Hi everyone! How I can check that an av has real memory scanner that for example DrWeb has but not Kaspersky according to illukka?

"The truth is out there, but it hurts!"

Best regards,
Firefighter!

LOL!

I doub't that you can test it without memory - isn't it ?
What a question.... What does EXIST IN THE MEMORY ?
Right.... Processes and programs. So put up your five fingers and count down and you know how you can test it.

There is (as far I am aware) no safe test for memory scanning like the EICAR file. You can might take TrojanSimulator from Magnus Mischel and try to make it "undetectable" (don't want to go into details here). But if I am not totally wrong most av's don't support detection for TrojanSimulator at the moment.

wizard

FYI...Firefighter,
- Something that might be helpful; apparently, these guys have developed testing methods for it, but I don't know that they would want to release those methods into the public domain. They list Kapersky, but not Dr. Web (see link below):

http://www.hackfix.org/

http://www.hackfix.org/miscfix/icons-av-all.shtml

-

someone explained kasperskys memory scanning to me(probably you michael..). it seems that kaspersky scanner,when the option is enabled, dumps the memory contents to a temp file and then scans the contents of it.this happens first when you laucn a scan, but it is not a real memory scanner IMO.. like for example boclean or TH,which have a continuous real time memory scan.. tds does scan memory contents in real time when you launch tds, if you have process memory scan and/or memory mutex scan enabled, but again it is not continuous..
drweb has a real time memory scan, or so i'm told, and jdong posted @dslreports about avast! having memory scanning capabilities on nt-based systems
hmm maybe i'll have to give drweb another try.. a hacker friend of mine highly praises it.. he ought to know his stuff, he says it is usually hardest to make trojans undetected by drweb..
can someone enlighten me?