Illusion Gap - Antivirus Bypass

by Kasif Dekel
Nov. 25, 2017 0 comments Detection & Response antivirus malware

During our research, CyberArk Labs encountered a strange behavior in the file scanning process of Windows Defender. This problem may possibly exist in other anti-viruses, which we have not yet tested. This behavior led us to investigate the Antivirus scanning process over SMB shares and the outcome is a surprising cause for concern.