[EP_X0FF]

Any AV product without HIPS can be killed easily, there is nothing to test.

[ssj100]

Any AV product without HIPS can be killed easily, there is nothing to test.

Which AV product(s) don't/doesn't have the HIPS that you are talking about? Thanks.

[EP_X0FF]

For example Doctor Web.

[ssj100]

For example Doctor Web.

How about Avira, ESET, Microsoft Security Essentials etc? I'm only talking about the antivirus-only releases of these programs. However, it would be interesting to know if your methods also work with the suite versions of these programs?

[EP_X0FF]

Sure. Why not? There is nothing special in technical meaning.

[LeastPrivilege]

I see just about every brand of AV software when I remove malware on PCs. This isn't 1995 anymore. The trojans are able to infiltrate and disable all of them. The AV "self-protection" is a joke as is their removal as well. Based on what I see on a daily basis, I have no faith in traditional AV software anymore.

[ssj100]

I see just about every brand of AV software when I remove malware on PCs. This isn't 1995 anymore. The trojans are able to infiltrate and disable all of them. The AV "self-protection" is a joke as is their removal as well. Based on what I see on a daily basis, I have no faith in traditional AV software anymore.

That's interesting. I personally don't use a real-time Antivirus (I don't even have one installed...I just run occasional scans with MBAM and a-squared in a sandbox) so I personally don't really care much about this. My security setup is in my signature.

Regardless, I'm not convinced that people get infected because of bad AV software. Sure, Prevx etc are trying to make themselves look like the stand-out product (through very clever marketing strategies and "brain-washing"...perhaps too harsh a word?) etc etc. I believe the way people get infected is mainly through having a bad security approach. For example, a bad security approach would be poor handling of newly introduced files - executing/opening these files from potentially dodgy sources (eg. via e-mail attachment) on the REAL system. An example of a good security approach would be executing/opening these files in a sandbox via eg. Sandboxie, or even in a full blown Virtual Machine. A lot of newly introduced files are simply data that you view/execute once and then discard. With Sandboxie or a Virtual Machine handy, you can do this extremely safely.

For files that you want to keep, you merely have to use on-demand scanning (or simply get files from trusted sources) to check if there are any "viruses" within the files. VirusTotal and other specific signature scanners like MBAM are useful for this. Of course, a certain degree of computer common sense/experience is required to deliver this good security approach.

Finally, regular backing up is also very important (some might argue it's the most important aspect). I'm not just talking about regular backing up of (important) data files, but also regular image back-ups (perhaps once a month). So even if malware completely destroyed your system, you can restore a perfectly working image within 10-20 mins. Perhaps for "noob" users, if there was one thing to teach them, this might be the most important thing.

[SecConnex]

We strive to make our product the very best in the world.

Truly, this is not enough of an answer, and seems to be a marketing ploy to reach a conclusion. However, the problem with this logic is that it lacks evidence, and has a poor approach.

Introducing yourself would have helped, as the nature of your post is rather odd.

However, I do agree that the methods used by behavioral antivirus software is not being updated for the latest technology. Realistically, signature and behavioral based detection are not working with new malware as good as they should. There are many times where something is missed, and needs careful review.

Most researchers would love just to quickly pilfer through an infection, collect data, and save it, then delete the infection from the machine. However, many infections are too bound to the Windows API, that there are new methods out to circumvent behavioral antivirus products.

There will always be a circumvention until a company comes up with a better way to detect malware, instead of behavior based and signature based.

[ssj100]

We strive to make our product the very best in the world.

Which company doesn't?

The recent demonstrations carried out with your tool are not a real-world example of true circumvention and therefore are not accepted as a legitimate malware threat to our product.

Why the updates then? Prevx has updated about 3 times since the release of these POC's. And the updates were purely to rectify these specific issues, and were released relatively hastily.

Your tool is currently blocked and tagged as unsafe by our software.

The latest one is/was NOT blocked and tagged as unsafe at all. Please read my post above.

Truly, this is not enough of an answer, and seems to be a marketing ploy to reach a conclusion.

Agreed.

[GamingMasteR]

Your tool is currently blocked and tagged as unsafe by our software. I suggest you contact the Prevx Technical Support team for any further questions.

Effective & professional solution :D :mrgreen: