Author Topic: Avast vs new Ransomware(Solved)  (Read 1722 times)

0 Members and 1 Guest are viewing this topic.

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1910
Avast vs new Ransomware(Solved)
« on: January 18, 2018, 07:54:16 AM »
https://youtu.be/PM2eMxgAPgY
Again a fail result for Avast CC. :(

« Last Edit: January 18, 2018, 08:09:03 AM by Be Secure »
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71747
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast vs new Ransomware
« Reply #1 on: January 18, 2018, 07:57:54 AM »
VL-Info: Hi, the detection was created. Thank you!
Win 8.1 [x64] - Avast PremSec 21.8.6575.IBC [UI.663] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.2 - SecureLine 5.13 - Driver Updater 21.2 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1910
Re: Avast vs new Ransomware
« Reply #2 on: January 18, 2018, 07:58:56 AM »
VL-Info: Hi, the detection was created. Thank you!
Thanks@Asyn :)
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71747
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast vs new Ransomware
« Reply #3 on: January 18, 2018, 07:59:50 AM »
You're welcome.
Win 8.1 [x64] - Avast PremSec 21.8.6575.IBC [UI.663] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.2 - SecureLine 5.13 - Driver Updater 21.2 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1910
Re: Avast vs new Ransomware(Solved)
« Reply #4 on: January 18, 2018, 08:10:11 AM »
Can you tell me the detection name?@Asyn :)
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71747
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Win 8.1 [x64] - Avast PremSec 21.8.6575.IBC [UI.663] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.2 - SecureLine 5.13 - Driver Updater 21.2 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1910
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71747
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast vs new Ransomware(Solved)
« Reply #7 on: January 18, 2018, 08:48:15 AM »
No problem. :)
Win 8.1 [x64] - Avast PremSec 21.8.6575.IBC [UI.663] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.2 - SecureLine 5.13 - Driver Updater 21.2 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline John712

  • Jr. Member
  • **
  • Posts: 68
Re: Avast vs new Ransomware
« Reply #8 on: January 18, 2018, 11:36:14 AM »
VL-Info: Hi, the detection was created. Thank you!

This is not the point, to "create" a detection AFTER THE FACT. Anyone can do this, including MSE: create a signature once you have the malware "in hand"

The expectation from Avast! is to block the ransomvare using a different mechanism (HIPS, behavior blocker, etc) , not only based on a signature.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71747
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast vs new Ransomware(Solved)
« Reply #9 on: January 18, 2018, 11:41:38 AM »
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
Win 8.1 [x64] - Avast PremSec 21.8.6575.IBC [UI.663] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.2 - SecureLine 5.13 - Driver Updater 21.2 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Evjls

  • Jr. Member
  • **
  • Posts: 96
Re: Avast vs new Ransomware(Solved)
« Reply #10 on: January 18, 2018, 12:18:27 PM »
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
if the file is copied from a USB or an external HDD, it would yield the same result. Not everyone downloading files from the internet all the time. Why not making CC available for files not downloaded from the browser?

Also, it should be worth mentioned that Windows Defender on windows 10 already has "Controlled folder access" which is quite similar to avast's "Ransomware Shield". He demonstrated on another video that WD was bypassed by a ransomware but at least the protected folder is safe

Ransomware shield should be implemented in avast free

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71747
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast vs new Ransomware(Solved)
« Reply #11 on: January 18, 2018, 12:20:58 PM »
Ransomware shield should be implemented in avast free
You can submit your feedback in "About Avast".
Win 8.1 [x64] - Avast PremSec 21.8.6575.IBC [UI.663] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.2 - SecureLine 5.13 - Driver Updater 21.2 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1910
Re: Avast vs new Ransomware(Solved)
« Reply #12 on: January 18, 2018, 12:59:21 PM »
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
if the file is copied from a USB or an external HDD, it would yield the same result. Not everyone downloading files from the internet all the time. Why not making CC available for files not downloaded from the browser?

Also, it should be worth mentioned that Windows Defender on windows 10 already has "Controlled folder access" which is quite similar to avast's "Ransomware Shield". He demonstrated on another video that WD was bypassed by a ransomware but at least the protected folder is safe

Ransomware shield should be implemented in avast free
Agreed.
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline garrett

  • Jr. Member
  • **
  • Posts: 71
Re: Avast vs new Ransomware(Solved)
« Reply #13 on: January 20, 2018, 06:23:53 PM »
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
if the file is copied from a USB or an external HDD, it would yield the same result. Not everyone downloading files from the internet all the time. Why not making CC available for files not downloaded from the browser?

Also, it should be worth mentioned that Windows Defender on windows 10 already has "Controlled folder access" which is quite similar to avast's "Ransomware Shield". He demonstrated on another video that WD was bypassed by a ransomware but at least the protected folder is safe

Ransomware shield should be implemented in avast free
Agreed.

+1