Full report and statistics can be found here:
Real-World Protection Test February-May 2019 | AV-Comparatives
This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.
I hadn’t had a FP till I started trialing SHP. That son of a gun keeps deleting all Andy’s tools It just did it again today, got home from work checked and made sure Macrium ran and all these alerts pop. Good grief.The major difference between the various products is in the FPs. For advanced users, an FP is not a big deal, they know how to handle it. But for an average user, it can deter them from needed updates and valuable programs, or get them in the habit of turning off the AV, neither of which is healthy.
That depends, what kind of malware was tested. 12 missed samples, that does not sound so bad, but if one was eg ransomware, that would make it real bad. Considering, that ESET was running with heuristics and cloud detection, so the detection of zero day malware is probably not that great.Over 98% seems pretty good to me. The magnified graph really can be misleading. That’s also default.
WD has block at first sight enabled which is a kind of reputation-based protection => safe or unsafe files are blocked if they don't have sufficient number of users => tons of FPs, great blocking of new malwaresMicrosoft is doing a great job with their WD. Kaspersky has always been top notch. Regarding Eset, emmm I don't know...
This important point shows how much the testing conditions affect the results. A high-scoring AV might provide poor protection for you if sharing flash drives or external hard disks, or opening RAR files, is part of your lifestyle.If the file is originated from other sources (USB, HDD,...), BAFS and smartscreen are useless
that's why an AV with good USB protection (panda, avira,...) or unconditional reputation checker is nice (avast's hardened mode, panda's application control, kaspersky's TAM/App. control sets to High restricted/untrusted, comodo's cloud lookup...)This important point shows how much the testing conditions affect the results. A high-scoring AV might provide poor protection for you if sharing flash drives or external hard disks, or opening RAR files, is part of your lifestyle.
Exactly. It seems they are very stubborn. Stubborn at the wrong things. They always had one of the best signatures in the industry along with heuristics and with cloud protection they are doing a great job detecting zero day malwares too. But they must change the UI of their product. They changed a bit couple of years ago but still bad compared to other popular products. Also it comes with Avira launcher or something, it's only job is to open the UI probably. If you uninstall Avira, the launcher would still remain on your PC. It needs a separate uninstall as far as I remember. So, it's a mess. They must stop fangirling Star Wars and do a UI overhaul.But they love Star Wars so much, more than money and millions of potential customers.
The problem is, that 99% users always use the default config and those, who can customize it, usually do not need AV in the first place.There is no perfect protection, but this suggests that any antivirus needs to be configured so that the probability of successful operation of malicious programs from these 1-2% tends to zero. The same ESET has a weak HIPS by default, but setting up this component already provides tangible protection.
BASF is not reputation-based protection. I can see this, for example, when running freshly compiled executables. Every such executable uploaded to GitHub and downloaded to disk triggers BASF but the executable is allowed, anyway (I do not compile malware). If I try to execute it, then I can always see the SmartScreen alert.WD has block at first sight enabled which is a kind of reputation-based protection => safe or unsafe files are blocked if they don't have sufficient number of users => tons of FPs, great blocking of new malwares
There was someone complaining on the other forum that at the office they needed to update their HP printer software because of a certain issue, and WD blocked the update. I told him that WD is nervous about very new files so just don't be the first guy to update. He said that over a week later, the HP update was still being blocked.WD false positives can be visible only with low & very low prevalence samples.