I have just had the salutary experience of running Ransim by KnowBe4. 15 out of the 16 scenarios succeeded, i.e. from my point of view ransomeware protection failed. I am running Avast free 19.8. Just thought I would share this with you.
What was the scenario that failed? That’s useful information…
There are two scenarios that failed: RigSimulator and VirlockVariant.
Behavior Shield seems to become halted during it.
The version of the simulator seems to be 2.0.0.56.
What does effectively protect in this simulation is OSArmor 1.4.3 which blocks everything. Avast does stop the Crypto Miner.
I have to admit that I am out of my depth running this simulation.
I should have stated more emphatically that running ransim stopped Behaviour Shield. This should not happen, should it? I am surprised that no one took note of this point. I was a bit taken aback when it happened. This is surely a flaw in Avast. How do I report a bug?
Sorry - When I initially read your post, that’s not the impression I got. My mistake.
You can report scanner bypasses by following the instructions here: https://www.avast.com/bug-bounty
I have noticed in the past that Behavior Shield seems less robust than it ought to be and others have reported similar issues. If Behavior Shield is knocked out of action during a busy time, then that is a weakness which could be exploited by malware. Ransim offers 16 exploits in rapid succession. I want Behavior Shield to be able to stand up to a battering and it seems to be unable to. This needs putting right.
Hi, the devs are checking it…
Hi loungehake,
we see that the Behavior Shield is working unexpectedly with the Ransim which may cause that it’s stopped during the test. We are working on the fix and we hope it’d be in the Avast 20.1 release.
To the first post you made:
The ransomware test, which you are performing, is wrong because the Ransomware shield should be used in the test which is not a part of Free edition.
We detect the ransomware by the Avast Free but we don’t detect simulators by it as it’s PUP/Tool not a malware and we look on it this way.
Regards,
PDI
I did say that I was a bit out of my depth. I observed the detection of what seemed to be a PUP. I’m glad to read that Avast recognises simulators for what they are. You have restored my confidence in Avast.
I am very pleased that my naive attempt to use Ransim to test the ransomware resistance of my Windows PCs resulted in the exposure of a fixable bug in Behavior Shield.