On December 17, 2012, "Safetygate.ru" conducted a test on Trojan MBRLock. Here are their results. AVs in green color passed the test, AVs in red - failed. Also, first day Norton failed the test - DI ans Sonar did not react, but the second day, after Symantec was able to update their signatures, Norton passed the test.
Conducted a comparative test. Selected 146 samples of malicious programs, Norton detects and removes all the unpacking RAR archive. These samples are packed in ZIP archive. Downloaded from the server and unpack ZIP archives. Norton is not detecting unpacking and scanning. Why the difference? Run51samplesfrom the unpacked archiveZIP Files are really malicious. We see the work of Sonar.
ThanksHugh By default the scancompressed filesis enabled.
Nortonworks differentlywith the filesunpacked from the archiveRARand ZIP. When downloading a fileor decompressingRARarchivesfirstworking Download Insight, removesthe detected malwarefiles. Thenprovides informationabout the fileswith a bad reputationSONAR.
When loading and subsequent unpacking ZIP archive Download Insight does not work. SONAR does not receive information about the files with a bad reputation. (In my opinion)