Avast V8 vs 13 undetected fresh samples
Avast V8 vs 40 undetected samples
Evo-Gen looks excellent, and seems they have added reputation detections like Norton.
I may be wrong but i dont think evo-gen is up and running yet.
90% of detections are from Evo… ???
Just seen a video from malware geek and avast didnt do that well but these tests always vary anyhow.However avast needs to improve on zero day malware and the BB seems ineffective at the moment.
because in the video the pieces of malware picked out for execution were just randomly crashing and looking at some of their Icons I suspect some were false positives and since evo-gen came into action since feb 2013 you will have to give some time to materialize with old samples…but so far with 2013 undetected samples its doing great! ;D
one more test: - YouTube
When you don’t check the samples for me I don’t rely to tester.
You are testing Avast a lot & find Evo-Gen & FileRep, specially Evo-Gen effective against zeroday malware.
I am too testing Avast with undetected zeroday malware i.e VT shows Avast not detected.
I did couple of tests on real system XP 32.
Evo-Gen is effective & FileRep is good.
Avast defaults is PUP disabled.
Can you tell me if Evo-Gen detects PUP or like Avast defaults Evo-Gen doesn’t detects PUP?
PUP detection by Evo-Gen depends on PUP setting i.e PUP enable/disable in shield setting?
In my couple of tests with PUP enabled, I never saw Evo-Gen detecting PUP, so want to know if Evo-Gen detects PUP or not?
So far in my tests with some adware/PUPs is they are most of the time sandboxed and not detected as malware however,I have seen a piece of adware being flagged as filerepmalware so far I dont know how this thing works right now…
However,Not everything is deployed yet as you see MDE is still to come:
A New Toy in the Avast Research Lab
and also this is coming soon:
I tested Avast 8 on real system XP 32.
I used the malware pack from malwaretips.com mentioned as 39 files & 1 file
Links removed by moderator! Naren, you’ve been around long enough to know that posting potentially malicious links on the forum isn’t allowed.
After test I restarted the system & at the boot I got ntdlr missing press ctrl alt del & again & again the same message.
I dont know which malware from the pack infected the system.
Restored through CTM
Currently testing CIS 6 with the same malware packs
Post edited by moderator to remove potentially malicious links…
naren,testing against the same samples on VM with avast again…
the 2 files with installer Icons are benign and 2 are suspicious as its 1 week old and very low on detection according to VT and the rest were more than a year old samples according to VT and the new technologies came into action since this feb its effectiveness on old samples isnt still up to par we will have to wait until everything materializes as evo-gen is still new…I didnt have a condition of unbootable machine on my own VM…was this XP machine used for the test?? avast sandbox has some bugs causing XP machines unbootable.
we still have some more technologies to come in near future.My VM is win7
You mean the samples I have mentioned?
I tested CIS 6 against the same samples.
I dont know which malware Avast missed & the system was infected.
So I installed only CFW + D+ without CAV, selected Internet Security Config, & disabled cloud & unrecognized to cloud under fileratings.
After test I restarted the system & no probs.
I had unzipped all the samples from both the links I have mentioned into 1 folder.
I am not sure but I think in Avast test the infection may be due to the sample name - Installer from SoftSafe, I had 2 samples in the folder named Installer from SoftSafe, but as I said I am not sure if these were the samples that caused infection in Avast test.
If you are testing the samples mentioned by me, post your results & findings here.
previous comment edited…please read it…installer icon files are benign.
Now testing on a XP VM to confirm…
Confirmed…I had the same issue is only happeining on the XP VM after avast sandboxes some piece of malware and I rebooted I got this…reported to avast team via PM function on their forum.
Naren,you are right…when the sandbox got the legit installer icon thingy it caused this…it looks like some issue with the sandboxing of legit installers.Thank god! it isnt a bug with genuine malware
[attachment deleted by admin]
OK, I read the previous post of yours. I am not talking about the benign installers. OK, so you are now testing on a XP VM. Let me know if you get ntldr missing or unbootable system prob. And test both the samples Installer from SoftSafe, both seems same but I ran both & they take little time & internet connection needed. Both the samples are digitally signed.
To be sure I am going to test Avast again little later.
And the test was not to show Avast missed sample & system was infected & not a comparison test. I know new technology in Avast will take little time to give excellent results.
I was testing Avast & things happened so I posted here & its good you are testing the samples to check if the same thing happens or not. And I tested CIS to see if the same thing happens or not.
Dont worry naren I clearly understand your concern…btw,Am I too quick.LOL…edited previous reply.
please inform me about the results of what happens when you test avast a little later…
Reply from avast team member:
Hi, please check version of your \Windows\System32\drivers\aswVmm.sys file. If the version is later than 8.0.1482.45, then just restart your machine and it should be OK. If the version is 8.0.1482.45 then execute patch: http://files.avast.com/files/emupdate/20130304.exe as administrator. It will replace your aswVmm.sys with version 8.0.1482.47. Then restart computer.
this seems to have fixed my issue strangely…File version on my xp vm was the older one and I re-tested after applying the fix…it seems to have done the trick…try it naren.
[attachment deleted by admin]