Tested Avast Free 8 RC2 with the same links as CIS.
Enabled PUP for all the shields.
Checked cloud was connected
Of all the links I was able to download & save 17, rest links were blocked by the shields & I got FileRep popup for 3 links for which I chose recommended action i.e abort connection.
Executed 17 malware that were saved. 3 were quarantined by FileShield as Evo-Gen detection & for 3 malware autosandbox appeared but didn’t find anything malicious so I clicked on continue execution. Rest executed without detection.
After system restart there were 2 entries in msconfig-startup, regcleanpro & shup.
KillSwitch showed 1 as unknown, it was something browserupdater
QuickRepair didn’t showed any prob
AutoRun showed 7 entries as unknown & 1 entry as heur malware
In CIS case add/remove programs showed 3 new programs & in Avast case add/remove programs showed 8 new programs.
HitmanPro found 6 malware.
Attached are the screenshots of HitmanPro (malware), rest were the same as in the screenshots for CIS i.e babylon, clara & funmoods so I didn’t attached the screenshots of them.
I also tested BitDefender Free AV but I only tested with 20 links as it gave slowdowns.
18 links were blocked by the web protection so I disabled the AV & downloaded all the 20 malware & executed them. It detected 15 & 2 process was detected by active control & 3 executed without detection.
I was getting the detection notification very late after executing i.e app 30 secs - 1 min & sometime even more.
No active malware. HimanPro found nothing.
But there was an entry in msconfig-startup, something desktop.ini, after system restart a window related to this was opening with some gibberish words in it.
By the way, whats the minimum & recommended system requirements for this free AV?
This system have 512 MB RAM
Interesting
For the CIS(with default settings) test, I noted there are rubbish remain in the system though the malware files are inactive. Hence, I am current running BB in Fully Virtualized mode, hoping that all those rubbish could be gone after a sandbox reset.
I would appreciate it if you can perform the test using Fully Virtualized mode and try if there are any rubbish left after sandbox reset. ;D
The trusted application can not be blocked for connecting to the internet.
(The firewall will not popup alerts for trusted applications in safe mode)
For example, a malware executes an iexplore.exe and the iexplore.exe connects to the internet.
Comodo firewall (in safe mode) will not block it if the malware is sandboxed as fully virtualized.