Self-Made Ransomware vs AVs (Avast failes miserably)

https://malwaretips.com/threads/self-made-ransomware-vs-antivirus-products.66903/

The file is coded that it runs its actions after 20 seconds+ so Avast ignores it cause it only checks for 15 seconds maximum…STUPID.

Well Hardened Mode, set to Aggressive should have seen off this sample.

Enable Hardened mode - Protects novice users who do not understand the risks of opening unknown files. Set on moderate, no files with poor reputation are allowed to run.[b] When set to aggressive, only whitelisted files can be opened.[/b]

I would assume that this sample wouldn’t have be in the avast cloud whitelist database.

Another point to know VirusTotal can’t fully emulate the user experience as the scan is using the On-demand scan. Only the on-access scanner would access the cloud whitelist, and trigger the alert.

Considering the Hardened Mode:

Protects novice users who do not understand the risks of opening unknown files.

Why then is it disabled by default (if I remember correctly) when for the most part avast users are likely to be novices.

Hardened Mode Aggressive is indeed not enabled by default, and I also don’t understand why.
I have it enabled with all Avast users I help, and it has never caused them problems.

Greetz, Red.

Yes I too have it enabled from as long as I can remember, that is why I might have not recall it being a default or not.

But for sure I believe it should be a default.

Merry Christmas.

With this latest craze in malware there certainly is a need for hardenend mode.
Not all of ransomware is so polite as this example: https://twitter.com/demonslay335/status/810627959375757312

polonus