Jump to content

Anti-Ransomware and RanSim scan


Recommended Posts

Hello, one of my coworkers who is assisting with evaluating MB Anti-Ransomware came across this site:

https://knowbe4.zendesk.com/hc/en-us/articles/229040167-RanSim

And ran that on a Windows 10 x64 system running Malwarebytes for Business Anti-Malware and Anti-Ransomware. The result of the scan showed the system as vulnerable to 8 of 10 scenarios the scan checked against. I'm just wondering if there was some explanation as to why the score was so low? Is anyone from Malwarebyte's familiar with this site? Is it not a true test?

 

Thanks!

Link to post
Share on other sites

I'll also add that when I tested that tool before, I got 3 out of 5 when I ran it. It won't get 5 out of 5 due to a web test which I'll explain below. Make sure to read the logs of the Ransim tool as the Anti-Ransomware product will kill all the processes but sometimes the Ransim UI still shows "vulnerable". The web test, StrongCryptorNet scenario, has fake web traffic meant to simulate ransomware reaching out for the private key, but it sends the traffic to 127.0.0.1. Because home loopback is not an unsafe IP, the Anti-Malware product side web block will not engage. If it had been a real malicious IP, the traffic would be blocked if they had Anti-Malware. This tester is not realistic enough to provoke a shot for shot accuracy in the reaction of Malwarebytes software. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.