Buzzle

Looks like you still don’t quite understand what the Python script is for. Its only function is to automate the execution of the malware in ./Phase1 and ./Phase2, just like there is a user that would go into the folders and run the executables one by one. The malware use for the test is all in the Phase1 and Phase2 folders. The Python script could be replaced with a PowerShell/bat/$whatever script and it won’t affect the results whatsoever. Also, who even code ransomware in Python? It would probably take forever to encrypt data

Remember that the conditions that an AV needed to pass our test is BOTH clean sheet on second-opinion scanners AND the system showing no sign of infection. Also, at the very end of that Kaspersky video, we also threw in Norton's Power Eraser, which also indicates a clean system. MBAM and HitmanPro detected CoreTemp which is a legitimate application (maybe they include adware/PUPs with their installer?) but on the ESET-protected system there was clear signs of malware/ransomware at the end of both Phase 1 and 2, and that's enough to disqualify it We recently changed our testing methodology, which mainly focused on the Pro-Active protection components of the AVs, which can and will change many results that we have published in the past.

I don't know if my clarification isn't enough or you ignored my post, but let me re-clarify this

I'm Buzzle, moderator of TPSC Discord server. Let me just quickly clarify a few points here: First, the Python script only plays the role of executing the malware in the ./Phase1 and ./Phase2 folders. It it NOT a ransomware. It's called malex for a reason (MALware EXecutor) Second, the reason why Kaspersky only get a Pro-active detection ratio of ~80% but still pass Phase1 is due to the fact that BOTH HitmanPro and MalwareBytes detect nothing after Phase 1 and the system have no sign of infection (https://youtu.be/DtHHsJIw1RI?t=249) but ESET clearly did ( https://youtu.be/e0irhY1GOuI?t=166 + https://youtu.be/e0irhY1GOuI?t=401 ). In fact, ESET did not even qualified for Phase2 but we did it anyway Third, if you think the reason Bitdefender, Kaspersky, and Sophos passed because of affiliations with TPSC, then explain Norton and Comodo's result. We use the same testing method (running all the malware through malex) in every test since Windows Defender. There's no "irregularity" here like you said. If you want to discuss with us, jump on our Discord server. Link is in the description of the video.