Behavior Blocker

[Deleted member 2913]

Which are the products with good Behavior Blocker & not just a GUI bells & whistles?

if you read the products white papers or blogs, it seems excellent but in practical how good are they?

Like when Avast introduced Deepscreen & all, I quite followed the product. At that time I had a spare system & use to test Avast often but always find their introduced technology not good. Other testers too find it not good. And Avast reply was always like server maintenance, this is not fully introduced, that is there but these & those are not there, when these & those will be there then the improvement in the results will be there, etc...
Still I find Deepscreen not that effective.
I dont know Evo-Gen, etc... is their behavior blocker technology or sign/heur but it does works.

Currently I am running Fsecure AV.
I read the white paper of DeepGuard.
It seems excellent. Like it does File Reputation, Behavior Analysis, File Prevalence, Exploit protection, etc... & if a file passes everything then actively monitored & blocked/quarantined when malicious action is detected or reaches a threshold, etc...
In practical how good it is?

 

[Venustus]

Which are the product with good Behavior Blocker & not just a GUI bells & whistles?

if you read the products white papers or blogs, it seems excellent but in practical how good are they?

Like when Avast introduced Deepscreen & all, I quite followed the product. At that time I had a spare system & use to test Avast often but always find their introduced technology not good. Other testers too find it not good. And Avast reply was always like server maintenance, this is not fully introduced, that is there but these & those are not there, when these & those will be there then the improvement in the results will be there, etc...
Still I find Deepscreen not that effective.
I dont know Evo-Gen, etc... is their behavior blocker technology or sign/heur but it does works.

Currently I am running Fsecure AV.
I read the white paper of DeepGuard.
It seems excellent. Like it does File Reputation, Behavior analysis, File Prevalence, Exploit protection, etc...
In practical how good it is?

From past experience in using it, I found it to be very good!!
I am now however leaning towards "cloud" AV's like Trend/Norton etc..!

 

[Roguesquad]

From past experience in using it, I found it to be very good!!
I am now however leaning towards "cloud" AV's like Trend/Norton etc..!

What are your thoughts on Hitman Pro then? I find its business model to be a bit on the soft side.

 

[Venustus]

What are your thoughts on Hitman Pro then? I find its business model to be a bit on the soft side.

I like it as a scanner and I also run HMPA!!
PS:Sorry if we are getting off topic

 

[hjlbx]

F-Secure DeepGuard and Emsisoft Behavior Blocker operate essentially the same...

In my experience Emsisoft Internet Security is much better overall; better firewall, better File Reputation database, works well on W8.1 system, good support, easy to use interface, etc.

 

[Deleted member 2913]

From past experience in using it, I found it to be very good!!
I am now however leaning towards "cloud" AV's like Trend/Norton etc..!

Cloud Security option if disabled/unchecked affects/reduces the protection or not?

 

[Venustus]

Cloud Security option if disabled/unchecked affects/reduces the protection or not?

Yes it would!!

 

[Deleted member 2913]

Yes it would!!

Isn't Cloud Security option just to send anonymous data for unknown malware?

How does disabling it affects protection?

 

[Venustus]

Isn't Cloud Security option just to send anonymous data for unknown malware?

How does disabling it affects protection?

If the signatures miss a file it uses the cloud for unknown files!
Kaspersky with its KSN Eset with live grid etc..

 

[Deleted member 2913]

In common settings there are privacy & connection option.

Attached are the screenshot
Connection option shows Security Cloud connected - Guess this you are talking about like KSN, Eset live grid?
Privacy options shows participate in the security cloud - Guess disabling this will not affect protection?

 

[jamescv7]

Behavior Blocker these days like from F-secure and Emsisoft are can manage well based on cloud reputation database in order to achieve easy decision making but likely different when its not connected.

Actually that's the more sufficient in the techniques for security matters as typical users may still confused about suspicious behavior without any basis of reference.

As much as possible just ticked the option for joining cloud service, its better to be safe than sorry.

 

[Ink]

Norton SONAR and AVG ID Protection, but are not standalone software.

 

[hjlbx]

Behavior Blocker these days like from F-secure and Emsisoft are can manage well based on cloud reputation database in order to achieve easy decision making but likely different when its not connected.

Actually that's the more sufficient in the techniques for security matters as typical users may still confused about suspicious behavior without any basis of reference.

As much as possible just ticked the option for joining cloud service, its better to be safe than sorry.

jamescv7 makes extremely important point - user will not know what to do if they have little or no experience (basis of reference). That is primary problem with both - more so with HIPS than Behavior Blocker.

I only learned by practicing with actual malware... I can't see any other way to learn how any particular AV works.

 

[Deleted member 2913]

Behavior Blocker these days like from F-secure and Emsisoft are can manage well based on cloud reputation database in order to achieve easy decision making but likely different when its not connected.

Actually that's the more sufficient in the techniques for security matters as typical users may still confused about suspicious behavior without any basis of reference.

As much as possible just ticked the option for joining cloud service, its better to be safe than sorry.

I ticked the option.

 

[Deleted member 178]

best BBs are in order:

1- Emsisoft (mamutu now built-in EAM/EIS)
2- Norton (Sonar)
3- F-secure (deepguard)
4- Threatfire (not developed anymore)

 

[bob974]

best BBs are in order:

1- Emsisoft (mamutu now built-in EAM/EIS)
2- Norton (Sonar)
3- F-secure (deepguard)
4- Threatfire (not developed anymore)

Hello Umbra, don't you forget Trend Micro?

 

[Venustus]

Hello Umbra, don't you forget Trend Micro?

I agree Trend has a great BB!!

 

[Deleted member 178]

Hello Umbra, don't you forget Trend Micro?

indeed a forgot, because i never used Trend ^^

 

[Cch123]

Adding on the Umbra's list, Trend and GData's behaviour blockers are now one of the best in the market. I particularly like how GData allow you to see what actions has the program taken before the behavior alert triggers so that you can make a more informed decision. For example, a behaviour alert triggers for a program writing an autostart entry. But there are many legitimate reasons for writing autostart entries too. However, if you see that the program has attempted to download from the internet and inject code before writing the entry, it is probably malicious.

 

[nsm0220]

best BBs are in order:

1- Emsisoft (mamutu now built-in EAM/EIS)
2- Norton (Sonar)
3- F-secure (deepguard)
4- Threatfire (not developed anymore)

You forgot G-Data on the list.