Jump to content

lock

Honorary Members
 View Profile  See their activity

  • Posts

    375

  • Joined

  • Last visited

 Content Type 

Posts posted by lock

    Anti ransomware - giving a false sense of security

    in Malwarebytes for Windows Support Forum

    Posted

    9 hours ago, AdvancedSetup said:

    If you'd actually be interested in learning how to test ...

    Hi AdvancedSetup,

    I may agree with you that I, as an average user , do not know how to test MBAM.

    But to claim that everybody out there ( AV Comparatives, AV Test, PC Mag) is testing MBAM in wrong way,  is a little bit too much.

    Some of them were in business for so many years and are the "standards" in testing security solutions.

    And over 20 security solutions  are comfortable with the methodology used....

     

    Anti ransomware - giving a false sense of security

    in Malwarebytes for Windows Support Forum

    Posted

    Additional information:

    Here is how  Neil J. Rubenking  performs his testing for PC Mag, regarding "The Best Ransomware Protection of 2017"

    https://www.pcmag.com/roundup/353231/the-best-ransomware-protection

    Testing Anti-Ransomware Tools

    "The most obvious way to test ransomware protection is to release actual ransomware in a controlled setting and observe how well the product defends against it. However, this is only possible if the product lets you turn off its normal real-time antivirus while leaving ransomware detection active. Of course, testing is simpler when the product in question is solely devoted to ransomware protection, without a general-purpose antivirus component."

     

    "If Trend Micro Antivirus+ Security detects a suspicious process attempting file encryption, it suspends the process, backs up the file, and keeps watching. When it detects multiple encryption attempts in rapid succession, it quarantines the file, notifies the user, and restores the backed-up files. I couldn't specifically test this feature when I reviewed Trend Micro, because it's not possible to turn off other layers of protection and leave only the behavior-based system, but my contacts at the company assure me this is how it works."

     

    So, is a clear cut procedure: turn off all other layers of protection and leave only the specific shield you want to test.

     

    Thanks!

     

     

    Anti ransomware - giving a false sense of security

    in Malwarebytes for Windows Support Forum

    Posted

    Hi Ron,

    Thank you for your answer!

    MBAM has 4 distinct individual shields (Web, Exploits,Malware, Ransomware)   which can be selected individually. These shields have been developed and sold as "stand alone" protections until recently , when they have been incorporated in the same "unit", MBAM 3.0

    In fact , Exploit is still delivered as Perpetual Beta, and is expected to perform as such, without other shields.

    I see the test perfectly valid, I tested the Ransomware  shield against a Ransomware , nothing else.

    Hiding the inefficiency of Ransomware Protection behind the other shields, and hoping that somehow they will catch the ransomware by "definitions" , doesn't serve anyone.

     

    In fact, in the second part of the test , the Ransomware protection worked quite well , using a behavior mechanism, and detected Wanacry as "generic" , which is perfect, tells me that indeed, is the behavior mechanism which detected it and not some short of definition.

    The only problem: a few files were encrypted ( 4 .docx  files) before the Ransomvare shield reacted. Is this how "Ransomware protection" should work????

    Anti ransomware - giving a false sense of security

    in Malwarebytes for Windows Support Forum

    Posted

    Hi,

    I tested MBAM against Wanacry.

    With all shields enabled, MBAM will quarantine Wanacry upon execution ; nothing spectacular so far, each and any antivirus would do that.

    With all shields disabled  , except "Ransomware protection", MBAM would automatically quarantine Wanacry as "Malware.Ransom.Agent.Generic" , AFTER SEVERAL FILES WERE ENCRIPTED ALREADY.

    Is this how "Ransomware protection" should work????

    Thanks!

     

    Finaly MBAM listened...

    in Malwarebytes for Windows Support Forum

    Posted

    I added to MSE "Excluded Processes":

    • C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
    • C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
    • C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    • C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
    • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    • C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    • C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

    to MSE "Excluded Files and Locations":

    • C:\Windows\system32\Drivers\farflt.sys
    • C:\Windows\System32\drivers\mbae64.sys
    • C:\Windows\System32\drivers\mbam.sys
    • C:\Windows\System32\drivers\MBAMChameleon.sys
    • C:\Windows\System32\drivers\MBAMSwissArmy.sys
    • C:\Windows\System32\drivers\mwac.sys
    • C:\Program Files\Malwarebytes\Anti-Malware
    • C:\ProgramData\Malwarebytes\MBAMService

    and to MBAM " Folders":

    C:\Program Files\Microsoft Security Client

    C:\Program Files (x86)\Microsoft Security Client

    Finaly MBAM listened...

    in Malwarebytes for Windows Support Forum

    Posted

    14 minutes ago, Ried said:

    Which is how it should be lock,  since you toggled off the setting 'Show Notifications when Real Time Protection is turned off'

     

    Have you tried what I suggested yet with the settings in MSE?

     

     

     

     

    img 1.png

    If you toggled off the setting 'Show Notifications when Real Time Protection" you will not get notifications, however,  the icon in the task bar still had ( a month ago) the exclamation mark.

    With the new version , I toggled off " Show Notifications when Real Time Protection" and I do not get notifications and also the red mark on MBAM icon is not present.

     

    I did all exclusions between MBAM and MSE ( including .sys  drivers for MBAM); the re is zero slowdown , while Web protection is disabled, but noticeable when is enabled. 

    Finaly MBAM listened...

    in Malwarebytes for Windows Support Forum

    Posted

    Just installed again ( over 50 times so far) the latest MBAM ( 3.3.1.2183) and finally I can turn off various shields without the red "x" mark on MBAM icon.

    Guess which shield I turned off first? Web protection!!!

    Now MBAM and MSE work perfectly with ZERO slowdown.

    Well done MBAM!!!!

     

    There is one more step to get there: buy/ lease an antivirus engine (Avira, Bitdefender) and create another shield (Antivirus protection)

    Now you will have in the same product an antivirus and an antimalware and you can participate in AV Comparatives / Virus Total, avoid conflicts with any other antivirus (no need to install another antivirus), sell a full product.

     

    Does UAC protect you against "drive by" malicious software attacks?

    in Malwarebytes for Windows Support Forum

    Posted

    3 hours ago, exile360 said:

    to my knowledge at least, neither Avast! Free nor AVG Free offer any sort of extensive behavior based protection

    "Behavior Shield comes standard in all versions of Avast 2017, protecting you from zero-second threats, ransomware and other malicious programs"

    https://blog.avast.com/behavior-shield-our-newest-behavioral-analysis-technology

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.