Andy Ful

Level 48
Verified
Trusted
Content Creator
Would that include on demand scans of individual files? Such as downloads that were in the folder when the scan ran, but then scanned again on demand before execution? I would be curious to see.
I do not know for sure. I do not use Eset, so I cannot check it. On default settings, it is reasonable to scan the files on demand like the new files.
 

blackice

Level 10
Verified
I do not know for sure. I do not use Eset, so I cannot check it. On default settings, it is reasonable to scan the files on demand like the new files.
Yeah I was kind of thinking “out loud”, so to speak. I find it prudent no matter what AV I use to scan anything before execution, maybe even with a second opinion and VirusTotal if I’m unfamiliar with the software.
 

Wraith

Level 13
Verified
Malware Tester
You are paying a price for the lightness. I will quote an interesting post I saw on this subject:

Ultra Male said:

anon:
That leads to on-execution scan/detection only.

i.e. =
Today you run a full scan, you have the X malware but your AV signature database miss it.
Tomorrow, a new signature for the X malware is added but the file (which is already scanned) remains with the same hash = whitelisted => undetected.
ESET will not scan the whitelisted files if you run a scan. But ESET realtime protection will still monitor every file on the system. The files are not excluded from scanning by the real-time scanner. The files are excluded only when running scans. ;)
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
When I have time this week I’ve been looking to dive into H_C and set up WD before the May update. Forcing smartscreen is an idea I really like. Things move slow for me making changes with my toddler around. He doesn’t like me looking at screens if he can’t play. :ROFLMAO:
You do not need H_C to apply the forced SmartScreen (see RunBySmartScreen). H_C uses default-deny setup, and forced SmartScreen is used to safely bypass the protection and install applications.
 

bjm_

Level 6
Verified
I thought it was free? :unsure:

Download is available here.
Tencent PC Manager is China’s first online security software that incorporates both protection from viruses and computer management. It including anti-virus, real-time protection, vulnerability remediation, system clean-up, computer speed acceleration and software management. Tencent PC Manager has been recognized by international authorities and organizations such as AVC, VB100 and West Coast among others. The functions and services of Tencent PC Manager are continually innovated and enhanced in order to earn and maintain its reputation as the most trustworthy free security software in the market.
http://www.tencent.com/en-us/system.html
 

Raiden

Level 13
Verified
Content Creator
The way they tested performance is not so relevant to the user habits of people like me.
Performance is highly individual. You need to try out a product on your own system, with your own applications and user habits, or else you are bound to get a skewed picture.
This is my stance too.

In all honesty this is the best advice. It's fun and all to runs tests and read them, they do provide some interesting info, no questions asked. However, as I've always said, tests don't always represent the real world, therefore it's always important to run the program(s) for yourself and see how it works for you. It's the only way to know for sure. Just because someone has one experience with a particular program, doesn't mean it will be the same for you.;)

All this works super fast with WD on my PC and laptop. According to AV-Comparatives WD should slow down pc quite a bit
My experiences are similar to yours. As I've said above, it's always important to try any program for yourself and see, it's the only way to know for sure if it meets your needs and performs the way you want it to. IMO there are way too many variables to truly get an accurate rating on performance. For example of you look at AV test and MRG Effitas test results, they place WD the same, or ahead of many others compared to Av comparatives, so depending on the system/usage, there will be differences.;)
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
ESET will not scan the whitelisted files if you run a scan. But ESET realtime protection will still monitor every file on the system. The files are not excluded from scanning by the real-time scanner. The files are excluded only when running scans. ;)
There is a difference when AV uses caching.
Suppose that you have downloaded a malicious file a few days ago, without opening the Download folder, so you have not been infected. The file was not detected, but It could be detected today if you would try to execute it. Now, if AV uses the old cache, you can still be infected today when you will open the Download folder without executing anything from that folder. Yes, it is possible (and happened in the wild) if malware can exploit Explorer.
This is not an issue for the home users who update Windows regularly, but does matter in organizations and Enterprises. (y)
 
Last edited:

Wraith

Level 13
Verified
Malware Tester
There is a difference when AV uses caching.
Suppose that you have downloaded a malicious file a few days ago, without opening the Download folder, so you have not been infected. The file was not detected, but It could be detected today if you would try to execute it. Now, if AV uses the old cache, you can still be infected today when you will open the Download folder without executing anything from that folder. Yes, it is possible (and happened in the wild) if malware can exploit Explorer.
This is not an issue for the home users who update Windows regularly, but does matter in organizations and Enterprises. (y)
Good gracious!!! Nowadays some malware is so sophisticated that it doesn't require any execution. :emoji_cold_sweat: in the above scenario ESET will cache the file in the download folder only if a full scan has been performed after downloading that particular file. @Andy Ful in this scenario where a malware can exploit explorer, do you think that software restriction policies (like Hard_Configurator and AppGuard) will help prevent these types of attacks since it's my guess that they will bypass traditional anti executables like ERP and VoodooShield ?
 

Andy Ful

Level 48
Verified
Trusted
Content Creator
Good gracious!!! Nowadays some malware is so sophisticated that it doesn't require any execution. :emoji_cold_sweat: in the above scenario ESET will cache the file in the download folder only if a full scan has been performed after downloading that particular file. @Andy Ful in this scenario where a malware can exploit explorer, do you think that software restriction policies (like Hard_Configurator and AppGuard) will help prevent these types of attacks since it's my guess that they will bypass traditional anti executables like ERP and VoodooShield ?
They cannot stop the exploit, but they can prevent loading the malicious libraries. This can depend on the exploit and protection settings. If the exploit is well known, then AV can include it in the heuristics or signatures. As I noticed before, there is no need to fight such exploits in updated Windows, because Microsoft quickly pushes the patch for such dangerous exploit.
 
Last edited:

shmu26

Level 83
Verified
Trusted
Content Creator
Good gracious!!! Nowadays some malware is so sophisticated that it doesn't require any execution. :emoji_cold_sweat: in the above scenario ESET will cache the file in the download folder only if a full scan has been performed after downloading that particular file. @Andy Ful in this scenario where a malware can exploit explorer, do you think that software restriction policies (like Hard_Configurator and AppGuard) will help prevent these types of attacks since it's my guess that they will bypass traditional anti executables like ERP and VoodooShield ?
1 Not to worry. As Andy said, this type of attack doesn't work on Windows with updates. For people like us, it is of academic interest alone.
2 All the advanced security solutions you mentioned have post-exploit protection to handle this type of attack. H_C and AppGuard might need a little configuring, whereas ERP and VS are good to go at default settings.