One of my malware laptops, maybe the one that i downloaded from Malwarebazaar, which was not detected. G Data: No signature detection, but after running the sample, G Data File Cloud: Verdict:Malware, then it rolled back all the modifications made. Good work by G Data BEAST, sort of. But while it's does cloud lookup and verdict, it does not prevent OUTSIDE connection. So the game is lost, too late. Emsisoft: Signature fail, no BB detections OS Armor: Suspicious Process Blocked Malwarebytes: No detection at all Oh well...
To clarify, are you talking about the infostealers that were mentioned in the article? But thanks for the info, I assume you test this stuff in a virtual machine?
@Rasheed187 No WM, pure windows 11 installed on lousy dual core laptop connected to prepaid mobile network. Many malwares are "VM aware", so they do not work, that is why, when testing, i prefer real env to how the malware performs. I'm also using Netlimiter "Blocker" as a firewall, because it can stop/pause, uses it's own kernel mode fw driver, so when malware try to disable or add its own outgoing rules to windows own firewall, they are useless, because king of the hill is Netlimiter Blocker.
OK I see, totally forgot about malware that can evade VM's. And yes, I saw your comments about NetLimiter in the other thread, but I do believe that tools like TinyWall should perform the same, you might want to check this out.
This thread shows why I ONLY conduct internet workspace using VM's. My host stays clean and a two second snapshot restore keeps things running clean and smooth. Nothing is perfect but even my VM's have counter measures running inside. 100% Linux only. Still these articles are a great read.
Now testing Emsisoft Anti-Malware Home. It's using BD sigs, like some other AV vendors does. While testin it against some fresh samples, especially signed variants of DCrat and Remcos Rat. No Bitdefender signature detection. G Data failed miserably(G Data Deepray and BEAST) and Sophos Home Premium(via hmpa.alert component) stopped the "final stage", but failed to remove actual malware, every reboot it does "attack intercepted". Emsisoft does not detect it by its sigs, but prevented the first stage(infostealer sending sh*t) , "Hidden Downloader". Quite nice for Emsisoft BB(for this case). And we all know, that if your favorite AV does not detect malware sample in VT results, it does no mean that the malware slips thru. In this case, the winner is: 1) Emsisoft, first stage block, no information sent to an attacker 2) Sophos Home, information sent(autorun .js script added for "persistence") 3) G Data (not much to say, autorun .js added, connectin outside without any notice)
