Battle Capability of roll back: which one is stronger?

[Online_Sword]

As far as I know, those five antivirus programs (Norton, Kaspersky, GData, Webroot, Comodo) have the capability of rolling back malicious behaviors of malwares in realtime.

I think this is an interesting feature. So I hope to know which one of them is better in terms of rolling back.

Please only consider the feature of rolling back when you vote.

 

[LabZero]

Kaspersky System Watcher for me because it scans all running processes and has a feature to backup your data. When System Watcher detects a suspicious program that attempts to modify a user file, create a local backup copy of that file.

 

[MalwareT]

Where's Comodo with Viruscope ?

 

[OokamiCreed]

I really shouldn't vote because I've only used Kaspersky System Watcher (which is off by default at least in the 2016 version). I've never actually USED it since my systems always clean using my own brain. It seems a little over protective. By that I mean even if a trusted program tries to modify something that isn't the normal (in case the program was injected with something), it will ask if you want to reverse. The program that most will notice this with is CCleaner. After all is does delete files and Kaspersky is just making sure you want that to happen.

I haven't used the other AV's that often to have used the reverse actions features. I would use Norton (since it's free with my Comcast subscription) but it really doesn't like my system setup and some of the things I run even with exclusions. I'll try it out again when they release a new version. I'm sure any AV with reverse capabilities do a good enough job for typical malware. That's good enough for me. Honestly I just reinstall OS when I notice an infection. Well now I just restore a backup with Paragon.

 

[Online_Sword]

Where's Comodo with Viruscope ?

Sorry, I know little about viruscope.
Just now I look through the online help of comodo on viruscope, and find that it says "introducing the ability to reverse potentially undesirable actions of software without necessarily blocking the software entirely".
So I have added comodo to the possible response.
Thank you.

 

[Online_Sword]

I would use Norton (since it's free with my Comcast subscription) but it really doesn't like my system setup and some of the things I run even with exclusions

According to the thread on WSF, it seems that the program provided by Comcast is an old version of Norton.

In the past, I once tried an old version of Norton Internet Security. The date of its digital sign is Feb, 2013. It has a similar GUI with the program provided by Comcast (according to the screenshots in WSF). That is why I think the program provided by Comcast is an old version.

 

[OokamiCreed]

According to the thread on WSF, it seems that the program provided by Comcast is an old version of Norton.

In the past, I once tried an old version of Norton Internet Security. The date of its digital sign is Feb, 2013. It has a similar GUI with the program provided by Comcast (according to the screenshots in WSF). That is why I think the program provided by Comcast is an old version.

Nah, it's the most updated version. Same version number as Norton's own. It's been recently updated about a month or two ago and updates the rest on a live update. They leave the updates to Norton instead of doing it themselves. The only thing Comcast does is activate the license and adds the "Xfinity Constant Guard" logo branding on the area where the total subscription days are located at basically telling you it's unlimited.

 

[Tony Cole]

I never knew G Data had the ability to roll back malware actions? My vote goes for Kaspersky, I believe with their enormous infrastructure they can invest in coming up with the latest, most advanced methods available. Plus they have been using this technology for a few years.

 

[Online_Sword]

I never knew G Data had the ability to roll back malware actions?

As far as I know, it is integrated into its "behavior monitoring" module.

 

[Enju]

As far as I know, it is integrated into its "behavior monitoring" module.

As far as I can remember it only rolls back malware changes detected by the behaviour blocker. Personally I don't think it is wise to choose a classical AV based on rollback mechanics since they are easily circumvented or don't work at all. The best thing are scheduled backups on a removable drive (against cryptolockers) so you don't have to live with the uncertainty if really everything has been removed/rolled back.

 

[hjlbx]

None ! They all still have problems\limitations... some more than others. None of the rollbacks are 100 %.

Webroot's rollback does work, but it leaves behind a lot of inert remnants. Plus, it can't handle some malwares - like capable screenlockers.

Comodo Viruscope is still not fully developed. In basic tests it works.

Kaspersky and the others only rollback certain malicious activities; the rollback feature is triggered by specific behaviors and is not a general rollback feature. Sometimes they work and sometimes they do not. Rollback is not a 100 % reliable feature...

Virtualization is your best rollback feature - and this is where Comodo has the definitive edge. Resetting the sandbox will handily outperform all competitor rollback solutions.

So, in short, I would rely more upon virtual sandboxing before relying upon any type of monitoring and rollback feature.

In some regards, Viruscope is overkill. It is there to simply add an additional protection layer.

 

[Online_Sword]

it only rolls back malware changes detected by the behaviour blocker

Em...yes, here we only consider the feature of tracing and reversing the malicious actions done by malwares, not rolling back everything like SD.

 

[Enju]

Em...yes, here we only consider the feature of tracing and reversing the malicious actions done by malwares, not rolling back everything like SD.

Sorry I articulated myself a bit inaccurate there: If GData detects something by signatures it only rolls back things based on those signatures, if they detect something by their behaviour blocker they roll it back based on the BB log. They might have changed that in their new versions so don't quote me on that.

 

[Online_Sword]

the rollback feature is triggered by specific behaviors and is not a general rollback feature

What should a general rollback do? I guess you mean a general rollback should have intelligent and use heuristic in detecting malicious behavior?

What about Norton? I think Sonar has a general rollback feature...right?

 

[nsm0220]

None ! They all still have problems\limitations... some more than others. None of the rollbacks are 100 %.

Webroot's rollback does work, but it leaves behind a lot of inert remnants. Plus, it can't handle some malwares - like capable screenlockers.

Comodo Viruscope is still not fully developed. In basic tests it works.

Kaspersky and the others only rollback certain malicious activities; the rollback feature is triggered by specific behaviors and is not a general rollback feature. Sometimes they work and sometimes they do not. Rollback is not a 100 % reliable feature...

Virtualization is your best rollback feature - and this is where Comodo has the definitive edge. Resetting the sandbox will handily outperform all competitor rollback solutions.

So, in short, I would rely more upon virtual sandboxing before relying upon any type of monitoring and rollback feature.

In some regards, Viruscope is overkill. It is there to simply add an additional protection layer.

But they need to do more work the sandbox which its weak, and Comodo's head got chop off by malware.

 

[hjlbx]

What should a general rollback do? I guess you mean a general rollback should have intelligent and use heuristic in detecting malicious behavior?

What about Norton? I think Sonar has a general rollback feature...right?

You will find that they all have their own issues; the rollbacks are not "clean" like it is using Shadow Defender. Plus, some are have limited capabilities of detection and reversal. Comodo's routines are limited.

 

[OokamiCreed]

Since it was talked about here and not many know what the new version of Constant Guard (Norton Security with Backup) looks like, here you go (version 22.5.2.15):

 

[jamescv7]

Rollback in such a term will be link for virtualization category (usually enthusiastic user knows that), because that's the better option to revert the changes successfully.

The common rollback for AV these days may not be practical especially if its totally influence by heavy infection which only provides selective operation, + operation may disrupt instantly without any hesitation.

I think it goes down to the removal features on how handles efficiently and Kaspersky has an edge for that.