A forum for reverse engineering, OS internals and malware analysis
YARA Scanning and continuous DNS monitoring seems to work well for me.
I use ESET Smart Security on my host PC and try cross testing different vendors on VMs.
I hope Other === NO_AV...
Probably this is worth noting in this thread.
Personally I don't use AV as a linux user but I still install one on my family PC. Up to this day it was Avast but not using it myself I have never really tested it. Oh, and also EMET in addition and maybe Malwarebytes Anti-Rootkit in the future.
Personally I don't use AV as a linux user but I still install one on my family PC. Up to this day it was Avast but not using it myself I have never really tested it. Oh, and also EMET in addition and maybe Malwarebytes Anti-Rootkit in the future.
Surprised 1 thing wasn't mentioned, Malwarebytes. Just in my thoughts.
ImBackHerobrine wrote:Surprised 1 thing wasn't mentioned, Malwarebytes. Just in my thoughts.Malwarebytes is not an antivirus.
i use avast!
avast market share now hits more than 20% worldwide, so it should be a good indicator for av.
avast market share now hits more than 20% worldwide, so it should be a good indicator for av.
jimmychen wrote:so it should be a good indicator for av.If only this were the truth.
avast's kernel-mode drivers still have bugs like using a user-mode IRP field but the execution mode of the original requester is kernel-mode. Unsure if this will cause a real-world crash, but if you enable verifier with the proper flags it'll catch it.
"This Regin driver recurrently checks that the current IRQL is set to PASSIVE_LEVEL using the KeGetCurrentIrql() function in many parts of the code, probably in order to operate as silently as possible"
