Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
Owner: User #71468
Check for PSP Detection
This article aims to give an overview of how to ensure a payload dropped to a DARTTest-Software (commercial) VMVirtual Machine is not detected by a Personal Security Product (PSPPersonal Security Product (Anti-Virus)). The article assumes the reader is familiar with DARTTest-Software (commercial) in general and will instead focus on specifics related to the PSPPersonal Security Product (Anti-Virus) scripts located in the EDGEngineering Development Branch leafbag.
This is a work in progress... exuse any sloppiness or unfinished sections until I'm done
('toc' missing)
('section' missing)
('section' missing)
Table of PSPs Implemented
The following table shows which PSPPersonal Security Product (Anti-Virus) scripts have been implemented and to what degree as of 1/20/2015.
The scripts can always be improved or further implemented, so I encourage any users to take a look at them and make changes as necessary. If a method is not implemented for a given script, that does NOT mean it's impossible - simply that I didn't get around to it. See if you can implement the functionality and update this table
Table Legend | Yes | Relies on GUI |
No / Not Yet |
Note: If a script relies on GUIGraphical User Interface interaction, mixed results may ensure. Use a implementation that requires GUIGraphical User Interface interaction with caution
PSP Name | psp_is_updated | run_static_scan | check_dynamic_logs |
---|---|---|---|
Avast | Y | Y | Y |
AVG | Y | Y | G |
Avira | Y | Y | Y |
Bit Defender | Y | G | Y |
Clam | Y | G | Y |
Eset | Y | Y | Y |
F-Secure | Y | Y | Y |
GData | Y | Y | Y |
Kaspersky | Y | Y | Y |
McAfee | Y | Y | Y |
MSE | Y | Y | Y |
Net Protect | Y | N | N |
Norton | Y | N | N |
Panda | Y | N | N |
Rising | Y | N | N |
SEP | Y | Y | Y |
Trend Micro | Y | G | Y |
Zone Alarm | Y | Y | Y |
Known "Gotchas" and Workarounds
Additional Notes
Example Tests
Related articles
('contentbylabel' missing)
('details' missing)