Disclaimer

This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

shmu26

Level 81
Verified
Trusted
Content Creator
The major difference between the various products is in the FPs. For advanced users, an FP is not a big deal, they know how to handle it. But for an average user, it can deter them from needed updates and valuable programs, or get them in the habit of turning off the AV, neither of which is healthy.
 

blackice

Level 7
The major difference between the various products is in the FPs. For advanced users, an FP is not a big deal, they know how to handle it. But for an average user, it can deter them from needed updates and valuable programs, or get them in the habit of turning off the AV, neither of which is healthy.
I hadn’t had a FP till I started trialing SHP. That son of a gun keeps deleting all Andy’s tools It just did it again today, got home from work checked and made sure Macrium ran and all these alerts pop. Good grief.
 

TairikuOkami

Level 23
Verified
Content Creator
Over 98% seems pretty good to me. The magnified graph really can be misleading. That’s also default.
That depends, what kind of malware was tested. 12 missed samples, that does not sound so bad, but if one was eg ransomware, that would make it real bad. Considering, that ESET was running with heuristics and cloud detection, so the detection of zero day malware is probably not that great.
 

Evjl's Rain

Level 41
Verified
Trusted
Content Creator
Malware Hunter
Microsoft is doing a great job with their WD. Kaspersky has always been top notch. Regarding Eset, emmm I don't know...
WD has block at first sight enabled which is a kind of reputation-based protection => safe or unsafe files are blocked if they don't have sufficient number of users => tons of FPs, great blocking of new malwares

this feature is nice but there is an overlap with windows smartscreen because BAFS only works if the file is downloaded from the internet. If the file is originated from other sources (USB, HDD,...), BAFS and smartscreen are useless

this feature is conditional. It doesn't always work
 

Evjl's Rain

Level 41
Verified
Trusted
Content Creator
Malware Hunter
This important point shows how much the testing conditions affect the results. A high-scoring AV might provide poor protection for you if sharing flash drives or external hard disks, or opening RAR files, is part of your lifestyle.
that's why an AV with good USB protection (panda, avira,...) or unconditional reputation checker is nice (avast's hardened mode, panda's application control, kaspersky's TAM/App. control sets to High restricted/untrusted, comodo's cloud lookup...)
also using Bandizip is a big plus for bring smartscreen back to life :D
 

SeriousHoax

Level 4
Verified
But they love Star Wars so much, more than money and millions of potential customers.
Exactly. It seems they are very stubborn. Stubborn at the wrong things. They always had one of the best signatures in the industry along with heuristics and with cloud protection they are doing a great job detecting zero day malwares too. But they must change the UI of their product. They changed a bit couple of years ago but still bad compared to other popular products. Also it comes with Avira launcher or something, it's only job is to open the UI probably. If you uninstall Avira, the launcher would still remain on your PC. It needs a separate uninstall as far as I remember. So, it's a mess. They must stop fangirling Star Wars and do a UI overhaul.
 

SFox

Level 2
On the one hand, the result in 98-99% is simply wonderful, on the other hand, there is enough activity of 1 or 2 malicious programs out of 1-2% missed to encrypt all personal files. There is no perfect protection, but this suggests that any antivirus needs to be configured so that the probability of successful operation of malicious programs from these 1-2% tends to zero. The same ESET has a weak HIPS by default, but setting up this component already provides tangible protection. The main thing is to keep a balance between protection and performance, as well as ease of use.
 

TairikuOkami

Level 23
Verified
Content Creator
There is no perfect protection, but this suggests that any antivirus needs to be configured so that the probability of successful operation of malicious programs from these 1-2% tends to zero. The same ESET has a weak HIPS by default, but setting up this component already provides tangible protection.
The problem is, that 99% users always use the default config and those, who can customize it, usually do not need AV in the first place. ;)
 

Andy Ful

Level 44
Verified
Trusted
Content Creator
WD has block at first sight enabled which is a kind of reputation-based protection => safe or unsafe files are blocked if they don't have sufficient number of users => tons of FPs, great blocking of new malwares
BASF is not reputation-based protection. I can see this, for example, when running freshly compiled executables. Every such executable uploaded to GitHub and downloaded to disk triggers BASF but the executable is allowed, anyway (I do not compile malware). If I try to execute it, then I can always see the SmartScreen alert.
Sporadically, my files are detected by BASF as trojan, so I have to submit my executables for whitelisting, before they will be published.
BASF is based on AI in the cloud like Kaspersky Secure Network feature. BASF uses many factors in the analysis (deep learning), also the file prevalence.
WD false positives can be visible only with low & very low prevalence samples. The average user will not see a significant difference between all AVs, because she/he can feel only false positives from the High or Medium category.
215221
The false positives should be read as follows:
McAfee = 3317, Symantec = 1389, Microsoft 840
So, Microsoft is third not first in the false positives list.
 
Last edited:

shmu26

Level 81
Verified
Trusted
Content Creator
WD false positives can be visible only with low & very low prevalence samples.
There was someone complaining on the other forum that at the office they needed to update their HP printer software because of a certain issue, and WD blocked the update. I told him that WD is nervous about very new files so just don't be the first guy to update. He said that over a week later, the HP update was still being blocked.