Author Topic: Avast has to improve the ransomware shield.  (Read 6794 times)

0 Members and 1 Guest are viewing this topic.

Offline cristianojgm

  • Jr. Member
  • **
  • Posts: 78
Avast has to improve the ransomware shield.
« on: April 24, 2022, 02:11:01 AM »
As you can see in the video, both the behavior shield failed and the ransomware shield.

https://www.youtube.com/watch?v=wRK2L5Ooo4Y&t=531s
« Last Edit: April 25, 2022, 10:53:07 PM by cristianojgm »

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2771
Re: Avast has to improve the ransomware shield.
« Reply #1 on: April 27, 2022, 12:42:37 PM »
Hi,

In this test, one of the Shields was disabled. We recommend keeping the Core Shields enabled at all times.

Offline cristianojgm

  • Jr. Member
  • **
  • Posts: 78
Re: Avast has to improve the ransomware shield.
« Reply #2 on: April 27, 2022, 02:49:55 PM »
Hi,

In this test, one of the Shields was disabled. We recommend keeping the Core Shields enabled at all times.
In this video here all modules are connected and the trojan server with code obfuscated by a cypter passed and the behavior shield did nothing.
https://www.youtube.com/watch?v=GFukUynoSjk

Offline Nunzio77

  • Sr. Member
  • ****
  • Posts: 228
Re: Avast has to improve the ransomware shield.
« Reply #3 on: April 29, 2022, 02:42:39 PM »
Hi,

In this test, one of the Shields was disabled. We recommend keeping the Core Shields enabled at all times.

Why does the same test on this YouTube channel (file protection off) with other AVs not encrypt the files? Avast Free still kept the behavioral shield and the ransoware shield active.
« Last Edit: April 29, 2022, 02:46:22 PM by Nunzio77 »
Thank you and good day!
Nunzio
----------------------------
Avast Free, Windows 10 Pro-32 Bit, Intel Core2 Duo CPU T7500, RAM 4 Gb, HD 160 Gb, ATI Mobile Radeon HD 2400

Offline r@vast

  • Avast team
  • Massive Poster
  • *
  • Posts: 2771
Re: Avast has to improve the ransomware shield.
« Reply #4 on: May 02, 2022, 02:37:11 PM »
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.

Offline Nunzio77

  • Sr. Member
  • ****
  • Posts: 228
Re: Avast has to improve the ransomware shield.
« Reply #5 on: May 02, 2022, 02:43:58 PM »
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.

I didn't do the test.  🙂 I only saw this video and other videos on this YouTube channel.
Thank you and good day!
Nunzio
----------------------------
Avast Free, Windows 10 Pro-32 Bit, Intel Core2 Duo CPU T7500, RAM 4 Gb, HD 160 Gb, ATI Mobile Radeon HD 2400

Offline cristianojgm

  • Jr. Member
  • **
  • Posts: 78
Re: Avast has to improve the ransomware shield.
« Reply #6 on: May 02, 2022, 03:21:51 PM »
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.
https://www.virustotal.com/gui/file/416235b085b6b86640cac3a78f0bd52583eed7154fc3666f5338bde96db10fab
« Last Edit: May 02, 2022, 06:07:22 PM by cristianojgm »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87054
  • No support PMs thanks
Re: Avast has to improve the ransomware shield.
« Reply #7 on: May 02, 2022, 04:41:52 PM »
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.
https://www.virustotal.com/gui/file/416235b085b6b86640cac3a78f0bd52583eed7154fc3666f5338bde96db10fab
<snip sample url>

Remove the link to malware sample to avoid accidental exposure and harvesting by others.

Virus total should send samples to those antivirus programs that don't detect it.

As r@vast said "and send us the link for the analysis" since you have posted the link to the analysis that should suffice.  However in the VT results Avast is detecting this ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline cristianojgm

  • Jr. Member
  • **
  • Posts: 78
Re: Avast has to improve the ransomware shield.
« Reply #8 on: May 02, 2022, 06:14:04 PM »
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.
https://www.virustotal.com/gui/file/416235b085b6b86640cac3a78f0bd52583eed7154fc3666f5338bde96db10fab
<snip sample url>


Remove the link to malware sample to avoid accidental exposure and harvesting by others.

