish before the timeout, so it skips the bulk of the data. Most of the other security products vary in limit.
From what I read, ransomware on the system beyond the scope of signatures can be tricky. Congrats are in order for Kaspersky proving its behavioral protection and heuristics once again.
Avast ransomware shield is also solid; it stopped the attack in the video.
Setting it to strict in impenetrable.
Unfortunately MD controlled folder access is equivalent to Avast ransomware shield in "smart" not "strict" mode; can be fooled by a signed malware.
Last edited:
X milliseconds depends, not only on the scanned file size, but also on cpu and drive type (SSD or HDD) and read speed, and to lesser extent the available RAM.
Of all the comments on YouTube (not here), of "test this, and test that", how about if in our day to day life we don't run a 200 MB file if we don't know exactly where it came from, or is of suspicious in the first place? I'm not thinking I'm above getting anything, any malware, but for some of those posts the AV is the "be all and end all" of their online security.
The potential scenario would be a tampered ligitimate installer (200 MB is acceptable for installer) which side loads a malicious dll (but I do not know if dll can act as a ransomware or not).
But, who gets those and from where? Maybe I live a to sheltered, boring online life? I haven't had anything but PUP's since the days of XP.
Most installers have online_installers now to avoid this problem, very rarely will a installer cross the 100MB mark.
And I don't think getting infected via a Linux .iso is ever going to happen and you would need a VM escape for it to work on Windows which is very rare.
And I don't think getting infected via a Linux .iso is ever going to happen and you would need a VM escape for it to work on Windows which is very rare.
You are a security-oriented user, just like me; too many users get their installers from 3rd party hosting websites; softonic is described by name in several detections of PUPs and even trojans bundled to the installers downloaded from, on VT.
I keep the offline installers to save bandwidth after reinstalling Windows every 72 hours
LOL, love itI keep the offline installers to save bandwidth after reinstalling Windows every 72 hours
I just did a reset of my notebooks over the weekend as I wanted clean and lasting installs of my current AV configuration.I keep some of my favorite app installers on a flash drive to save time re-downloading those (they usually need to be updated ) and always download the browsers on install for the latest build. Some people use VMware, I use Windows Reset (what a nice feature). And like you, since I'm just installing a handful of apps, it goes pretty quickly.
Yup I do t he same I keep an achieve of software, save important installers, upload to VT when suspicious or scan with AV.
That what keeps me from using 3rd party AV; did not like = reinstall.
I have all the time in the world, but I lack bandwidth (140 GB/month)
A safe solution for trying several AVs and for protection in general, but need at least 16 GB RAM.
Tried twice, the time to finish reset is 3 times that of clean install.
If you want to keep your offline installers up to date, you can try Ketarin.I keep the offline installers to save bandwidth after reinstalling Windows every 72 hours
VT is the preferred choice; it most probably uploads only metedata (takes no time).
Tried to upload a big installer to K threat intelligence portal, it was uploading every single byte of.
I manually redownload the updated installers from the official websites; if the installer is very large, I decrease the frequency of refreshing.
Not eveyone get interested in cyber-security, even if in the field of IT.
Some find it boring.
You may also like...
-
54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security- Started by Divergent
- Replies: 8
-
Ransomware Group abuses SentinelOne EDR for stealthy malware execution- Started by Khushal
- Replies: 1
-
AVG vs Symantec Antivirus: This One Cleaned Better
- Started by Khushal
- Replies: 57
-
