Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Beta - Avast => Topic started by: cristianojgm on April 24, 2022, 02:11:01 AM

Title: Avast has to improve the ransomware shield.
Post by: cristianojgm on April 24, 2022, 02:11:01 AM
As you can see in the video, both the behavior shield failed and the ransomware shield.

https://www.youtube.com/watch?v=wRK2L5Ooo4Y&t=531s
Title: Re: Avast has to improve the ransomware shield.
Post by: r@vast on April 27, 2022, 12:42:37 PM
Hi,

In this test, one of the Shields was disabled. We recommend keeping the Core Shields enabled at all times.
Title: Re: Avast has to improve the ransomware shield.
Post by: cristianojgm on April 27, 2022, 02:49:55 PM
Hi,

In this test, one of the Shields was disabled. We recommend keeping the Core Shields enabled at all times.
In this video here all modules are connected and the trojan server with code obfuscated by a cypter passed and the behavior shield did nothing.
https://www.youtube.com/watch?v=GFukUynoSjk
Title: Re: Avast has to improve the ransomware shield.
Post by: Nunzio77 on April 29, 2022, 02:42:39 PM
Hi,

In this test, one of the Shields was disabled. We recommend keeping the Core Shields enabled at all times.

Why does the same test on this YouTube channel (file protection off) with other AVs not encrypt the files? Avast Free still kept the behavioral shield and the ransoware shield active.
Title: Re: Avast has to improve the ransomware shield.
Post by: r@vast on May 02, 2022, 02:37:11 PM
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.
Title: Re: Avast has to improve the ransomware shield.
Post by: Nunzio77 on May 02, 2022, 02:43:58 PM
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.

I didn't do the test.  🙂 I only saw this video and other videos on this YouTube channel.
Title: Re: Avast has to improve the ransomware shield.
Post by: cristianojgm on May 02, 2022, 03:21:51 PM
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.
https://www.virustotal.com/gui/file/416235b085b6b86640cac3a78f0bd52583eed7154fc3666f5338bde96db10fab
Title: Re: Avast has to improve the ransomware shield.
Post by: DavidR on May 02, 2022, 04:41:52 PM
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.
https://www.virustotal.com/gui/file/416235b085b6b86640cac3a78f0bd52583eed7154fc3666f5338bde96db10fab
<snip sample url>

Remove the link to malware sample to avoid accidental exposure and harvesting by others.

Virus total should send samples to those antivirus programs that don't detect it.

As r@vast said "and send us the link for the analysis" since you have posted the link to the analysis that should suffice.  However in the VT results Avast is detecting this ?
Title: Re: Avast has to improve the ransomware shield.
Post by: cristianojgm on May 02, 2022, 06:14:04 PM
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.
https://www.virustotal.com/gui/file/416235b085b6b86640cac3a78f0bd52583eed7154fc3666f5338bde96db10fab
<snip sample url>


Remove the link to malware sample to avoid accidental exposure and harvesting by others.

Virus total should send samples to those antivirus programs that don't detect it.

As r@vast said "and send us the link for the analysis" since you have posted the link to the analysis that should suffice.  However in the VT results Avast is detecting this ?
Yes, avast detects it. What was shown in the video is the ransomware shield failure. If it didn't have a signature, the malware would have encrypted the files. This ransomware encrypts files by changing the extension. In this case, it disabled the file shield and left only the ramsoware shield, which in this particular malware failed to block it.
Title: Re: Avast has to improve the ransomware shield.
Post by: Nunzio77 on May 02, 2022, 07:21:04 PM
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.
https://www.virustotal.com/gui/file/416235b085b6b86640cac3a78f0bd52583eed7154fc3666f5338bde96db10fab
<snip sample url>


Remove the link to malware sample to avoid accidental exposure and harvesting by others.

Virus total should send samples to those antivirus programs that don't detect it.

As r@vast said "and send us the link for the analysis" since you have posted the link to the analysis that should suffice.  However in the VT results Avast is detecting this ?
Yes, avast detects it. What was shown in the video is the ransomware shield failure. If it didn't have a signature, the malware would have encrypted the files. This ransomware encrypts files by changing the extension. In this case, it disabled the file shield and left only the ramsoware shield, which in this particular malware failed to block it.

