Author Topic: Avast vs new Ransomware(Solved)  (Read 2801 times)

0 Members and 1 Guest are viewing this topic.

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Avast vs new Ransomware(Solved)
« on: January 18, 2018, 07:54:16 AM »
https://youtu.be/PM2eMxgAPgY
Again a fail result for Avast CC. :(

« Last Edit: January 18, 2018, 08:09:03 AM by Be Secure »
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast vs new Ransomware
« Reply #1 on: January 18, 2018, 07:57:54 AM »
VL-Info: Hi, the detection was created. Thank you!
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: Avast vs new Ransomware
« Reply #2 on: January 18, 2018, 07:58:56 AM »
VL-Info: Hi, the detection was created. Thank you!
Thanks@Asyn :)
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast vs new Ransomware
« Reply #3 on: January 18, 2018, 07:59:50 AM »
You're welcome.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: Avast vs new Ransomware(Solved)
« Reply #4 on: January 18, 2018, 08:10:11 AM »
Can you tell me the detection name?@Asyn :)
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast vs new Ransomware(Solved)
« Reply #7 on: January 18, 2018, 08:48:15 AM »
No problem. :)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Re: Avast vs new Ransomware
« Reply #8 on: January 18, 2018, 11:36:14 AM »
VL-Info: Hi, the detection was created. Thank you!

This is not the point, to "create" a detection AFTER THE FACT. Anyone can do this, including MSE: create a signature once you have the malware "in hand"

The expectation from Avast! is to block the ransomvare using a different mechanism (HIPS, behavior blocker, etc) , not only based on a signature.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast vs new Ransomware(Solved)
« Reply #9 on: January 18, 2018, 11:41:38 AM »
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Evjls

  • Jr. Member
  • **
  • Posts: 96
Re: Avast vs new Ransomware(Solved)
« Reply #10 on: January 18, 2018, 12:18:27 PM »
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
if the file is copied from a USB or an external HDD, it would yield the same result. Not everyone downloading files from the internet all the time. Why not making CC available for files not downloaded from the browser?

Also, it should be worth mentioned that Windows Defender on windows 10 already has "Controlled folder access" which is quite similar to avast's "Ransomware Shield". He demonstrated on another video that WD was bypassed by a ransomware but at least the protected folder is safe

Ransomware shield should be implemented in avast free

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast vs new Ransomware(Solved)
« Reply #11 on: January 18, 2018, 12:20:58 PM »
Ransomware shield should be implemented in avast free
You can submit your feedback in "About Avast".
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1908
Re: Avast vs new Ransomware(Solved)
« Reply #12 on: January 18, 2018, 12:59:21 PM »
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
if the file is copied from a USB or an external HDD, it would yield the same result. Not everyone downloading files from the internet all the time. Why not making CC available for files not downloaded from the browser?

Also, it should be worth mentioned that Windows Defender on windows 10 already has "Controlled folder access" which is quite similar to avast's "Ransomware Shield". He demonstrated on another video that WD was bypassed by a ransomware but at least the protected folder is safe

Ransomware shield should be implemented in avast free
Agreed.
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

REDACTED

  • Guest
Re: Avast vs new Ransomware(Solved)
« Reply #13 on: January 20, 2018, 06:23:53 PM »
VL-Info: In such tests it is very important to simulate infection vectors correctly, if the guy just copied the executable to desktop and run it, it is not totaly valid test case. Such samples are delivered to system from network, resides in temporal directories etc. Tested executable has standalone behavior same as any tool for mass re-encoding the file for example.
if the file is copied from a USB or an external HDD, it would yield the same result. Not everyone downloading files from the internet all the time. Why not making CC available for files not downloaded from the browser?

Also, it should be worth mentioned that Windows Defender on windows 10 already has "Controlled folder access" which is quite similar to avast's "Ransomware Shield". He demonstrated on another video that WD was bypassed by a ransomware but at least the protected folder is safe

Ransomware shield should be implemented in avast free
Agreed.

+1