Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Be Secure on January 18, 2018, 07:54:16 AM

Title: Avast vs new Ransomware(Solved)
Post by: Be Secure on January 18, 2018, 07:54:16 AM
https://youtu.be/PM2eMxgAPgY (https://youtu.be/PM2eMxgAPgY)
Again a fail result for Avast CC. :(

Title: Re: Avast vs new Ransomware
Post by: Asyn on January 18, 2018, 07:57:54 AM
VL-Info: Hi, the detection was created. Thank you!
Title: Re: Avast vs new Ransomware
Post by: Be Secure on January 18, 2018, 07:58:56 AM
VL-Info: Hi, the detection was created. Thank you!
Thanks@Asyn :)
Title: Re: Avast vs new Ransomware
Post by: Asyn on January 18, 2018, 07:59:50 AM
You're welcome.
Title: Re: Avast vs new Ransomware(Solved)
Post by: Be Secure on January 18, 2018, 08:10:11 AM
Can you tell me the detection name?@Asyn :)
Title: Re: Avast vs new Ransomware(Solved)
Post by: Asyn on January 18, 2018, 08:15:37 AM
-> https://www.virustotal.com/#/file/9dbd7b3133c9bc80b9ed83712d488d014b856c8814a268871046a30c4b6fc6ae/detection
Title: Re: Avast vs new Ransomware(Solved)
Post by: Be Secure on January 18, 2018, 08:23:44 AM
-> https://www.virustotal.com/#/file/9dbd7b3133c9bc80b9ed83712d488d014b856c8814a268871046a30c4b6fc6ae/detection
Thanks again. 8)
Title: Re: Avast vs new Ransomware(Solved)
Post by: Asyn on January 18, 2018, 08:48:15 AM
No problem. :)
Title: Re: Avast vs new Ransomware
Post by: John712 on January 18, 2018, 11:36:14 AM
VL-Info: Hi, the detection was created. Thank you!

This is not the point, to "create" a detection AFTER THE FACT. Anyone can do this, including MSE: create a signature once you have the malware "in hand"

The expectation from Avast! is to block the ransomvare using a different mechanism (HIPS, behavior blocker, etc) , not only based on a signature.
Title: Re: Avast vs new Ransomware(Solved)
Post by: Asyn on January 18, 2018, 11:41:38 AM
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
Title: Re: Avast vs new Ransomware(Solved)
Post by: Evjls on January 18, 2018, 12:18:27 PM
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
if the file is copied from a USB or an external HDD, it would yield the same result. Not everyone downloading files from the internet all the time. Why not making CC available for files not downloaded from the browser?

Also, it should be worth mentioned that Windows Defender on windows 10 already has "Controlled folder access" which is quite similar to avast's "Ransomware Shield". He demonstrated on another video that WD was bypassed by a ransomware but at least the protected folder is safe

Ransomware shield should be implemented in avast free
Title: Re: Avast vs new Ransomware(Solved)
Post by: Asyn on January 18, 2018, 12:20:58 PM
Ransomware shield should be implemented in avast free
You can submit your feedback in "About Avast".
Title: Re: Avast vs new Ransomware(Solved)
Post by: Be Secure on January 18, 2018, 12:59:21 PM
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
if the file is copied from a USB or an external HDD, it would yield the same result. Not everyone downloading files from the internet all the time. Why not making CC available for files not downloaded from the browser?

Also, it should be worth mentioned that Windows Defender on windows 10 already has "Controlled folder access" which is quite similar to avast's "Ransomware Shield". He demonstrated on another video that WD was bypassed by a ransomware but at least the protected folder is safe

Ransomware shield should be implemented in avast free
Agreed.
Title: Re: Avast vs new Ransomware(Solved)
Post by: garrett on January 20, 2018, 06:23:53 PM
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
if the file is copied from a USB or an external HDD, it would yield the same result. Not everyone downloading files from the internet all the time. Why not making CC available for files not downloaded from the browser?

Also, it should be worth mentioned that Windows Defender on windows 10 already has "Controlled folder access" which is quite similar to avast's "Ransomware Shield". He demonstrated on another video that WD was bypassed by a ransomware but at least the protected folder is safe

Ransomware shield should be implemented in avast free
Agreed.

+1