Advice Request Bitdefender technlogies

Please provide comments and solutions that are helpful to the author of this topic.

Ink

Administrator
Verified
Jan 8, 2011
22,490
Yes. Some of it may be limited on consumer editions.
Bitdefender Advanced Threat Defense is an innovative proactive detection technology that uses advanced heuristic methods to detect ransomware and other new threats in real time.

Advanced Threat Defense continuously monitors the apps running on the device, looking for threat-like actions. Each of these actions is scored and an overall score is computed for each process. Advanced Threat Defense shares intelligence with Bitdefender’s Global Protective Network to block even the newest ransomware and exploits.

As a safety measure you will be notified each time threats and potentially malicious processes are detected and blocked.
Source: https://www.bitdefender.com/consumer/support/answer/2024/

More details: Advanced Threat Intelligence | Bitdefender Enterprise
 

Ahmed Uchiha

Level 2
Thread author
Feb 5, 2021
57
well, I am talking about the consumer internet security suite, I noticed that Bitdefender doesn't have cloud protection section like Kaspersky and ESET also I think that cloud protection reduces overhead on PC since it does behaviour analysis and sandboxing in the cloud and cloud technology useful to report new threats and detect them I don't know whether or not which one is best in terms of speed to detect a new threat that not yet added to the database via regular update and what they lack is it limited to specific file type or it is slow to report and detect new threats.
 

SomeRandomCat

Level 3
Well-known
Dec 23, 2020
124
I can't say about Bitdefender, but regarding Kaspersky and ESET:

ESET HIPS (host intrusion prevention system)is disabled by default, otherwise it basically acts like a typical Anti Virus. If you enable it, then it will cause a lot of alerts, because their cloud database does not have white-listed programs or trusted vendors.

Kaspersky HIPS is enabled by default and set to default-deny, meaning that any program that tries to run, that is not already 'vetted' out by them will cause the HIPS component to prompt you whether or not to allow it, etc. They have a rather extensive white-list (cloud database) and it will likely be rather uncommon that you get any alerts from the HIPS, unless you download a lot of programs and manage to find something not already 'vetted' out by them. Their HIPS is also much more 'fine-tuned' and 'strict' than ESET HIPS, meaning it offers more protection (along with less alerts).

As far as their detection of viruses, all three (Bitdefender, Kaspersky, ESET) have a really good reputation for having high detection and quick response to analyzing new threats.

If you are not interested in the HIPS components, then either ESET or Kapersky would both be good choices for a solid AV. But, as far as the default-deny HIPS component goes, Kaspersky is way ahead at the moment.

Hopefully someone else can fill you in more regarding Bitdefender.
 
Last edited:

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,861
I think you got some info wrong here.
ESET HIPS (host intrusion prevention system)is disabled by default
ESET's HIPS is not disabled by default. It's enabled all the time and is set to "Automatic mode" by default.
If you enable it, then it will cause a lot of alerts, because their cloud database does not have white-listed programs or trusted vendors.
This happens when you set HIPS's mode to "Interactive mode". There are other modes like "Smart mode", "Leaning mode", "Policy-based mode".

ESET's Self-Defense, Protected Service, Advanced memory scanner, Exploit Blocker, Deep Behavioral Inspection, Ransomware shield, all are part of its HIPS components.
Kaspersky HIPS is enabled by default and set to default-deny, meaning that any program that tries to run, that is not already 'vetted' out by them will cause the HIPS component to prompt you whether or not to allow it, etc.
This is not correct as well. Kaspersky's HIPS/Appication Control is not set to default-deny. But it is possible to tweak it easily to make it act like a default deny solution + a lot more and making use of its cloud data to allow trusted programs.
 

SomeRandomCat

Level 3
Well-known
Dec 23, 2020
124
I think you got some info wrong here.

ESET's HIPS is not disabled by default. It's enabled all the time and is set to "Automatic mode" by default.

This happens when you set HIPS's mode to "Interactive mode". There are other modes like "Smart mode", "Leaning mode", "Policy-based mode".

ESET's Self-Defense, Protected Service, Advanced memory scanner, Exploit Blocker, Deep Behavioral Inspection, Ransomware shield, all are part of its HIPS components.

This is not correct as well. Kaspersky's HIPS/Appication Control is not set to default-deny. But it is possible to tweak it easily to make it act like a default deny solution + a lot more and making use of its cloud data to allow trusted programs.
By default unknown applications are 'restricted' and a notification prompt comes up. I guess it is not technically default-deny, but similar.

I installed ESET Internet Security on a fresh windows install recently and I am pretty sure I had to manually enable the HIPS/application control feature (whatever they call it). If that is not normal, then I don't really know what to say, but thanks for the information.

Edit: So I think I had to change it to 'interactive mode' like you said, which is what I remembered as 'enabling the HIPS', even though as you said, the HIPS was enabled by default, but it was in 'automatic mode', which seems to basically rely on behavior blocking / signature / heuristics? The impression I got, was that automatic mode was black-list oriented and did not feel like a 'HIPS' int he sense that it did not allow white-listed applications, but instead let anything through that was not known to be bad.

Although my terminology was off, hopefully you get what I meant. It seems we agree as to its functionality in automatic mode, though: Update - ESET 13.1.16.0
 
Last edited:
  • Like
Reactions: Cortex

Anthony Qian

Level 10
Verified
Well-known
Apr 17, 2021
453
Bitdefender relies more on offline detection methods than online detection methods.

In rare cases, Bitdefender may detect some new virus samples as Gen:Suspicious.Cloud.xxx, implying cloud-based virus database is used in this detection. However, it is very hard to trigger this detection.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top