AhnLab V3 Internet Security 8.0 avast! Free Antivirus 7.0. Report, readers are advised to first read the above-mentioned document. The participation is limited to not more than 20 international well-known Anti-Virus products, which. False positive/alarm test. Report the false positives from IObit Products. We will fix all false positives as soon as possible. AhnLab-V3 5.0.0.2 2009.09.18. Below is a list of email IDs and online forms where you can submit files you suspect are false positive: AhnLab Email 1: v3sos@ahnlab.com Email 2: e-support@ahnlab.com.

1. Ahnlab V3 Lite Windows 10
2. Ahnlab-v3 Report False Positive
3. V3 Ahnlab Free Download
4. Ahnlab V3 Report False Positive Blood
5. Ahnlab V3 Report False Positive Results
6. Ahnlab V3 Internet Security 8.0

Rule Category

FILE-EXECUTABLE -- Snort detected traffic targeting vulnerabilites that are found in or delivered through executable files, regardless of platform. In those instances, Snort is able to correct traffic that has been altered.

Alert Message

FILE-EXECUTABLE Portable Executable multiple antivirus evasion attempt

Rule Explanation

The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a 19040010 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.Impact:CVSS base score 4.3CVSS impact score 2.9CVSS exploitability score 8.6confidentialityImpact NONEintegrityImpact PARTIALavailabilityImpact PARTIALDetails:Ease of Attack:

What To Look For

VB Test Team

Virus Bulletin

Copyright © 2020 Virus Bulletin

The VB100 set-up
Diversity Test
Upcoming test changes
Products & results
Acronis Cyber Protect
Acronis True Image 2021
Adaware Antivirus Free
Adaware Antivirus Pro
Ad Spider
AhnLab V3 Endpoint Security
Arcabit AntiVirus
Avast Free Antivirus
AVG Internet Security
CMC Malware Detection and Defense
CORE Antivirus
Cynet 360
CyRadar Endpoint Detection and Response
Defenx Security Suite
Emsisoft Anti-Malware
eScan Internet Security Suite for Windows
ESTsecurity ALYac
Exosphere Endpoint Protection
Faronics Anti-Virus
FireEye Endpoint Security
Fortinet FortiClient
G DATA Antivirus
IKARUS anti.virus
Intego AV
K7 Total Security
PCProtect
Private Internet Antivirus
Qi-ANXIN Tianqing Endpoint Security Management System
Rising Enterprise Security Management System
Scanguard
SecureAge SecureAPlus Pro
Systweak Anti-virus
TACHYON Endpoint Security
TeamViewer Endpoint Protection
Tencent PC Manager
TotalAV
Total Defense Premium
TUXGUARD Endpoint Protection
United Endpoint Protector
VIPRE Endpoint Cloud Business
VirIT eXplorer PRO
Appendix 1: products not certified
Appendix 2: testing notes
Appendix 3: sample set sizes
Footnotes

Introduction

The VB100 certification scheme provides a stamp of quality and competence for anti-malware products that satisfy a minimum standard of detecting malicious executables that have recently been seen in the wild, while blocking few to no legitimate programs.

This report details the VB100 certification results of 41 of such products from 36 different vendors during November and December 2020.

The VB100 set-up

In the VB100 test, a copy of the product to be tested is installed on two platforms: Windows 10 and Windows 7. On each platform, and at three different times in the test, the product is asked to scan both the latest version of the WildList¹ and a selection of clean files taken from Virus Bulletin’s own set of files belonging to widely used legitimate software.

A legitimate file that is blocked at least once is considered a false positive, while a WildList file that isn’t blocked is considered a miss.

A product achieves a VB100 certification if:

• No more than 0.5% of WildList samples are missed

and

• No more than 0.01% of legitimate files are blocked

For full details, we refer to the VB100 methodology on the Virus Bulletin website: https://www.virusbulletin.com/testing/vb100/vb100-methodology/vb100-methodology-ver1-1/. This test used version 1.1 of the VB100 methodology.

Diversity Test

The malware part of the VB100 certification uses the WildList, a regularly updated list of extremely well-vetted malware samples, guaranteed to have been spotted in the wild multiple times. This makes them very suitable for a certification test like VB100.

The ‘Diversity Test’ looks at products’ detection of another set of recent malware samples, to acknowledge the fact that products detect malware samples beyond a standard set of samples, and provides a measure of that detection.

Upcoming test changes

As part of planned updates to the VB100 test in 2021, we will be retiring testing on the legacy Windows 7 platform, effective from January 2021.

We are introducing this change because the relevance of Windows 7 has diminished greatly in recent years, and the platform reaches end-of-life in January 2020 – as a consequence of which, a growing number of tested products either lack support for this platform, or struggle to perform properly on the legacy operating system. We expect the retirement to have negligible impact on the relevance of the VB100 reports.

Products & results

Products were allowed to download updates during the course of the test. The version numbers listed in the results that follows refer to those at the start of the test.

Acronis Cyber Protect

Acronis True Image 2021

Adaware Antivirus Free

Adaware Antivirus Pro

Ad Spider

AhnLab V3 Endpoint Security

Arcabit AntiVirus

Avast Free Antivirus

AVG Internet Security

CMC Malware Detection and Defense

CORE Antivirus

(see notes in Appendix 2)

Cynet 360

CyRadar Endpoint Detection and Response

Defenx Security Suite

Emsisoft Anti-Malware

Ahnlab V3 Lite Windows 10

eScan Internet Security Suite for Windows

ESTsecurity ALYac

Exosphere Endpoint Protection

Faronics Anti-Virus

FireEye Endpoint Security

Fortinet FortiClient

G DATA Antivirus

IKARUS anti.virus

Intego AV

K7 Total Security

PCProtect

Private Internet Antivirus

Qi-ANXIN Tianqing Endpoint Security Management System

Rising Enterprise Security Management System

Ahnlab-v3 Report False Positive

Scanguard

SecureAge SecureAPlus Pro

V3 Ahnlab Free Download

Systweak Anti-virus

(see notes in Appendix 2)

TACHYON Endpoint Security

TeamViewer Endpoint Protection

Tencent PC Manager

TotalAV

Total Defense Premium

TUXGUARD Endpoint Protection

(see notes in Appendix 2)

United Endpoint Protector

(see notes in Appendix 2)

VIPRE Endpoint Cloud Business

VirIT eXplorer PRO

Ahnlab V3 Report False Positive Blood

Appendix 1: products not certified

All products achieved VB100 certification in this test.

Appendix 2: testing notes

• CORE Antivirus gained VB100 certification based on measurements taken on Windows 10 only.
• Systweak Anti-virus gained VB100 certification based on measurements taken on Windows 10 only.
• Tabidus Technology’s United Endpoint Protector gained VB100 certification based on measurements taken on Windows 10 only.
• TUXGUARD Endpoint Protection gained VB100 certification based on measurements taken on Windows 10 only and, due to a technical failure, the Diversity Test results for this product were invalidated.

Ahnlab V3 Report False Positive Results

Appendix 3: sample set sizes

The Certification Set contained 1,401 malicious samples. The set of clean samples used for the false positive test contained 100,000 files, of which 29,168 were portable executable (PE) files. The set used for the Diversity Test contained 1000 malicious samples.

Footnotes

Ahnlab V3 Internet Security 8.0

¹ The WildList is an extremely well-vetted set of malware recently observed in the wild by researchers: http://www.wildlist.org/.