For that reason, that would be having a balance of protection.
Behavior vs Signature: which is the best strategy?
- Thread starter RoboMan
- Start date
- Featured
And yet, the 1st line of defense, the best BB is our own behavior blocker, of what we're downloading, clicking, and ticking. About an hour ago, I had in my email one of those dire "you need to, you have to" messages (bypassed spam filter), from a address like 12hh49jkd@...... complete with a PDF to download and then to what, to click and run it?
My AV, whether it's more of a behavior based AV or signature based, is not as critical in my case for what I do and don't do online, besides my own online behavior and "hygiene". Give me a good stable, low system impact, glitch free AV, and I'm okay with whatever it may excel at
My AV, whether it's more of a behavior based AV or signature based, is not as critical in my case for what I do and don't do online, besides my own online behavior and "hygiene". Give me a good stable, low system impact, glitch free AV, and I'm okay with whatever it may excel at
Yeah disabling individual modules to test ESET. The worst tester. ESET although has no BB, yet the LiveGuard and Document protection are excellent addons. LG blocks unknown files from running unless the cloud analysis returns a verdict and folder guard protects the folders that you have added from malware. ESET HIPS & Firewall when properly configured can block many common attacks. I trust @Shadowra tests any day over those stupid tests done by Leo. If you get the time mate, please test ESET SSP with the custom HIPS & FW rules.
No matter how good your BB is, it’ll never come close to static detection. I agree that modern AV’s should have BB but it should only be used as the last line of defence. A good BB will block and delete the malware post execution but you will never know if the malware has changed any registry keys or modified any startup entry or added a scheduled task that has not been rolled back by the BB. Rollback is an important and integral part of any good BB. As @SeriousHoax rightly said, I’ll want my burglar alarm to sound as soon as the burglars try to break the door. If they gain entry and destroy some things in my house before the alarm sounds off, I don’t think I’ll get my broken things back.
The longer the reaction time interval of BB, the more the changes.
Exactly and you’ll never know if all the changes were reverted back or not.
If you watch Leo's video, you will see that all the Eset modules are activated in the test. Having a bad BB is no excuse. Be careful, I have seen that Eset problem with ransomware and unknown attacks where there is no signature for that malware, not only in Leo.Yeah disabling individual modules to test ESET. The worst tester. ESET although has no BB, yet the LiveGuard and Document protection are excellent addons. LG blocks unknown files from running unless the cloud analysis returns a verdict and folder guard protects the folders that you have added from malware. ESET HIPS & Firewall when properly configured can block many common attacks. I trust @Shadowra tests any day over those stupid tests done by Leo. If you get the time mate, please test ESET SSP with the custom HIPS & FW rules.
The results of the last comparative test by @Shadowra revealed ESET at the first rank for paid AVs and MD for free AVs; waiting for the 2026 new comparative test.
For quite a lot of ransomwares yes but block it during its execution chain obviously not be too late as ransomware on today's modern computers can trash GBs of data in few seconds. Every unit of time matters. What i meant to say that ESET had no behavior detection for ransomware and it can never be late to the party.
Yes we wait patiently however he recently said that he is using some different paid vendor than ESET on his PC.
Outdated tests. He doesn’t use Folder Guard or LiveGuard.
F
ForgottenSeer 123960
When building a resilient security posture, industry frameworks from NIST, specifically Special Publication 800-83, and the SANS Institute agree that effective malware defense is never an either/or choice. The established standard demands a layered, defense-in-depth approach. On the front lines, static signature matching provides highly efficient, low-resource detection for known commodity threats with near-zero false positives. Because signatures are inherently blind to zero-day exploits and polymorphic malware, behavior-based detection serves as the necessary safety net. By evaluating programs based on their real-time actions, behavioral heuristics catch the sophisticated or fileless attacks that slip past static defenses.
Relying entirely on dynamic heuristics, however, introduces a distinct vulnerability, the malware typically must execute to be detected. Without robust isolation tools like sandboxing or micro-virtualization, rapid-encryption ransomware can inflict irreversible damage in the split seconds before a behavioral engine successfully quarantines the process. To close these gaps, the optimal architecture is a comprehensive Endpoint Protection Platform (EPP). This setup leverages strict pre-execution signature blocking at the perimeter, backed immediately by continuous behavioral monitoring and automated containment to neutralize novel attacks. Both NIST and SANS consistently reinforce that because no automated tool is flawless, the true bedrock of your defense remains strict least-privilege access controls and rigorous digital hygiene.
Relying entirely on dynamic heuristics, however, introduces a distinct vulnerability, the malware typically must execute to be detected. Without robust isolation tools like sandboxing or micro-virtualization, rapid-encryption ransomware can inflict irreversible damage in the split seconds before a behavioral engine successfully quarantines the process. To close these gaps, the optimal architecture is a comprehensive Endpoint Protection Platform (EPP). This setup leverages strict pre-execution signature blocking at the perimeter, backed immediately by continuous behavioral monitoring and automated containment to neutralize novel attacks. Both NIST and SANS consistently reinforce that because no automated tool is flawless, the true bedrock of your defense remains strict least-privilege access controls and rigorous digital hygiene.
ESET is not good even in static detection against ransomware:
Source? Or it’s just because it failed some tests from Leo? ESET signatures are one of the best in the industry because it lacks a proper BB. All AV’s can miss some threats.ESET is not good even in static detection against ransomware:
Signatures only for reliability, like FortiClient, I did not have to worry about it randomly removing or blocking my files.
Rather than using a security guard, I prefer to lock doors, windows and allow only one entrance under a surveillance.
Rather than using a security guard, I prefer to lock doors, windows and allow only one entrance under a surveillance.
I hunt malware on a regular basis and find eset to be sub-optimal against ransomware threats. This sample was first observed in the wild on 9th but still no signature. Even VT threat insights is able to identify it as ransomware.
According to the same link, MD is enough.ESET is not good even in static detection against ransomware:
Blacklisted in ESET Cloud (Livegrid)ESET is not good even in static detection against ransomware:
You may also like...
-
DEBATE | Are security YouTubers misleading people about antivirus effectiveness?- Started by RoboMan
- Replies: 26
-
The Necessity of Simulating the Full Malware Infection Chain for Security Suite Testing- Started by harlan4096
- Replies: 3
-
Do Free Antivirus Solutions Still Offer Enough Protection in 2025?- Started by Bot
- Replies: 35