I allowed the virus( vbs script) to execute and then denied all actions by scripting host with all custom rules and paranoid settings, all filters/ monitors of Defence Plus enabled.
CFP doesn,t monitor about putting hidden attributes to files and folders and malware is able to hide ALL folders in C drive including windows directory and program files folder.
That’s exactly right, and more people need to understand the importance of that statement.
Remember how most people thought Malware Defender (MD) was bullet-proof? Well, 3 POCs were released recently that has caused Xiaolin to think about re-desgining MD!
If you let something unknown/untrusted run on your REAL system, there are many ways for malware to pounce. The only way to be truly “100%” is to deny execution at the gate. This is one big reason why I no longer use Classical HIPS in the everyday usage of my computer - there’s just no need. A simple anti-executable program is the way to go, and there really isn’t anything stronger (or cheaper or lighter) than (LUA) + SRP. Combine this with Sandboxie blocking/containing all your malware “threat-gates” and you have the strongest, lightest, (cheapest), and “set and forget” setup ever!
However, aigle does have a point here I think. Defense+ could probably be improved on to control the behaviour of files better (for whatever reason). I was just making the point of how to truly be “100%” haha. Cheers.