06.11.2018, 14:14
Na MT poprosiłem by Andy przetestował pakiet MKS przeciw atakom skryptowym.
Oto jego wnioski po przetestowaniu:
the MKSV on default settings blocked all samples, except those which used Bitsadmin. Yet, most PowerShell samples were blocked only via the Firewall rule (blocked outbound connections). The VBScript samples which used WMI were also blocked by the Firewall rule for wscript.exe (blocked outbound connections).
Most VBScript samples were blocked by heuristics (static detection) and it can be compared to BitDefender static detection.
MKSV has a very good protection against script trojan-downloaders. Yet, it is not perfect (can be bypassed, for example, by CHM scriptlets).
It is hard to compare MKSV to KIS, because KIS on default settings is not as good as MKSV, but KIS tweaked can also block all testing samples and additionally can detect/block other types of malicious scripts by AMSI or by blocking script interpreters
Tylko się cieszyć, że rodzimy produkt wypada dobrze( do tej pory najlepiej)
[Aby zobaczyć linki, zarejestruj się tutaj]
Oto jego wnioski po przetestowaniu:
the MKSV on default settings blocked all samples, except those which used Bitsadmin. Yet, most PowerShell samples were blocked only via the Firewall rule (blocked outbound connections). The VBScript samples which used WMI were also blocked by the Firewall rule for wscript.exe (blocked outbound connections).
Most VBScript samples were blocked by heuristics (static detection) and it can be compared to BitDefender static detection.
MKSV has a very good protection against script trojan-downloaders. Yet, it is not perfect (can be bypassed, for example, by CHM scriptlets).
It is hard to compare MKSV to KIS, because KIS on default settings is not as good as MKSV, but KIS tweaked can also block all testing samples and additionally can detect/block other types of malicious scripts by AMSI or by blocking script interpreters
Tylko się cieszyć, że rodzimy produkt wypada dobrze( do tej pory najlepiej)