MRG Flash Tests 2011

So the screen was still locked after reboot?
Ah, I see that DW has a conditional pass now. I take it that everything was fine after a reboot?

 

1. The Desktop locks up because of "topmost" window, but Win-Alt-A is working as it should, terminating malicious process.
2. After reboot, everything's working normal way.

In fact, I made some changes for 3.10 version, not to allow to apply the "topmost" style for untrusted windows, but will check out how it's compatible with games running untrusted.

 

New Flash Test, VIPRE remains perfect for 2011. Bluepoint fails.
http://malwareresearchgroup.com/2011/02/mrg-flash-test-2102011/

 

Is this the first flash test that BluePoint failed? Maybe TDSS has a new execution method that BP's default deny doesn't cover.

 

They passed the previous nine tests

 

Good to see EAM back on track

 

Yes it is.

 

So is Immunet protect..

 

Prevx is always there saying Passed!

TH

 

Indeed, and a couple of other products.

 

http://malwareresearchgroup.com/2011/02/mrg-flash-test-2172011/

 

MBAM isn't a full-blown a-v but still does a great job with zero-day.

How is that?

I thought they focused on getting rid of known nasty malware, yet it seems they can also do zero-day.

 

Research and tech is targeted towards anything that AVs do not do well against, this test actually favors both our tech and research.

 

There has been one two days before which hasn't been mentioned is this thread:
http://malwareresearchgroup.com/2011/02/mrg-flash-test-2152011/

All the links posted here only show the specific flash test, they are all posted here too, without all the news articles for a good overview and it's easier to notice new ones:
http://malwareresearchgroup.com/category/malwareproducttesting/

 

MBAM is also a very good cleaner

 

According to the MRG forum, they're using MBAM Full (pro, paid, whatever) with Protection enabled. They don't say whether the Pass is a result of an IP block or a detection. Either way, the performance of MBAM Full is spectacular. It must be specifically recognized though that the free MBAM has no relevance whatsoever within the context of these MRG tests.

 

BluePoint failed again.
http://malwareresearchgroup.com/2011/02/mrg-flash-test-2192011/

 

Really strange, I wonder what they actually tested; whether it was an exe dropper or a sys driver. All recent TDSS rootkits were detected by ESET which cannot be said about some other AVs that allegedly detected it in the "test". Any chance of getting the appropriate MD5 for verification?

 

In the final report of MRG Flash tests 2010, they said that IP blocking wasn't used, so it's all detection.

I think MRG sends the samples tested to security vendors if they request them, you can contact them here:
http://malwareresearchgroup.com/contact-us/

 

New test today (2/21/11) with Emsisoft and Zemana failing. VIPRE doing very well this year. http://malwareresearchgroup.com/2011/02/mrg-flash-test-2212011/

 

True. But since they haven't revealed their current methodology my observation, "They don't say..." can be held as accurate at this point in time as your conclusion (as logical as it might be) that IP blocking isn't in actual use is mere speculation.

They really scatter their stuff on that MRG site and I can't find where it is when explaining the gap in testing from Dec 9 to Jan 27 that significant changes were being made (they may have even posted it up here). There's a Jan 27 posting in their forum, "Methodology and additional information will be available later today." I'm burned out from navigating their site; if anyone can find that data, post up a link.

 

I made a preliminary summary for the 2011 test, but it's only 14 tests so far.

EDIT:Latest test just posted by Thankful is not included in my summary.
EDIT2: Posted as image, layout was screwed up..

 

As a long-time Zemana user, I'm disappointed by AntiLogger's occasional failure but I'd be a fool to expect it to be perfect. I'll have to be satisfied with "almost perfect."

But I can't help but wonder if my settings overriding the defaults would result in a Passed in this series of MRG Flash tests. I disable "Let it run but block..." and "Block an app...but don't terminate it" and "Use the Internet to check...signature info" and "Use ZWLST" while setting "Ask for confirmation" for all. I think that's much tighter than default but definitely too restrictive and chatty for the mass market.

 

First post

 

Why did Prevx pass only partially today? And were the two samples Zemana failed digitally signed?