I was on the AV-Test web site yesterday and noticed this. Don't believe a previous thread has been poste d on it. Put to the test for 12 months: This is how well security packages and special tools help after an attack https://www.av-test.org/en/news/new...-packages-and-special-tools-help-after-an-at/
Look at how bad the Microsoft Malicious Software Removal tool (or shall I say, ignore tool) does in the above image.... That's why I disabled it from ever being installed.......to do this.....save this as a TXT file and rename the extension to.reg then merge it with your registry: Disable Microsoft Malicious Software Removal Tool Code: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT] "DontOfferThroughWUAU"=dword:00000001
BTW where is the pdf file to download to view the test results? The pictures on the screen in the link are too small to see Thanks
Kaspersky leading the pack again I wonder how Emsisoft Emergency Kit would perform. Since it's using BD definitions it's detection could be similar but I wonder if cleaning capabilities are similar also. MSRT cleans only specific malware families so IMO it would be better to test their Safety scanner to get more realistic results. Personally I wouldn't use cleaning tools to restore my system, but they are useful when cleaning up other people's computers.
They also didn't test Eset which has both a cloud scanner and a bootable cleaner solution. Doesn't work anymore on Win 10.
Well I looked at the PDF, and it just confirms my own feeling that these test are a waste. After announcing their findings, at the bottom of the page they said this didn't apply to ransomware, and the only sure protection was backups. Well if you are taking their advice and doing backups, then the rest of the tests are irrelevant.
If you think about, why would they? These are post-infection mitigations. Most if all ransomware removes itself after the encryption process.
Yes, they clearly used the wrong tool. MSRT are as you say, targeting specific malicious families only. This is not correct. On Windows 10 a user will use Windows Defender Offline which has been built into the OS since Windows 10 1607 (Anniversary Update) was released. Official info : https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-defender-offline
Windows Defender Offline might be superior, but Safety Scanner works just fine on 10, but I prefer KRT and EEK anyway.
I also use EEK. One question about KRT - is it portable? Does it store all data (including signature files) in folder from which it is run or does it store some of it's data on system partition also?
In unpacks to the user's temp folder and it creates a report folder on C, the report can not be read outside of KRT though.
WD uses the same signatures as MSE, so the results should be the same. WD is supposed to have some enhanced protection, but it usually scores around 90% as well, so not much to say. https://support.microsoft.com/en-us/help/14210/security-essentials-download
There are 2 tests, one for security suites and another one for removal tools, but Kaspersky did OK even as a suite, it just left one harmless leftover, otherwise it would get 100%.