HIPS test question

Discussion in 'other anti-malware software' started by nosirrah, Aug 11, 2009.

Thread Status:
Not open for further replies.
  1. nosirrah

    nosirrah Malware Fighter

    Aug 25, 2006
    Cummington MA USA
    In testing malware it is obvious that step one is frequently to unhook/kill as much security as possible .

    Has there ever been a test where the first execution is allowed (mimicking user error) and then denying all following executions/modifications ?
  2. Joeythedude

    Joeythedude Registered Member

    Apr 19, 2007
    I think in general this is the way matt on remove-malware tests.

    He agrees to whatever prompt is initally shown , and then whatever app he would be testing would( hopefully) block the malware.

    I remember seeing it work with Geswall.

    I don't know if he ever tested a full hips though.
  3. Pedro

    Pedro Registered Member

    Nov 2, 2006
  4. erreale

    erreale Registered Member

    May 2, 2004
    I 've done two test with Comodo. In the first (link) I used DNSChanger: Defense + naturally detects immediately the trojan, but I give all the permissons to run that Comodo asks to me subsequently, to verify what Defense+ can check and recognize if I give the permissions to DNSChanger, and which malicious behaviours it allows. As you can see in the video, every attemp to get access to the SCM, to the drivers or to the Registry and file writing is denied.

    The same test I did with Seneka : (link) I used the same procedure giving successively the requested permissions to Defense+, but it alike bloks Seneka denying to it the possibility to do some malicious action.
    Last edited: Aug 13, 2009
Thread Status:
Not open for further replies.