New ATMSO Test

Discussion in 'other anti-virus software' started by itman, May 16, 2016.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  2. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,101
    @ itman,
    Thanks for the heads up. :thumb:
     
  3. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    787
    Location:
    UK
    I get the feeling AMTSO is commercially driven, as new vendors like zemana correctly dont real time scan archives, its no point until its extracted and tries to execute. Not to mention AMTSO is the same company that I tried to contact over the cloud stuff multiple times with no response :(

    Just seems to be a way for anti malware vendors to plaster their logos on there.
     
  4. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    @chrcoluk, Are you positive that what is being tested are file downloads?
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Webroot SecureAnywhere detected them but only 2 on download and after a scan of my download folder. As we all know WSA doesn't worry about non-active malware and it did detect the 2 .exe files during download. Also Webroot is a Member and they are not listed on that page, I wonder why? Could it be money to be on that page...... http://www.amtso.org/members/

    [B ] c:\users\daniel\downloads\eicar.exe [MD5: 132D70CE3EB91D4CA6AAD1B5675C9C0A] [Flags: 00080000.9855] [Threat: W32.Virus.Gen]
    [B ] c:\users\daniel\downloads\eicar_zip.exe [MD5: F4DBD4D57B0AAA2A7E67F7A891E3B2BD] [Flags: 00080000.9856] [Threat: W32.Virus.Gen]
    [B ] c:\users\daniel\downloads\eicar.jar/eicar.com [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00080200.9858] [Threat: W32.Eicar.Testvirus.Gen]

    And these all have the same MD5 Hash?

    [B ] c:\users\daniel\downloads\eicar.rar/eicar.com [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00080200.9858] [Threat: W32.Eicar.Testvirus.Gen]
    [B ] c:\users\daniel\downloads\eicar.zip/eicar.com [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00080200.9858] [Threat: W32.Eicar.Testvirus.Gen]
    [B ] c:\users\daniel\downloads\eicar.7z/eicar.com [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00080200.9858] [Threat: W32.Eicar.Testvirus.Gen]
    [B ] c:\users\daniel\downloads\eicar.cab/eicar.com [MD5: 44D88612FEA8A8F36DE82E1278ABB02F] [Flags: 00080200.9858] [Threat: W32.Eicar.Testvirus.Gen]

    Mon 2016-05-16 18:08:51.0079 Infection detected: c:\users\daniel\appdata\local\temp\7o5fans_.exe.part [MD5: 132D70CE3EB91D4CA6AAD1B5675C9C0A] [3/00080000] [W32.Virus.Gen]
    Mon 2016-05-16 18:08:51.0079 Infection found in realtime: c:\users\daniel\appdata\local\temp\7o5fans_.exe.part [MD5: 132D70CE3EB91D4CA6AAD1B5675C9C0A, Size: 99469 bytes] [524288/00000003] [W32.Virus.Gen]
    Mon 2016-05-16 18:08:51.0356 End passive write scan (1 file(s))
    Mon 2016-05-16 18:08:52.0734 Begin passive write scan (1 file(s))
    Mon 2016-05-16 18:08:53.0347 Infection detected: c:\users\daniel\downloads\eicar.exe [MD5: 132D70CE3EB91D4CA6AAD1B5675C9C0A] [3/00080000] [W32.Virus.Gen]
    Mon 2016-05-16 18:08:53.0347 Infection found in realtime: c:\users\daniel\downloads\eicar.exe [MD5: 132D70CE3EB91D4CA6AAD1B5675C9C0A, Size: 99469 bytes] [524288/00000003] [W32.Virus.Gen]
    Mon 2016-05-16 18:08:53.0559 End passive write scan (1 file(s))
    Mon 2016-05-16 18:08:55.0736 Begin passive write scan (1 file(s))
    Mon 2016-05-16 18:08:56.0472 Infection detected: c:\users\daniel\appdata\local\temp\u9eebje7.exe.part [MD5: F4DBD4D57B0AAA2A7E67F7A891E3B2BD] [3/00080000] [W32.Virus.Gen]
    Mon 2016-05-16 18:08:56.0472 Infection found in realtime: c:\users\daniel\appdata\local\temp\u9eebje7.exe.part [MD5: F4DBD4D57B0AAA2A7E67F7A891E3B2BD, Size: 79580 bytes] [524288/00000003] [W32.Virus.Gen]
    Mon 2016-05-16 18:08:56.0757 End passive write scan (1 file(s))
    Mon 2016-05-16 18:08:58.0739 Begin passive write scan (1 file(s))
    Mon 2016-05-16 18:08:59.0332 Infection detected: c:\users\daniel\downloads\eicar_zip.exe [MD5: F4DBD4D57B0AAA2A7E67F7A891E3B2BD] [3/00080000] [W32.Virus.Gen]
    Mon 2016-05-16 18:08:59.0332 Infection found in realtime: c:\users\daniel\downloads\eicar_zip.exe [MD5: F4DBD4D57B0AAA2A7E67F7A891E3B2BD, Size: 79580 bytes] [524288/00000003] [W32.Virus.Gen]

