I had submitted the sample to submit.norton.com but still it is not been detected. This sample has multiple virustotal detections and is detected by ESET as PUA Vulnerable driver Zemana. Please add it to the database of Norton. Someone from the Norton contact me for more info. I can provide the download link if you want for analysis. I believe it can kill any AV/EDR.
We have reviewed the sample provided and this particular file does meet our criteria for detection. We are aware of the additional versions of this driver that have an invalid digital signature and those are already detected by Norton. However, the version you submitted to us on 2023-07-15 is signed with a valid certificate and is a legitimate driver, so we will not add a detection.
Device is Windows 11. System is not infected but I want this sample to be detected by Norton. Provided the sample via Norton submission portal. Chat representative told me to contact again after 48 hrs. I dont think Norton will detect it as I have already submitted the sample previously.
All: What is the OS we are dealing with in this thread? This is caused by a one-click UAC popup while running with admin privileges and will replace with a BYOD driver.
From the Bleeping Computer article: https://www.bleepingcomputer.com/news/security/terminator-antivirus-killer-is-a-vulnerable-windows-driver-in-disguise/
To use Terminator, the "clients" require administrative privileges on the targeted Windows systems and have to trick the user into accepting a User Account Controls (UAC) pop-up that will be displayed when running the tool.
Terminator is allegedly capable of bypassing 24 different antivirus (AV), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR) security solutions, including Windows Defender, on devices running Windows 7 and later,
This driver is only being detected by a single anti-malware scanning engine as a vulnerable driver at the moment, according to a VirusTotal scan.
Microsoft mitigation suggestions are here, Defender won't even detect this as it replaces a legitimate driver at the kernel level:
Malwarebytes has this to say regarding this detection: https://forums.malwarebytes.com/topic/299198-zemana-antilogger-premium-detected-as-exploitcve202131728/
That sample is not the same sample which was described by bleeping computers and which is detected by Trend Micro. As this sample is still being undetected by Trend Micro or Norton. But it has to do with zemana driver. Trend micro even shared analysis with similar sample in their research but its not getting detected.
I had submitted the sample to submit.norton.com but still it is not been detected.
Care to share Submission ID.
Care to share download link with me in private message.
Please click my Community name "bjm_" to send me PM.
Thanks
VirusTotal notes First Submission 2016-08-30
2016 submission with 11/71 feels like a FP. Just me. Just saying.
VirusTotal engine format and configuration is different than the consumer and corporate products’ default configuration. VirusTotal uses a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. Commercial products have false-positive suppression mechanisms which are not present in the command-line engine in VirusTotal.
Anime_007:
This sample has multiple virustotal detections and is detected by ESET as PUA Vulnerable driver Zemana.
PUA, a Possibly Unwanted Application. While they are annoying, they do not cause damage to your system. Some people actually want the 'Features' offered by these programs. They are usually downloaded alongside a legitimate download when you do not uncheck the option for the additional download. Norton products concentrate on malware that can damage your system, that is why some PUAs are not detected. (credit peterweb)