360 Degree Assessment & Certification Q4 2018

Discussion in 'other anti-virus software' started by itman, Feb 1, 2019.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,540
    Location:
    U.S.A.
    https://www.mrg-effitas.com/wp-content/uploads/2019/02/MRG_Effitas-2018Q4-360.pdf

    All products tested were business AV versions except for Windows Defender. All tested products were certified at Level 1.

    Of note, PUA/Adware, Exploit/Fileless, False positive and Performance tests are not part of the certification. So if these categories are of interest, those report sections need to be reviewed in detail.
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,763
    Location:
    The Netherlands
    Would like to know why Win Defender performed so poorly in the Exploit/Fileless test.
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,540
    Location:
    U.S.A.
    WD doesn't have an IDS. AV's like Eset and Kaspersky for example identify exploits using CVE designation data. The exploits used in the test were quite old; 2014 and older. Also the exploits were not OS but app related ones.

    Suspect the exploits WD missed were non-IE11 related; e.g. Adobe Reader. If you go to the wicar.org web site and perform the exploit tests there which are all browser based, IE11 SmartScreen detects them all. In other words, the web sites are blacklisted in SmartScreen.

    -EDIT- Also to my best knowledge, WD does not employ advanced memory scanning whereas WD ATP does as noted in this Microsoft article: https://cloudblogs.microsoft.com/mi...ith-behavior-monitoring-amsi-and-next-gen-av/ . Of note is a large part of this article is dedicated to WD detection of script based malware via Win 10 AMSI interface; something all the major AV vendors also employ. However, these AV vendors also have advanced memory scanning capability to detect w/o AMSI methods. Finally, AMS has its limitations in that it can only detect malware in memory for which it has existing code or behavior signatures.
     
    Last edited: Feb 3, 2019
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,465
    Location:
    Hawaii
    VERY interesting. Some areas of testing that are totally new to me. Thanks for posting this, itman!
     
  5. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,105
    Why Windows 7? How about Windows Defender?
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,540
    Location:
    U.S.A.
    It was a test for corp. AV solutions. Many businesses still using Win 7.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.