    2016-05-16_18-11-32.png

    Daniel
     
    Last edited: May 16, 2016
  6. login123

    login123 Registered Member

    Joined:
    Jul 12, 2007
    Posts:
    101
    Here on win xp Avast free stopped them all before download except the last one, the "the ZIP-SFX Format" file.
    It warned about it but still permitted the download.
    Avast did not detect malware when the file was scanned after download.
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Eset detected all of them. All were detected prior to actual download and the browser connection to the web site terminated except for:

    RAR-SFX
    ZIP-SFX

    For those two, an entry was created in the download folder but size was 0 indicating nothing was actually downloaded. The browser connection to the web site was not disconnected.

    Note: Per AMTSO if the file downloaded successfully, the AV failed the test:

    If you are able to download the compressed EICAR-Testfile successfully, your Anti-Malware solution is NOT configured correctly or does not conform with industry best practice.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,901
    Location:
    Australia
    Norton isn't in the list at the bottom of that page so I won't try. I'm pretty sure Norton would allow the download but may detect the files during a Full System Scan. Zipped files aren't a threat until they are extracted anyway though, are they?
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,901
    Location:
    Australia
  11. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,076
    Qihoo 360 detected all on download except the ACE compressed file.
     
  12. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    An observation. It would appear those four vendors support the scanning of compressed files in real-time. However, AMTSO says:
    Clicking on any of the listed vendors does not take you to instructions but to product pages. Intentional? Possibly.
     
  13. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    The same on Chrome the downloads were blocked but with Firefox it doesn't open another window to download.

    2016-05-16_20-21-44.png
     
  14. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
  15. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    787
    Location:
    UK
    yeah thats a problem on the other cloud test as well, probably intentional.
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    2,284
    This website is not allowed.
    amtso.security-features-check.com
    Reason for the lock:
    This website may harm your computer and your personal information. (Norton DNS)
    ---------------------------------------------
    by-pass Norton DNS, ...downloads quarantined by Norton Security on launch
     
  17. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,101
  18. Banzi

    Banzi Registered Member

    Joined:
    Oct 21, 2013
    Posts:
    368
    Location:
    Scotland
    Bitdefender web filter detects them all & you can only download them if you click I under the risks take me there anyway link at the bottom of the warning.
     
  19. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,101
    Avira is one of the participants.......... but files are detected from Web Protection (Avira paid) or ABS and not from the real time protection (on-access System Scanner)*

    =>
    https://www.wilderssecurity.com/threads/avira.345492/page-168#post-2588565
    =>
    The file is downloaded!!!! :argh:

    ------------------
    * With default configuration
     

    Attached Files:

    Last edited: May 17, 2016
  20. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Uninstalling previous solution and moving on to on-access compressed file scanning AV for superior protection.
     
  21. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    4,101
    Say it to Avira.

    Average users just leave the default configuration as is.
     
    Last edited: May 17, 2016
  22. StillBorn

    StillBorn Registered Member

    Joined:
    Nov 19, 2014
    Posts:
    162
    @FleischmannTV Does Avira have anything to do with you previous post (#20)? @anon seems to think so. Could you also be enticed into elucidating on what the "before" and "after" security set-up would be?
     
  23. Influenza

    Influenza Registered Member

    Joined:
    May 7, 2016
    Posts:
    28
    Hi
    AMTSO tested with Emsisoft Internet Security.
    Downloading files is possible.:'(
    All files are detected when scanning.
     
  24. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    @StillBorn

    It was just pure sarcasm on my part and we can already see people being agitated and probably even considering switching security products because of this long since needed test. My sarcasm was supposed to reflect this.

    Then I guess it's time to switch security products. Emsisoft clearly cannot protect you. On-Access archive scanning in combination with SSL MITM is the core of next generation AV technologies. Before you switch, please also make sure to choose a product which emulates hostile code in the kernel, in order to complete the wholy trinity of AV.
     
  25. Martin_C

    Martin_C Registered Member

    Joined:
    Dec 4, 2014
    Posts:
    220
    Another dramatic day at Wilders ??

    Testing here with latest and fully updated Windows 10, protected by Windows Defender, browsing with Edge.

    All 12 blocked.

    Once again we can see that Microsoft has built an OS perfectly capable of protecting itself.

    That's the beauty of Windows 10. No need to worry about anything.
     
Loading...