MRG Effitas Exploit And Post-Exploit Protection Test - May 2018

Discussion in 'other anti-virus software' started by itman, May 29, 2018.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    Testing was performed on both Win 7 and 10 using IE11, Firefox 31.0, and MS Office.

    Windows Defender AV was tested stand-alone - it scored second from last place. It was additionally tested with custom Windows Defender Exploit Protection app settings for the browsers and MS Office applied in which it scored in fourth place. The custom WDEG settings used are listed in section 10.1.4.

    https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG_Exploit_Protection.pdf
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    And the bets are open to understand which one is the product that wanted to be anonymous, my guess is Kaspersky :argh:
     
  3. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    I doubt it, my guess is Malwarebytes Endpoint Security.

    Kaspersky always do great on MRG Effitas (everywhere to be precise).

    https://www.mrg-effitas.com/wp-content/uploads/2014/03/MRG-Effitas-Real-World-Enterprise-Security-Exploit-Prevention-Test-February-2014.pdf
     
    Last edited by a moderator: May 29, 2018
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,591
    Location:
    U.S.A.
    I guess it should also be noted that this was a Sophos sponsored test if anyone hasn't figured that out yet. Hence, the lack of "big-name" AV endpoint products. Looking at the individual tests, many look strikingly similar to those in the HMP-A test tool. I know my AV would have performed poorly against them with "out-of-the-box" default settings. Also my AV would require custom HIPS rules established which I presently use to block the HMP-A test tool exploits. This differs from the modified settings MRG deployed for the tested products which are in the form of enable/disable optional settings.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I think you may be right, because Malwarebytes always performs badly in these kind of tests, they are probably tired of getting hammered. I really hope they will improve. However, it should have shined in this test since it has integrated MBAE. Same goes for Win Def Exploit Guard which is based on EMET.

    The lack of big name AV's is probably because most of them are not designed to block exploitation techniques. That's why Win Def shouldn't have been included. It's obvious that Sophos/HMPA monitors the most exploitation techniques, but other tools might still be able to block/detect malicious activities from malware that's running in memory. What surprised me is that Sophos missed the "detection of financial malware", makes me think just how good this protection in HMPA truly is?
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    BTW, I just read a report and turns out that Malwarebytes is bigger than I thought in the enterprise security market. I would suggest to them to buy a company like enSilo or Endgame. This will give them the tech to finally perform well in AV testing, and of course I hope they will integrate some of this tech (machine learning/behavior blocking) into consumer versions.
     
  7. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Malwarebytes has already done that to some extent:

    https://www.zdnet.com/article/malwarebytes-acquires-italian-security-firm-saferbytes/
    https://blog.malwarebytes.com/secur...d-machine-learning-will-impact-cybersecurity/
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Second article is interesting, thanks. But clearly, current acquisitions didn't pay off, because in the last few years they always came up in last place in both consumer and corporate AV testing. It's best if they takeover another company, if they have the cash.

    https://www.nsslabs.com/group-test/advanced-endpoint-protection-aep/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.