The same thing happened to me with other ransoware too, but I don't have the samples to report.
It would be useful, if possible, to review the entire ransoware shield in the laboratory to reinforce it.

Thanks. ;)
Title: Re: Avast has to improve the ransomware shield.
Post by: Nunzio77 on May 04, 2022, 09:49:24 AM
Watch this video:

https://www.youtube.com/watch?v=jjfKZeKRpSI&t=153s
Title: Re: Avast has to improve the ransomware shield.
Post by: Asyn on May 04, 2022, 09:55:35 AM
Watch this video: https://www.youtube.com/watch?v=jjfKZeKRpSI&t=153s
-> https://forum.avast.com/index.php?topic=319262.msg1686055#msg1686055
Title: Re: Avast has to improve the ransomware shield.
Post by: Nunzio77 on May 05, 2022, 10:01:37 PM
Look at this test:

https://www.youtube.com/watch?v=g8pVaKOOAc8
Title: Re: Avast has to improve the ransomware shield.
Post by: bob3160 on May 05, 2022, 10:05:40 PM
Look at this test:

https://www.youtube.com/watch?v=g8pVaKOOAc8 (https://www.youtube.com/watch?v=g8pVaKOOAc8)
Why not be guided and accept the tests performed by reputable and accredited testing sites?
Title: Re: Avast has to improve the ransomware shield.
Post by: Nunzio77 on May 06, 2022, 09:57:08 AM
But if there is a zero day attack in which a malware is not recognized by file protection, are the other shields able to protect the PC and data? 
After this video I have some doubts ...
Does the ransoware shield protect the inserted folders in case of a zero-day attack?
Title: Re: Avast has to improve the ransomware shield.
Post by: Richard798 on May 09, 2022, 10:54:21 AM
 :)  I have been saved by Avast from Ransom attack about three times over March to May.  I am very grateful.
Title: Re: Avast has to improve the ransomware shield.
Post by: Nunzio77 on May 09, 2022, 11:01:44 AM
Probably these tests that are made are not correct because the "file protection" module is disabled which also weakens the protection and reactions of the other protective modules. 

But on this some Avast developer should express himself to have a technical confirmation and to reassure us. :)
Title: Re: Avast has to improve the ransomware shield.
Post by: bob3160 on May 09, 2022, 01:54:57 PM
Probably these tests that are made are not correct because the "file protection" module is disabled which also weakens the protection and reactions of the other protective modules. 

But on this some Avast developer should express himself to have a technical confirmation and to reassure us. :)
Have you been infected? Why are you looking for assurance when you're not having any problems?
Title: Re: Avast has to improve the ransomware shield.
Post by: Nunzio77 on May 09, 2022, 01:58:29 PM
Probably these tests that are made are not correct because the "file protection" module is disabled which also weakens the protection and reactions of the other protective modules. 

But on this some Avast developer should express himself to have a technical confirmation and to reassure us. :)
Have you been infected? Why are you looking for assurance when you're not having any problems?

Better safe than sorry ... or in any case be calmer if you use one safety product rather than another. 
That's all.
Title: Re: Avast has to improve the ransomware shield.
Post by: cristianojgm on May 09, 2022, 07:27:44 PM
Probably these tests that are made are not correct because the "file protection" module is disabled which also weakens the protection and reactions of the other protective modules. 

But on this some Avast developer should express himself to have a technical confirmation and to reassure us. :)
Yesterday, 05/08/2022, I managed to find a zero day ransomware and tested it in a virtual machine with all modules active. The ransomware shield stopped malware and second behavior shield stopped it as well. It looks like the file module are linked to the other modules.
Title: Re: Avast has to improve the ransomware shield.
Post by: Nunzio77 on May 09, 2022, 07:31:29 PM
Probably these tests that are made are not correct because the "file protection" module is disabled which also weakens the protection and reactions of the other protective modules. 

But on this some Avast developer should express himself to have a technical confirmation and to reassure us. :)
Yesterday, 05/08/2022, I managed to find a zero day ransomware and tested it in a virtual machine with all modules active. The ransomware shield stopped malware and second behavior shield stopped it as well. It looks like the file module are linked to the other modules.

Good news! Thanks  :D