Virus total should send samples to those antivirus programs that don't detect it.

As r@vast said "and send us the link for the analysis" since you have posted the link to the analysis that should suffice.  However in the VT results Avast is detecting this ?
Yes, avast detects it. What was shown in the video is the ransomware shield failure. If it didn't have a signature, the malware would have encrypted the files. This ransomware encrypts files by changing the extension. In this case, it disabled the file shield and left only the ramsoware shield, which in this particular malware failed to block it.

Offline Nunzio77

  • Sr. Member
  • ****
  • Posts: 228
Re: Avast has to improve the ransomware shield.
« Reply #9 on: May 02, 2022, 07:21:04 PM »
Hi,
If you could upload the problematic sample to https://virustotal.com/ and send us the link for the analysis, we would be able to look further into it.
https://www.virustotal.com/gui/file/416235b085b6b86640cac3a78f0bd52583eed7154fc3666f5338bde96db10fab
<snip sample url>


Remove the link to malware sample to avoid accidental exposure and harvesting by others.

Virus total should send samples to those antivirus programs that don't detect it.

As r@vast said "and send us the link for the analysis" since you have posted the link to the analysis that should suffice.  However in the VT results Avast is detecting this ?
Yes, avast detects it. What was shown in the video is the ransomware shield failure. If it didn't have a signature, the malware would have encrypted the files. This ransomware encrypts files by changing the extension. In this case, it disabled the file shield and left only the ramsoware shield, which in this particular malware failed to block it.

The same thing happened to me with other ransoware too, but I don't have the samples to report.
It would be useful, if possible, to review the entire ransoware shield in the laboratory to reinforce it.

Thanks. ;)
Thank you and good day!
Nunzio
----------------------------
Avast Free, Windows 10 Pro-32 Bit, Intel Core2 Duo CPU T7500, RAM 4 Gb, HD 160 Gb, ATI Mobile Radeon HD 2400

Offline Nunzio77

  • Sr. Member
  • ****
  • Posts: 228
Re: Avast has to improve the ransomware shield.
« Reply #10 on: May 04, 2022, 09:49:24 AM »
Thank you and good day!
Nunzio
----------------------------
Avast Free, Windows 10 Pro-32 Bit, Intel Core2 Duo CPU T7500, RAM 4 Gb, HD 160 Gb, ATI Mobile Radeon HD 2400

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76115
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Nunzio77

  • Sr. Member
  • ****
  • Posts: 228
Re: Avast has to improve the ransomware shield.
« Reply #12 on: May 05, 2022, 10:01:37 PM »
Thank you and good day!
Nunzio
----------------------------
Avast Free, Windows 10 Pro-32 Bit, Intel Core2 Duo CPU T7500, RAM 4 Gb, HD 160 Gb, ATI Mobile Radeon HD 2400

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 47549
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast has to improve the ransomware shield.
« Reply #13 on: May 05, 2022, 10:05:40 PM »
Look at this test:

https://www.youtube.com/watch?v=g8pVaKOOAc8
Why not be guided and accept the tests performed by reputable and accredited testing sites?
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 22.5, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://

Offline Nunzio77

  • Sr. Member
  • ****
  • Posts: 228
Re: Avast has to improve the ransomware shield.
« Reply #14 on: May 06, 2022, 09:57:08 AM »
But if there is a zero day attack in which a malware is not recognized by file protection, are the other shields able to protect the PC and data? 
After this video I have some doubts ...
Does the ransoware shield protect the inserted folders in case of a zero-day attack?
Thank you and good day!
Nunzio
----------------------------
Avast Free, Windows 10 Pro-32 Bit, Intel Core2 Duo CPU T7500, RAM 4 Gb, HD 160 Gb, ATI Mobile Radeon HD 2400