Advanced Memory Scanner and Lab Tests

[FleischmannTV 9]

Dear ESET team,

 

since Advanced Memory Scanner technology is a post-execution mechanism, I would like to know if its detections still count as detected / protected in lab tests, such as AV-C and AV-Test.

 

Thank you.

[shocked 60]

the "tests" that those labs perform are not reflected in the real world scenarios.

for example. they might bombard the computer to be tested with hundreds of viruses/malware in a matter of minutes, in order to test how good a specified AV works.

 

the real end user won't get hundreds or maybe thousands of viruses in such a short time. if a user is very careful to the sites he visits, he might never get infected with anything.

 

it's best not to pay so much attention to the sites that perform tests to prove which AV is the best. and yes, the mechanism you mentioned, will detect anything it can detect and it will count as detected malware.

[itman 1,659]

Dear ESET team,

 

since Advanced Memory Scanner technology is a post-execution mechanism, I would like to know if its detections still count as detected / protected in lab tests, such as AV-C and AV-Test.

 

Thank you.

This one is a "bit tricky" so to speak in answering.

 

When Eset's AV engine is checking a process using heuristics, it runs the process in an internal sandbox. As such, no system modification by malware can occur.

 

When AMS detects adverse malware activity, the process has already began execution. So malware might have made some system modifications prior to AMS detection. Since AMS did stop the malware, I believe the AV labs will score it as a detection as long as the malware activity prior to AMS detection did not adversely affect existing system processing.