Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
ZoneAlarm by Check Point Info, Guides, Tests
Message
<blockquote data-quote="Trident" data-source="post: 1044017" data-attributes="member: 99014"><p>Avast, Avira and Bitdefender are fundamentally different engines consisting of more signatures, generic detections and to some extent heuristics. Signatures contain instructions (rules) looking like "from byte x to byte y look for z". Hence they don't need to have a limit at all. Avast uses an arsenal of machine learning and static analysis at runtime as well as on their cloud.</p><p>Norton, Defender, Sophos and many others are engines based primarily on static analysis. Such engines need to have a limit for performance reason. They both have advantages and disadvantages.</p><p></p><p>They use Sophos locally and have all capabilities of their SDK. In addition, threat emulation can capture passwords for zips in emails and uses a dictionary of passwords that attackers commonly may use. This dictionary includes "infected". Downloading malware from various places results in successful block before you even take the file out of the archive.</p><p>Kaspersky provides only feeds, once they come across something, they send the hash to ThreatCloud. This is like a more effective and advanced Panda Cloud Antivirus built-in to ZA together with all other technologies.</p><p></p><p>I always use ZA. Harmony Endpoint is on another system, I am testing it before I become a business customer. These reports are from ZA saved in the directory you mentioned, I go and open from there.</p><p></p><p>Terminate means the process was suspended immediately together with all connections. But the file wasn't deleted because it is signed. In Harmony Endpoint this can be changed (all files related to an attack can be deleted) but in some cases it can cause issues. For example if you have an abused driver, instead of just suspending the attack, it will delete the driver too. You will have to reinstall it then.</p><p>For exploits, Harmony and ZA always just end the process without deletion. Meaning if you have vulnerable VLC and a malicious video file, the attack will be suspended but neither the file (you are welcome to delete it manually) nor the VLC player will be deleted (you as admin are welcome to look for updated version).</p></blockquote><p></p>
[QUOTE="Trident, post: 1044017, member: 99014"] Avast, Avira and Bitdefender are fundamentally different engines consisting of more signatures, generic detections and to some extent heuristics. Signatures contain instructions (rules) looking like "from byte x to byte y look for z". Hence they don't need to have a limit at all. Avast uses an arsenal of machine learning and static analysis at runtime as well as on their cloud. Norton, Defender, Sophos and many others are engines based primarily on static analysis. Such engines need to have a limit for performance reason. They both have advantages and disadvantages. They use Sophos locally and have all capabilities of their SDK. In addition, threat emulation can capture passwords for zips in emails and uses a dictionary of passwords that attackers commonly may use. This dictionary includes "infected". Downloading malware from various places results in successful block before you even take the file out of the archive. Kaspersky provides only feeds, once they come across something, they send the hash to ThreatCloud. This is like a more effective and advanced Panda Cloud Antivirus built-in to ZA together with all other technologies. I always use ZA. Harmony Endpoint is on another system, I am testing it before I become a business customer. These reports are from ZA saved in the directory you mentioned, I go and open from there. Terminate means the process was suspended immediately together with all connections. But the file wasn't deleted because it is signed. In Harmony Endpoint this can be changed (all files related to an attack can be deleted) but in some cases it can cause issues. For example if you have an abused driver, instead of just suspending the attack, it will delete the driver too. You will have to reinstall it then. For exploits, Harmony and ZA always just end the process without deletion. Meaning if you have vulnerable VLC and a malicious video file, the attack will be suspended but neither the file (you are welcome to delete it manually) nor the VLC player will be deleted (you as admin are welcome to look for updated version). [/QUOTE]
Insert quotes…
Verification
Post reply
Top