Company products in the Advanced Threat Protection test The other 9 attacks were fended off error-free, which meant that the package received 27 points. Thus, three malware samples were able to encrypt individual files: 27 points out of a possible 30.Īvast (Free Antivirus) had to concede defeat in one scenario: it did not detect the intruder and enabled the ransomware to completely unfold. Malwarebytes Premium did manage to detect all 10 attackers, but was only able to partially block them. While the ransomware was detected, the encryption of the system was not stopped: 27.5 points. Norton experienced a similar issue in one instance. VIPRE Security received 28.5 out of 30 points, as it identified the attack, but was unable to do anything against the encryption. G DATA had problems in one test run: it detected the ransomware, but it was only partially able to block it, and individual files were encrypted: 29 points. While additional products reliably identified the intruders, they were partly or totally unable to stop some of them. In the lab, end user packages of these manufacturers were put to the test: Avast (2 versions), AVG, Bitdefender, F-Secure, G DATA, Kaspersky, Malwarebytes, Microsoft, Microworld, Norton, PC Matic and VIPRE Security.Īvast with One Essential, AVG, Bitdefender, F-Secure, Kaspersky, Microsoft, Microworld and PC Matic detected all special attack techniques of the various 10 ransomware scenarios and received the maximum 30 points for the protection score. In order to find a more detailed explanation of the evaluation tables and the individual color codes in the traffic light system please see also the article ”Test and Study: Do Security Solutions stop Current Ransomware under Windows 11?“.Ĭonsumer user products in the Advanced Threat Protection test Consumer user products receive the "Advanced Certified" certificate, and corporate user products receive the "Advanced Approved Endpoint Protection" certificate. Nested password protected self-extracting archives: This technique was also used by Emotet to prevent detection by security programs.Ī product evaluated in the Advanced Threat Protection test receives a special certificate as recognition but only if the protection score of at least 75 percent of the maximum 30 points, i.e. The process then carries out the attackers' specified commands and, in doing so, it appears normal and innocuous. The application does not notice it, and loads the DLL. A malicious DLL is copied into the application directory. In this test, a combined LNK and ISO file was used, which makes it difficult for many security products to examine and identify these files and to prevent them from launching.ĭLL sideloading: Here, attacks capitalize on very typical programming errors in standard software. Polyglot file: In this technique, the attacker uses specially prepared files that work in concert. In the latest study, the lab used the following attack techniques, as they are also deployed by Emotet, for example. Both of those appear to not be issues any longer.In addition to the classic detection tests, the lab at AV-TEST examines many security products for consumer users and corporate users in a live test against ransomware and their particularly diabolical technical sophistication. The biggest complaint for most people about these boutique suites that we all want to use is pricing, the second biggest complaint about GDATA was it's weight on a system. But they will easily combine multiple Amazon purchased licenses so you can extend it out several years at around 20 bucks a year. Their support confirmed to me this is a special pricing but as of right now cannot be renewed within the portal once it expires. (Note, do a full system scan after install and it is even faster subsequently)Īlso, GDATA will combine licenses purchased from Amazon. Especially considering that is with both engines active on Read/Write, Maximum Security slider up and the fact it has a real third party firewall with extremely granular controls. So whatever their stated performance fixes in the recent incarnations are, they worked. I think it's faster than F-Secure, Bit Defender and Emsisoft at this point.
0 Comments
Leave a Reply. |