GDATA 2011 VS 四大毒王

显示全部楼层 · 发表于 2010-5-20 14:25:42

本帖最后由 JusT.Like 于 2010.10.9 12:03 编辑

前言
G DATA官方资料显示2011版本优化了行为监控，实际效果如何？！不妨通过简单的测试来一探究竟...
本次测试样本：熊猫烧香、小浩、磁碟机、机器狗（二楼附测试样本）
测试样本与“主流智能行为拦截软件测评”一致...
http://bbs.kafan.cn/thread-213572-1-2.html

PS:G DATA 2011行为监控为智能行为分析
Update:很多朋友抱怨“四大毒王”太老，这个测试的对象是行为分析模块，目标是其能否捕捉到样本的恶意动作！

测试环境：

VM windows 7 Home premium (补丁未打，关闭windows Defender)

样本"全家福":

G DATA 2011除行为监控以外，所有监控关闭

---------------------
---------------------

Test 1（熊猫烧香）

日志：
*** Process ***

Process: 2268
File name: ad.exe
Path: c:\users\just.like\desktop\ad.exe

Publisher: Unknown publisher
Creation date: 05/20/10 05:37:39
Modification date: 12/28/06 17:12:44

Started by: explorer.exe
Publisher: Microsoft Windows

*** Actions ***

The virus scanner has detected that the file is malicious.
A packer was run on the program file, possibly to conceal malicious content.
The program file header contains an error.
The program has created or manipulated an executable file in the Windows folder.
The program has saved files in the system folder.
The program has created or manipulated an executable file.

Test 2（小浩）

日志：
*** Process ***

Process: 3292
File name: xiaohao.exe
Path: c:\users\just.like\desktop\xiaohao.exe

Publisher: Unknown publisher
Creation date: 05/20/10 05:37:49
Modification date: 08/14/07 14:03:41

Started by: explorer.exe
Publisher: Microsoft Windows

*** Actions ***

The virus scanner has detected that the file is malicious.
The program has created or manipulated an executable file in the Windows folder.
The program has saved files in the system folder.
The program has created or manipulated an executable file.

Test 3（磁碟机）

日志：
*** Process ***

Process: 2168
File name: setup.exe
Path: c:\users\just.like\desktop\setup.exe

Publisher: Unknown publisher
Creation date: 05/20/10 05:37:57
Modification date: 03/01/08 18:48:38

Started by: explorer.exe
Publisher: Microsoft Windows

*** Actions ***

The virus scanner has detected that the file is malicious.
A packer was run on the program file, possibly to conceal malicious content.
The program has created or manipulated an executable file.

Test 4 （机器狗）

日志：
*** Process ***

Process: 1864
File name: userinit.exe
Path: c:\users\just.like\desktop\userinit.exe

Publisher: Unknown publisher
Creation date: 05/20/10 05:38:04
Modification date: 08/17/04 12:00:00

Started by: explorer.exe
Publisher: Microsoft Windows

*** Actions ***

The virus scanner has detected that the file is malicious.
The packer used is often used to conceal malware.
The program has created or manipulated an executable file.

END

显示全部楼层 · 发表于 2010-5-20 14:26:50

本帖最后由 JusT.Like 于 2010-5-20 16:41 编辑

测试样本（压缩密码 virus）

显示全部楼层 · 发表于 2010-5-20 14:28:02

G DATA的主防从09以来就很厉害。但只删除他认定可疑的威胁，不删除父程序。

显示全部楼层 · 发表于 2010-5-20 14:29:24

這是必須做到的哦

显示全部楼层 · 发表于 2010-5-20 14:29:45

回复 3# XMatence

上次就被一个恶意软件过了GD

显示全部楼层 · 发表于 2010-5-20 14:30:21

我设置了权限，你们怎么钻进来的...

显示全部楼层 · 发表于 2010-5-20 14:30:58

回复 5# bbs2811125

很正常啊

显示全部楼层 · 发表于 2010-5-20 14:31:28

回复 6# JusT.Like

你真的没设置。。

显示全部楼层 · 发表于 2010-5-20 14:31:49

回复 7# XMatence

你不是说他的主防很厉害么……难道主防只防病毒的么

显示全部楼层 · 发表于 2010-5-20 14:32:15

回复 6# JusT.Like

至少我没看见……

[分享] GDATA 2011 VS 四大毒王

本帖子中包含更多资源

评分

本帖子中包含更多资源