Hot Take Kaspersky and various other AVs can't detect simple ransomware script

[bazang]

It is "incredibly effective" at home, but would not be effective against targeted attacks in Enterprises.

SAC is not effective in enterprise or government. WDAC or SRP, with SRP remaining the preferred method. WDAC adoption is limited.

No SysAdmin likes having to re-create rules and go through all the troubleshooting migrating from SRP or AppLocker over to WDAC in a large organization.

 

[bazang]

It is like deciding to stay home because I cannot look right and left before crossing street.

Sacrificing usability for blind security.

Bitdefender is not sacrificing usability for blind security.

For a very long time people complained bitterly to Bitdefender that it did not block malicious scripts.

Well, now Bitdefender did just what those people asked for - it is blocking scripts with current methods and technology, and it is inevitable that false positives will happen. Because of this problem, there's some AV that will not block scripts such as F-Secure, unless there is a signature.

Does anyone expect someone at Bitdefender to review the script content of every single script? If yes, then that's a highly unrealistic expectation because nobody would conduct that kind of granular code review.

The lesson learned, if you believe that users should be allowed to do what they want because it is their system and "User Rights" ideology is this - "Be careful what protections you ask a security software publisher to implement."

I have not messed with Bitdefender in a very long time. IIRC it was not possible to whitelist script files by adding them to exclusions. It had to be a request to Bitdefender support to whitelist the script.

 

[XylentAntivirus]

Yet another Ransomware like skid wiper.

 

[Parkinsond]

Does anyone expect someone at Bitdefender to review the script content of every single script?

So SRP can do the same job and no need for B.

 

[cartaphilus]

but Bitdefender detects that file as malware.
it might be harmless not a fully ransomware but, it can be used as scareware or bad joke and not all people can revert this action on their own

The script you used can be used via legitimate means to bulk change file extensions. It does nothing malicious besides maybe have you open an executable as an text file resulting in unrecognizable jumble of characters.

The script you have is missing:
1) Encryption
2) Prevention of having the files restored
3) Method to collect payment (not network aware)
4) Method that turns it into a persistant process that survives a boot.

etc etc etc