Jump to content

Just ran RanSim = Detection failed


Recommended Posts

As noted by your screen shot, appears all test files are located on OneDrive. As the author states for the test tool, it is used to verify your network protection against ransomware. I don't believe most conventional AV ransomware protection will protect against cloud storage encryption by ransomware.

Link to post
Share on other sites
  • Administrators

It's an innocuous application that doesn't tell anything about detection and protection capabilities of ESET products. They test behavior blocking without distinguishing between malicious and benign applications. However, ESET does not only monitor the system and processes for suspicious behavior, it also scans memory for malware-like code. This also enables ESET not to warn about benign applications. Needless to say that there are many ways how the encryption works so the simulator may theoretically help malware authors to avoid techniques used by the simulator.

In a nutshell, programs that pass the simulator tests may be more prone to encryption by ransomware than ESET.

Link to post
Share on other sites
5 hours ago, Marcos said:

It's an innocuous application that doesn't tell anything about detection and protection capabilities of ESET products. They test behavior blocking without distinguishing between malicious and benign applications. However, ESET does not only monitor the system and processes for suspicious behavior, it also scans memory for malware-like code. This also enables ESET not to warn about benign applications. Needless to say that there are many ways how the encryption works so the simulator may theoretically help malware authors to avoid techniques used by the simulator.

In a nutshell, programs that pass the simulator tests may be more prone to encryption by ransomware than ESET.

oh ok, thanks for the explanation sir

Link to post
Share on other sites

I have following with puzzled amusement the discussion of this simulator on both wilders.com and malwaretips.com by otherwise knowledgeable individuals on the results of this simulator.

What this product and others like it test for is how well your security solution protects you after you have been infected by ransomware. The point that is missed in these discussions is that the primary purpose of using a security solution is to prevent the malware or in this case the ransomware from installing itself in the first place. Or to quote an old truism, " An ounce of prevention is worth a pound of cure."

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...