Proactive protection against the WannaCry ransomware (not the exploit)
The WannaCry ransomware has been a major news story over the last few days. It has infected hundreds of thousands of computers worldwide (mostly in Russia), including some well-known companies and institutions. All the programs in our public Main Test Series now detect the WannaCry malware samples by means of signatures, but we decided to find out which of these programs would have blocked the malware sample (not the exploit) proactively, i.e. before the the outbreak started and the malware samples became known.
We ran a proactive protection test, i.e. we used vulnerable Windows 7 systems with definitions prior to May 12th. A WannaCry malware sample was then executed on offline systems. The list below shows which of the tested programs would have protected the system, and which did not.
|Adaware Pro Security||Protected|
|Avast Free Antivirus||Protected|
|AVG Free Antivirus||Protected|
|AVIRA Antivirus Pro||Protected|
|Bitdefender Internet Security||Protected|
|BullGuard Internet Security||Protected|
|CrowdStrike Falcon Prevent||Protected|
|eScan Corporate 360||Protected|
|Fortinet FortiClient||Not protected|
|Kaspersky Internet Security||Protected|
|McAfee Internet Security||Not protected|
|Microsoft Security Essentials||Not protected|
|Panda Free Antivirus||Protected|
|Seqrite Endpoint Security||Protected|
|Tencent PC Manager||Protected|
|Symantec Norton Security||Protected|
|Trend Micro Internet Security||Protected|
|VIPRE Advanced Security for Home||Protected|
As can be seen above, a majority of these products protected against this ransomware, but over 200,000 systems worldwide were compromised by it nonetheless. New variants might appear, and results for the next outbreak could look different. Users are advised to keep their systems patched, enable AV protection (i.e. do not disable features) and keep it up-to-date, as well as practising safe computing.
* This test only looked whether the ransomware part (WannaCry ransomware) would have been blocked.
ESET (removed from table above) would like to point out that their network protection module detected the exploit/spreading part (EternalBlue exploit) – and therefore protected the users – already since April 25th.