AMTSO has a new test that will check your AV's ability to detect malware in various types of compressed file downloads. Currently only Avira, Eset, G Data, and Kaspersky are participants. http://www.amtso.org/feature-settings-check-download-of-compressed-malware/
I get the feeling AMTSO is commercially driven, as new vendors like zemana correctly dont real time scan archives, its no point until its extracted and tries to execute. Not to mention AMTSO is the same company that I tried to contact over the cloud stuff multiple times with no response Just seems to be a way for anti malware vendors to plaster their logos on there.
Webroot SecureAnywhere detected them but only 2 on download and after a scan of my download folder. As we all know WSA doesn't worry about non-active malware and it did detect the 2 .exe files during download. Also Webroot is a Member and they are not listed on that page, I wonder why? Could it be money to be on that page...... http://www.amtso.org/members/ [B ] c:\users\daniel\downloads\eicar.exe [MD5: 132D70CE3EB91D4CA6AAD1B5675C9C0A] [Flags: 00080000.9855] [Threat: W32.Virus.Gen] [B ] c:\users\daniel\downloads\eicar_zip.exe [MD5: F4DBD4D57B0AAA2A7E67F7A891E3B2BD] [Flags: 00080000.9856] [Threat: W32.Virus.Gen] [B ] c:\users\daniel\downloads\eicar.jar/eicar.com [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00080200.9858] [Threat: W32.Eicar.Testvirus.Gen] And these all have the same MD5 Hash? [B ] c:\users\daniel\downloads\eicar.rar/eicar.com [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00080200.9858] [Threat: W32.Eicar.Testvirus.Gen] [B ] c:\users\daniel\downloads\eicar.zip/eicar.com [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00080200.9858] [Threat: W32.Eicar.Testvirus.Gen] [B ] c:\users\daniel\downloads\eicar.7z/eicar.com [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00080200.9858] [Threat: W32.Eicar.Testvirus.Gen] [B ] c:\users\daniel\downloads\eicar.cab/eicar.com [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00080200.9858] [Threat: W32.Eicar.Testvirus.Gen] Mon 2016-05-16 18:08:51.0079 Infection detected: c:\users\daniel\appdata\local\temp\7o5fans_.exe.part [MD5: 132D70CE3EB91D4CA6AAD1B5675C9C0A] [3/00080000] [W32.Virus.Gen] Mon 2016-05-16 18:08:51.0079 Infection found in realtime: c:\users\daniel\appdata\local\temp\7o5fans_.exe.part [MD5: 132D70CE3EB91D4CA6AAD1B5675C9C0A, Size: 99469 bytes] [524288/00000003] [W32.Virus.Gen] Mon 2016-05-16 18:08:51.0356 End passive write scan (1 file(s)) Mon 2016-05-16 18:08:52.0734 Begin passive write scan (1 file(s)) Mon 2016-05-16 18:08:53.0347 Infection detected: c:\users\daniel\downloads\eicar.exe [MD5: 132D70CE3EB91D4CA6AAD1B5675C9C0A] [3/00080000] [W32.Virus.Gen] Mon 2016-05-16 18:08:53.0347 Infection found in realtime: c:\users\daniel\downloads\eicar.exe [MD5: 132D70CE3EB91D4CA6AAD1B5675C9C0A, Size: 99469 bytes] [524288/00000003] [W32.Virus.Gen] Mon 2016-05-16 18:08:53.0559 End passive write scan (1 file(s)) Mon 2016-05-16 18:08:55.0736 Begin passive write scan (1 file(s)) Mon 2016-05-16 18:08:56.0472 Infection detected: c:\users\daniel\appdata\local\temp\u9eebje7.exe.part [MD5: F4DBD4D57B0AAA2A7E67F7A891E3B2BD] [3/00080000] [W32.Virus.Gen] Mon 2016-05-16 18:08:56.0472 Infection found in realtime: c:\users\daniel\appdata\local\temp\u9eebje7.exe.part [MD5: F4DBD4D57B0AAA2A7E67F7A891E3B2BD, Size: 79580 bytes] [524288/00000003] [W32.Virus.Gen] Mon 2016-05-16 18:08:56.0757 End passive write scan (1 file(s)) Mon 2016-05-16 18:08:58.0739 Begin passive write scan (1 file(s)) Mon 2016-05-16 18:08:59.0332 Infection detected: c:\users\daniel\downloads\eicar_zip.exe [MD5: F4DBD4D57B0AAA2A7E67F7A891E3B2BD] [3/00080000] [W32.Virus.Gen] Mon 2016-05-16 18:08:59.0332 Infection found in realtime: c:\users\daniel\downloads\eicar_zip.exe [MD5: F4DBD4D57B0AAA2A7E67F7A891E3B2BD, Size: 79580 bytes] [524288/00000003] [W32.Virus.Gen] Daniel
Here on win xp Avast free stopped them all before download except the last one, the "the ZIP-SFX Format" file. It warned about it but still permitted the download. Avast did not detect malware when the file was scanned after download.
Eset detected all of them. All were detected prior to actual download and the browser connection to the web site terminated except for: RAR-SFX ZIP-SFX For those two, an entry was created in the download folder but size was 0 indicating nothing was actually downloaded. The browser connection to the web site was not disconnected. Note: Per AMTSO if the file downloaded successfully, the AV failed the test: If you are able to download the compressed EICAR-Testfile successfully, your Anti-Malware solution is NOT configured correctly or does not conform with industry best practice.
Norton isn't in the list at the bottom of that page so I won't try. I'm pretty sure Norton would allow the download but may detect the files during a Full System Scan. Zipped files aren't a threat until they are extracted anyway though, are they?
An observation. It would appear those four vendors support the scanning of compressed files in real-time. However, AMTSO says: Clicking on any of the listed vendors does not take you to instructions but to product pages. Intentional? Possibly.
The same on Chrome the downloads were blocked but with Firefox it doesn't open another window to download.
This website is not allowed. amtso.security-features-check.com Reason for the lock: This website may harm your computer and your personal information. (Norton DNS) --------------------------------------------- by-pass Norton DNS, ...downloads quarantined by Norton Security on launch
Bitdefender web filter detects them all & you can only download them if you click I under the risks take me there anyway link at the bottom of the warning.
Avira is one of the participants.......... but files are detected from Web Protection (Avira paid) or ABS and not from the real time protection (on-access System Scanner)* => https://www.wilderssecurity.com/threads/avira.345492/page-168#post-2588565 => The file is downloaded!!!! ------------------ * With default configuration
Uninstalling previous solution and moving on to on-access compressed file scanning AV for superior protection.
@FleischmannTV Does Avira have anything to do with you previous post (#20)? @anon seems to think so. Could you also be enticed into elucidating on what the "before" and "after" security set-up would be?
Hi AMTSO tested with Emsisoft Internet Security. Downloading files is possible. All files are detected when scanning.
@StillBorn It was just pure sarcasm on my part and we can already see people being agitated and probably even considering switching security products because of this long since needed test. My sarcasm was supposed to reflect this. Then I guess it's time to switch security products. Emsisoft clearly cannot protect you. On-Access archive scanning in combination with SSL MITM is the core of next generation AV technologies. Before you switch, please also make sure to choose a product which emulates hostile code in the kernel, in order to complete the wholy trinity of AV.
Another dramatic day at Wilders ?? Testing here with latest and fully updated Windows 10, protected by Windows Defender, browsing with Edge. All 12 blocked. Once again we can see that Microsoft has built an OS perfectly capable of protecting itself. That's the beauty of Windows 10. No need to worry about anything.
