Tuesday, October 10, 2017

Less than 50% detections

Today's ransomeware score... six missed (one detected stuff, but the malware encrypted the drive anyway, so that's a miss), five blocked, but with sigs... none with behavior detections.

Today's md5 is c50b81f99269bd05299df41dee8844da.

F-Secure is added to the test.

Missed were Webroot, Windows Defender, Panda, Avira, Trend.

Eset detected stuff, and removed what it saw, but the malware got away, so it's a miss.

Kaspersky, Sophos, Symantec and F-Secure blocked it with a sig.

Avast blocked it, but also blocked my software, so that's a false positive. False positives are anathema in a corporate environment, otherwise we could all use Solly's Perfect.bat, which never misses anything...

(Perfect.bat is "Echo %1 is malware"... never misses anything bad, but has a few false positives. This can be fixed, as well, which we can talk about later)

Guys... the malicious behavior with ransomware is obvious. We shouldn't be missing any of these. Please step up. I know we can do it.

Stay tuned.

No comments: