Free and Pro versions use the same cloud analysis. The problem lies in cloud scanning being hit-and-miss.
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Free and Pro versions use the same cloud analysis. The problem lies in cloud scanning being hit-and-miss.
I don't understand why avira missed those samples that giants tested. I also tested the same samples but the pro version blocked everything by cloud. Also malwareblocker's video didn't show any action of the cloud.
something is wrong here
- Jan 26, 2016
- 150
In the video it either didn't need the cloud for some samples or it checked and didn't find a match and let it execute. Like Spawn's screenshot shows, it is designated with (Cloud) in the security alert.
Btw this is the pack and sample I used:
https://malwaretips.com/threads/20-3-2017-17.69781/
https://malwaretips.com/threads/js-downloader-cerber-ransomware.69762/
Last edited:
here is the test using the latest samples from the hub. The sample in the second link was included in my video. Not sure if it was running then
https://malwaretips.com/threads/20-3-2017-17.69781/#post-610601
Containment: VMware Workstation 12.5.2 build-4638234
Guest/OS: Windows 7 Pro x86 SP1
Product: Avira Pro 2017, Default settings
Static: 6/17
Dynamic: 8/11
Total: 14/17
SUD: 11
Files encrypted: No
System Final Status: Infected
8427.js terminated everything after 5 seconds
View attachment 143646 View attachment 143645
20612.js triggered avira cloud upload. Finally blocked
View attachment 143647
48843.png.exe blocked by avira cloud
Codice.jpg.exe blocked by cloud
gdfers.vbs triggered wscript, copied itself into temp, running for >5 minutes but nothing happened. Created an autorun entry -> rebooted -> same, nothing happened
View attachment 143650
MK847589.jse blocked by cloud
View attachment 143654
user.php.exe blocked by cloud
View attachment 143648
Case_4785_Details.js blocked by cloud
View attachment 143649
cerber.exe blocked by cloud
View attachment 143651
notice_6452842UK.js blocked by cloud
View attachment 143658
yg4peajz.exe blocked by cloud
View attachment 143646 View attachment 143645
20612.js triggered avira cloud upload. Finally blocked
View attachment 143647
48843.png.exe blocked by avira cloud
Codice.jpg.exe blocked by cloud
gdfers.vbs triggered wscript, copied itself into temp, running for >5 minutes but nothing happened. Created an autorun entry -> rebooted -> same, nothing happened
View attachment 143650
MK847589.jse blocked by cloud
View attachment 143654
user.php.exe blocked by cloud
View attachment 143648
Case_4785_Details.js blocked by cloud
View attachment 143649
cerber.exe blocked by cloud
View attachment 143651
notice_6452842UK.js blocked by cloud
View attachment 143658
yg4peajz.exe blocked by cloud
NOTE: AutoKMS is a false postive
View attachment 143655 View attachment 143656 View attachment 143657
View attachment 143655 View attachment 143656 View attachment 143657
- Jan 26, 2016
- 150
Unless I'm missing it, I don't see where you ran 3409.js. Cloud picks it up now, but it was the Cerber sample it missed earlier.
- Jul 13, 2014
- 766
Perhaps the answer to that, is that there are some technologies and functions under the hood that they remove in the Free version. For marketing they may tell you that the cloud tech is the same as the Prenium versions too for example, but in fact,it's a trimmed down version. I noticed that too in some tests, Avira Free is bad. But when the Pro version is tested, it usually gives good results.
Thanks for this detailed test. Now we can clearly see the Cloud protection kicking in and doing its job.
Last edited by a moderator:
- Mar 1, 2014
- 1,708
As far as Emsisoft is concerned, their BB can be called heuristics. No, Emsisoft doesn't have the heuristics similar to that of Kaspersky, Avast, ESET, etc., but for the Emsisoft team, BB is just a large scale heuristics. It all really depends on how one defines heuristics.
I need to find the thread to support what I said. As for Avira, if indeed that it has a trimmed version of the cloud tech, then it's just bad. You would always want the Free version to shine, so that it gives the users the incentive to buy the Pro version. But I don't really think that they have trimmed down the Free version's cloud functionality.
Edit: For Emsisoft, IDS, Behavior blocker, Heuristic, what is the difference?
My explanation might not be accurate, so an explanation straight from the horse's mouth is good.
I think I misunderstood it. The post is saying about the similarities of IDS and BB, but not Heuristics and BB. So, my explanation isn't accurate after all. "It is a common misconception that Emsisoft’s Behavior Blocker uses conventional heuristics. Heuristics checks files on your hard-drive for malicious routines and then classifies a file as dangerous or safe based on a calculation of probability. Emsisoft’s Behavior Blocker works on a higher level though, and directly monitors how active programs behave on your system." - Efficient protection against new malware: Emsisoft’s Behavior Blocker
Also,
That depends on what you consider a heuristic. The term is awfully broad and everyone seems to have their own definition. For a lot of people heuristics are intertwined with the ability to emulate the execution of a program and watch what it does in such an emulated environment as part of the normal file scan. We don't do any of that in our engine. For others all methods that are not aimed at detecting a specific malware or malware family, but detecting malicious files in general are considered heuristics. We do use those in our engine. However, we rarely call them out as being a "heuristic detection" anymore. I think the last detection that actually made itself known as being a heuristic detection was Heuristic.Possible.MBR.Rootkit that has since then been removed. That rule for example triggered the scan engine to read the disk's MBR using various methods (Windows API, talking to the disk directly, etc.) and comparing the results whether or not they were identical, which would indicate an application hiding the real contents of the MBR from the rest of the system. Although I am sure a lot of people with different definitions of "heuristic" than us would disagree that this rule was a heuristic to begin with.
Last edited:
As far as Emsisoft is concerned, their BB can be called heuristics. No, Emsisoft doesn't have the heuristics similar to that of Kaspersky, Avast, ESET, etc., but for the Emsisoft team, BB is just a large scale heuristics. It all really depends on how one defines heuristics.
As for Avira, if indeed that it has a trimmed version of the cloud tech, then it's just bad. You would always want the Free version to shine, so that it gives the users the incentive to buy the Pro version. But I don't really think that they have trimmed down the Free version's cloud functionality.
Edit: For Emsisoft, IDS, Behavior blocker, Heuristic, what is the difference?
My explanation might not be accurate, so an explanation straight from the horse's mouth is good.
Heuristics is based upon probabilities and stochastics (probabilistic trends). Fabian will tell you Emsisoft uses no heuristics anywhere in their part of the products.
Last edited by a moderator:
- Mar 1, 2014
- 1,708
As far as Emsisoft is concerned, their BB can be called heuristics. No, Emsisoft doesn't have the heuristics similar to that of Kaspersky, Avast, ESET, etc., but for the Emsisoft team, BB is just a large scale heuristics. It all really depends on how one defines heuristics.
As for Avira, if indeed that it has a trimmed version of the cloud tech, then it's just bad. You would always want the Free version to shine, so that it gives the users the incentive to buy the Pro version. But I don't really think that they have trimmed down the Free version's cloud functionality.
Edit: For Emsisoft, IDS, Behavior blocker, Heuristic, what is the difference?
My explanation might not be accurate, so an explanation straight from the horse's mouth is good.
"It is a common misconception that Emsisoft’s Behavior Blocker uses conventional heuristics. Heuristics checks files on your hard-drive for malicious routines and then classifies a file as dangerous or safe based on a calculation of probability. Emsisoft’s Behavior Blocker works on a higher level though, and directly monitors how active programs behave on your system." - Efficient protection against new malware: Emsisoft’s Behavior Blocker
The cloud is the same in the paid and free products.
All you see here is people saying stuff when they don't know what they're talking about.
One cannot compare Avira to other products like Emsisoft and Kaspersky. Avira is limited feature whereas other protection softs are more fully featured. That's comparing Apples to Pineapples - which makes no sense.
Avira's most direct comparison is with the likes of Windows Defender and Ikarus - and that is what Avira is, a good Windows Defender replacement.
Last edited by a moderator:
- Jan 26, 2016
- 150
I had an extensive conversation here a couple weeks ago with Christian from Emsisoft, and I can confirm they do incorporate heuristics along with a separate Behavior Blocker module. But it's not within their engine but instead the Bitdefender engine. So yeah it has both. Threats flagged by heuristics have the heur designation within the name.
- Mar 1, 2014
- 1,708
Maybe what he's saying is that the Bitdefender signatures include the B-Have signatures, the heuristic detection signatures of Bitdefender.
- Jan 26, 2016
- 150
I was wondering the exact same thing so I asked him that, but he said that the heuristics analysis occurs in real time with the BD engine and not a detection that was picked up in the past and pushed out with the heur designation in the sig name.
Bitdefender signatures are not an Emsisoft product. Yes, Bitdefender employs heuristics.
Emsisoft itself does not use heuristics in their signatures. That's what I meant.
Go over to the Emsisoft support forum and you will see Fabian's comments.
- Mar 1, 2014
- 1,708
Thanks for that info!
The only thing that prevents me from completely believing that, no offense to you, is the fact that Emsisoft never published anything about this yet.
But that maybe is true because it's Christian, the CEO.
Thanks for that info!
The only thing that prevents me from completely believing that, no offense to you, is the fact that Emsisoft never published anything about this yet.
But that maybe is true because it's Christian, the CEO.
Christian and Fabian are straight-shooters.
- Jan 26, 2016
- 150
Try reaching out to him yourself. He's has the Emsisoft username here. I didn't know I was even talking to him until more than half way through the conversation when he told me. Thought it was one of their devs. I thought it was pretty cool though that a CEO would take the time to explain everything the way he did.Thanks for that info!
The only thing that prevents me from completely believing that, no offense to you, is the fact that Emsisoft never published anything about this yet.
But that maybe is true because it's Christian, the CEO.
Perhaps not from Emsisoft's own engine, however regarding Bitdefender's
Question about the Bitdefender engine
"It includes everything related to on-demand file detection including file based signatures as well as heuristics."
- Jan 26, 2016
- 150
Correct. That's why I said the BD engine does but not the Emsisoft engine. Would be nice though if they would incorporate it in their engine as well.
Last edited:
The topic gets muddied because people will say "Emsisoft uses heuristics." You have to qualify what they mean by "Emsisoft uses heuristics."
Emsisoft employs Bitdefender signatures - and the Bitdefender signatures utilize heuristics - but no part of the Emsisoft products proper use heuristics. At least that is how I have understood Fabian's comments about the products over the years. Now whether or not any of that has changed over the years... I don't know. Products can change, but from what I can tell, I don't think Fabian is a fan of heuristics - among a lot of other things.
Similar threads
