Another cool thing that we're going to be doing, but not as a result of this infection, is evaluating and maybe implementing Cylance in lieu of Trend on our systems.
I'm not sure if it's appropriate to say, but their engine seems revolutionary.
What makes you say that Rob?
Mostly that it's not conventional scanning, but instead it analyzes what the files do rather than just signatures or patterns. The closest comparison I can come up with is the way Android app permissions are broken down in the app store - - it can identify if a file's threat by the characteristics contained therein. Here's an analysis of the FreeConferenceCall.com installer:
I really want to see a good comparison of Webroot and Cylance from someone not related to either company.
My problem with Cylance was that there was no small business pricing. they started at something like 1000 licenses at their SpiceWorld 2015 demo. Only knocking it down to 500 during the show.
Hopefully the testing companies will get there eventually. They're all so geared towards signature detections and it's hard to get them to change. That's why we don't show up in some of them, as they won't come up with a methodology that better reflects what we do.
I liked Cylance's demo - go to totalvirus, download the last 100 uploaded viruii, and run them.
That's a good start, but it's tough to truly get a zero day virus that hasn't been seen yet, for a real world test. If it's on virustotal then it's already been identified as a virus by most of the AV companies.
No way to get around it entirely
Run them side by side in the real world (honeypot kind of thing) and test.
No I mean zero day viruses
I don't have faith either would do the job
Isn't the other choice... neither, though? Will "none" do the job?
That's definitely a question
What I mean is... certainly trust nothing for zero days, protect as much as you can. But part of that would be getting the best AV that you can. It's part of the security picture.
@nadnerB Thank God i could remote it and do the things required, otherwise would be driving a bit far to do this! 🙂 Thanks to screenconnect, i was actually evaluating screenconnect as my go to tool for remote support, one thing i noticed is few windows message screenconnect didn't allow me to click ok to proceed, at that time it just shows that i am connected but not the guest. Used Teamviewer free for that to complete that action, so i have second thoughts about screenconnect!
When ScreenConnect is running as an admin process, you can click everything.