Leaving out the long story, I installed PirateMatryoshka into a sandbox yesterday out of ignorance and curiosity, which WFC blocked irsetup.exe, but I let through. It asked for a Piratebay login which I didn't have and I closed it. I ran Malwarebytes through the sandbox and it missed zernvo.exe. https://www.virustotal.com/gui/file/95d45e83d2328d280dea2f9f56aac67579b4c150a4ad5a5226160d50cc0b5dad/detection I'm kind of disappointed it missed it and anything else malignant that was installed. When I have time I will browse the sandbox to see if anything else was done and missed.
But look at the other vendors that missed it also. That's why it's always important to have a few 2nd opinion scanners on hand. No 1 program is perfect.
I don't blame you for being disappointed. Why not let a tiger loose in your sandbox -- namely, Norton Power Eraser (NPE)? NPE is free & it's one of THE most aggressive scanners around.
where there's user interaction, there's always room for failure. that's why user dependent security sw is unreliable (hips, bb, anti-exe etc.), unless the user knows what they're doing.
To be fair only 3 major engines detected this threat with signatures at the time (4 if you count Dr Web); Avast/AVG, Kaspersky and Microsoft. Ps: ZoneAlarm is using Kaspersky SDK. Ps2: Now that Kaspersky and Microsoft are detecting, expect a huge increase in detection (copycats adding a definition automatically).
Whenever I would drop a wild tiger malware or ransomware from the zoo into my box it first is within SandboxIE while in ShadowMode with SD. Always useful to like mentioned and suggested, keep a tiger by the tail and use some secondary scanners to examine the specimen more than a few times. There's some cleverly crafted wiles out there that can wiggle their was through nearly anything.
Old laptop, needed a program at work. Nothing escapes Sandboxie, other things in the box and was hoping MB would clean it.
"SDK" ... huh? Do you know whether ZA is only using Kaspersky's sigs, or does ZA use Kaspersky's HIPS as well?
I think ZA uses in-house technology for HIPS and Firewall along with Kaspersky's antivirus engine + cloud + anti-phishing feeds.