D

Deleted member 2913

Which are the products with good Behavior Blocker & not just a GUI bells & whistles?

if you read the products white papers or blogs, it seems excellent but in practical how good are they?

Like when Avast introduced Deepscreen & all, I quite followed the product. At that time I had a spare system & use to test Avast often but always find their introduced technology not good. Other testers too find it not good. And Avast reply was always like server maintenance, this is not fully introduced, that is there but these & those are not there, when these & those will be there then the improvement in the results will be there, etc...
Still I find Deepscreen not that effective.
I dont know Evo-Gen, etc... is their behavior blocker technology or sign/heur but it does works.

Currently I am running Fsecure AV.
I read the white paper of DeepGuard.
It seems excellent. Like it does File Reputation, Behavior Analysis, File Prevalence, Exploit protection, etc... & if a file passes everything then actively monitored & blocked/quarantined when malicious action is detected or reaches a threshold, etc...
In practical how good it is?
 
Last edited by a moderator:
  • Like
Reactions: Logethica and Kent

venustus

Level 45
Verified
Trusted
Content Creator
Which are the product with good Behavior Blocker & not just a GUI bells & whistles?

if you read the products white papers or blogs, it seems excellent but in practical how good are they?

Like when Avast introduced Deepscreen & all, I quite followed the product. At that time I had a spare system & use to test Avast often but always find their introduced technology not good. Other testers too find it not good. And Avast reply was always like server maintenance, this is not fully introduced, that is there but these & those are not there, when these & those will be there then the improvement in the results will be there, etc...
Still I find Deepscreen not that effective.
I dont know Evo-Gen, etc... is their behavior blocker technology or sign/heur but it does works.

Currently I am running Fsecure AV.
I read the white paper of DeepGuard.
It seems excellent. Like it does File Reputation, Behavior analysis, File Prevalence, Exploit protection, etc...
In practical how good it is?
From past experience in using it, I found it to be very good!!
I am now however leaning towards "cloud" AV's like Trend/Norton etc..!:);)
 
H

hjlbx

F-Secure DeepGuard and Emsisoft Behavior Blocker operate essentially the same...

In my experience Emsisoft Internet Security is much better overall; better firewall, better File Reputation database, works well on W8.1 system, good support, easy to use interface, etc.
 
D

Deleted member 2913

From past experience in using it, I found it to be very good!!
I am now however leaning towards "cloud" AV's like Trend/Norton etc..!:);)
Cloud Security option if disabled/unchecked affects/reduces the protection or not?
 
  • Like
Reactions: Logethica

venustus

Level 45
Verified
Trusted
Content Creator
Isn't Cloud Security option just to send anonymous data for unknown malware?

How does disabling it affects protection?
If the signatures miss a file it uses the cloud for unknown files!
Kaspersky with its KSN Eset with live grid etc..
 
  • Like
Reactions: Terry Ganzi
D

Deleted member 2913

In common settings there are privacy & connection option.

Attached are the screenshot
Connection option shows Security Cloud connected - Guess this you are talking about like KSN, Eset live grid?
Privacy options shows participate in the security cloud - Guess disabling this will not affect protection?
 

Attachments

  • Like
Reactions: Logethica

jamescv7

Level 61
Verified
Trusted
Behavior Blocker these days like from F-secure and Emsisoft are can manage well based on cloud reputation database in order to achieve easy decision making but likely different when its not connected.

Actually that's the more sufficient in the techniques for security matters as typical users may still confused about suspicious behavior without any basis of reference.

As much as possible just ticked the option for joining cloud service, its better to be safe than sorry.
 
  • Like
Reactions: venustus
H

hjlbx

Behavior Blocker these days like from F-secure and Emsisoft are can manage well based on cloud reputation database in order to achieve easy decision making but likely different when its not connected.

Actually that's the more sufficient in the techniques for security matters as typical users may still confused about suspicious behavior without any basis of reference.

As much as possible just ticked the option for joining cloud service, its better to be safe than sorry.
jamescv7 makes extremely important point - user will not know what to do if they have little or no experience (basis of reference). That is primary problem with both - more so with HIPS than Behavior Blocker.

I only learned by practicing with actual malware... I can't see any other way to learn how any particular AV works.
 
  • Like
Reactions: venustus
D

Deleted member 2913

Behavior Blocker these days like from F-secure and Emsisoft are can manage well based on cloud reputation database in order to achieve easy decision making but likely different when its not connected.

Actually that's the more sufficient in the techniques for security matters as typical users may still confused about suspicious behavior without any basis of reference.

As much as possible just ticked the option for joining cloud service, its better to be safe than sorry.
I ticked the option.
 
  • Like
Reactions: Logethica
D

Deleted member 178

best BBs are in order:

1- Emsisoft (mamutu now built-in EAM/EIS)
2- Norton (Sonar)
3- F-secure (deepguard)
4- Threatfire (not developed anymore)
 

Cch123

Level 7
Verified
Adding on the Umbra's list, Trend and GData's behaviour blockers are now one of the best in the market. I particularly like how GData allow you to see what actions has the program taken before the behavior alert triggers so that you can make a more informed decision. For example, a behaviour alert triggers for a program writing an autostart entry. But there are many legitimate reasons for writing autostart entries too. However, if you see that the program has attempted to download from the internet and inject code before writing the entry, it is probably malicious.