Themida

Ok i made the test and the answer is no, BitDefender can't detect malware protected with Themida.

Well, that seems logical. As far as I've seen on their website, Themida uses encrytion to protect the files, so BD can't unpack them.

@vladx: did you try to disable encrytion in Themida? (I saw in one of their screenshots that encrytion is optional)

Cris.

Is it detected at runtime? Maybe BD can't unpack but when the application is being runed it's self unpacking in memory so BD may catch it.

Just protect nmap for example witch is not a virii to make a non harmfull test

BitDefender scans the files before they are run. That means it will be unpacked after BD scanned it. After the file has loaded into memory (and was unpacked), BD won't scan the file again.

However, BD might catch the virus when and if it tries to infect other files (or to do other damage to the system).

Cris.

EDIT: after talking to a BD Virus Analyst (vlad):

For any malware packed with Themida can be created signatures and BitDefender will be able to detect them. It's nothing special about them (they will be detected as soon as a sample is found).

Another info that I found out is that BitDefender can unpack some versions of Themida (not all). But, sooner or later, this version could also be added to the list of supported packers.

Remember this: there's no such thing as perfect security but, also, there's no such thing as the perfect malware!. Every day, security improves and keeps up with new challenges