CIS: two tests

Tested Avast Free 8 RC2 with the same links as CIS.
Enabled PUP for all the shields.
Checked cloud was connected

Of all the links I was able to download & save 17, rest links were blocked by the shields & I got FileRep popup for 3 links for which I chose recommended action i.e abort connection.

Executed 17 malware that were saved. 3 were quarantined by FileShield as Evo-Gen detection & for 3 malware autosandbox appeared but didn’t find anything malicious so I clicked on continue execution. Rest executed without detection.

After system restart there were 2 entries in msconfig-startup, regcleanpro & shup.
KillSwitch showed 1 as unknown, it was something browserupdater
QuickRepair didn’t showed any prob
AutoRun showed 7 entries as unknown & 1 entry as heur malware

In CIS case add/remove programs showed 3 new programs & in Avast case add/remove programs showed 8 new programs.

HitmanPro found 6 malware.

Attached are the screenshots of HitmanPro (malware), rest were the same as in the screenshots for CIS i.e babylon, clara & funmoods so I didn’t attached the screenshots of them.

[attachment deleted by admin]

I also tested BitDefender Free AV but I only tested with 20 links as it gave slowdowns.

18 links were blocked by the web protection so I disabled the AV & downloaded all the 20 malware & executed them. It detected 15 & 2 process was detected by active control & 3 executed without detection.
I was getting the detection notification very late after executing i.e app 30 secs - 1 min & sometime even more.

No active malware. HimanPro found nothing.

But there was an entry in msconfig-startup, something desktop.ini, after system restart a window related to this was opening with some gibberish words in it.

By the way, whats the minimum & recommended system requirements for this free AV?
This system have 512 MB RAM

Interesting :wink:
For the CIS(with default settings) test, I noted there are rubbish remain in the system though the malware files are inactive. Hence, I am current running BB in Fully Virtualized mode, hoping that all those rubbish could be gone after a sandbox reset.

I would appreciate it if you can perform the test using Fully Virtualized mode and try if there are any rubbish left after sandbox reset. ;D

There is one problem for the sandbox level.

The trusted application can not be blocked for connecting to the internet.
(The firewall will not popup alerts for trusted applications in safe mode)

For example, a malware executes an iexplore.exe and the iexplore.exe connects to the internet.
Comodo firewall (in safe mode) will not block it if the malware is sandboxed as fully virtualized.

I use Custom Ruleset mode in Firewall setting. :wink:
(and Spyshelter Free against potential spying activities to supplement weakness of FV)