Battle Behavioural Protection, which is better?

Compare list
Advanced Threat Defense - Bitdefender
CyberCapture - Avast/AVG
Deep Guard - F-secure
McAfee
Sonar - Norton
System Watcher - Kaspersky

Others, free to nominate
Platform(s)
  1. Microsoft Windows
  2. Windows on Arm (Qualcomm)
  3. Apple Mac (M1 and newer)
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,335
Behavioural protection works by monitoring the behaviour of applications and programs in real time. If it detects any suspicious activity or deviation from usual patterns, it triggers an alert or blocks the activity. On the other hand, heuristic analysis is more about detecting new, unknown threats by examining code and looking for patterns or characteristics that are typical of malware. Both have their strengths, but behavioural protection tends to be more effective at catching zero-day threats.
 
  • Love
  • Like
Reactions: zampa343 and Behold Eck
RRlight

RRlight

Level 1
Thread author
May 11, 2024
49
Allego said:
Out of those list, I'm only familiar with Kaspersky so I say System Watcher. But why not try them all out and see what works best on your system
Click to expand...
Thanks. I indeed tested some of those. Avast, Kaspersky and F-Secure, with a small amount of samples, double-click if they are not instantly killed by file protection. But their performance is kinda hard to compare, at least for my small tests. For some samples, Kaspersky did well and for other samples avast did well.

Increasing the number of samples would be time-consuming. Besides, I'm also worried the samples could spread through the LAN formed by the virtual and host machine, and infect the host OS.
 
  • Like
Reactions: JB007, rashmi, Nevi and 2 others
RRlight

RRlight

Level 1
Thread author
May 11, 2024
49
Nikola Milanovic said:
then Comodo VirusScope(Static and Dynamic Behaviour Analysis with machine learning)
Click to expand...
Thank you for the reply.

But I tried Comodo 2025 frankly speaking, with default setting, which is closer to common home users. 1st VM I installed its firewall component with F-Secure. So it does have HIPS and VirusScope. But for the new samples I tried to execute, only containment, firewall and HIPS are triggered, didn’t see VirusScope pop up. And even HIPS not quite much F-Secure’s Deep Guard is triggered several times. The 2nd VM is purely CIS 2025. Out of 40 samples the VirusScope is triggered only 4 times, scan detects only 1. So it's 5/40 in total. Compared to Kaspersky with File Protection turned off and without internet, Kaspersky intercepts and kills more than half of the samples., while with internet, more than 30. Although I must say Comodo's containment/sandbox is another viable way for unknown threats surely, with years of history.
 
  • Like
  • Thanks
  • +Reputation
Reactions: Abhishek Singha, Nunzio_77, Jonny Quest and 5 others
Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
CyberCapture is not behavioural protection, it is cloud detonation (lightweight one).
Kaspersky System Watcher and Bitdefender are top, followed by Norton Sonar and Avast/AVG IDP.
McAfee Real Protect would be just below these two, on par with F-Secure DeepGuard.

As to behaviour vs heuristic, behavioural analysis is also based on rules called heuristics. One is pre-execution, the other one is post-execution.

Pre-execution analysis blocks threats before they strike but is limited from the point of view that the analysis must be instant with very little resources.
This makes it more prone to evasion compared to post-execution analysis.

Behavioural protection observes the true nature of the file and is less prone to evasion, but is limited from the point of view that stuff is already happening and by the time detection occurs, irreversible damage may already have been done.

This is why pre-execution and post-execution are combined together and none of them is more important than the other but the earlier an attack is blocked, the better. Post-execution protections are hence a last line of defence when everything else has failed.
 
Last edited:
  • Like
  • +Reputation
  • Hundred Points
Reactions: Andy Ful, Abhishek Singha, JB007 and 12 others
rashmi

rashmi

Level 11
Jan 15, 2024
539
RRlight said:
But I tried Comodo 2025 frankly speaking, with default setting, which is closer to common home users. 1st VM I installed its firewall component with F-Secure. So it does have HIPS and VirusScope. But for the new samples I tried to execute, only containment, firewall and HIPS are triggered, didn’t see VirusScope pop up. And even HIPS not quite much F-Secure’s Deep Guard is triggered several times. The 2nd VM is purely CIS 2025. Out of 40 samples the VirusScope is triggered only 4 times, scan detects only 1. So it's 5/40 in total. Compared to Kaspersky with File Protection turned off and without internet, Kaspersky intercepts and kills more than half of the samples., while with internet, more than 30. Although I must say Comodo's containment/sandbox is another viable way for unknown threats surely, with years of history.
Click to expand...
Comodo's detection technologies have always been average at best. Whitelisting and containment are Comodo's major strengths. If you prioritize prevention over detection, Comodo is worth considering because of its default-deny approach.
 
  • Like
  • +Reputation
Reactions: Nunzio_77, Dave Russo, JB007 and 5 others
Nikola Milanovic

Nikola Milanovic

Level 2
Oct 17, 2023
92
RRlight said:
Thank you for the reply.

But I tried Comodo 2025 frankly speaking, with default setting, which is closer to common home users. 1st VM I installed its firewall component with F-Secure. So it does have HIPS and VirusScope. But for the new samples I tried to execute, only containment, firewall and HIPS are triggered, didn’t see VirusScope pop up. And even HIPS not quite much F-Secure’s Deep Guard is triggered several times. The 2nd VM is purely CIS 2025. Out of 40 samples the VirusScope is triggered only 4 times, scan detects only 1. So it's 5/40 in total. Compared to Kaspersky with File Protection turned off and without internet, Kaspersky intercepts and kills more than half of the samples., while with internet, more than 30. Although I must say Comodo's containment/sandbox is another viable way for unknown threats surely, with years of history.
Click to expand...
Comodo VirusScope is really good Shadowra tested it and also i test it everyday its really good
 
  • Like
Reactions: Dave Russo, JB007, simmerskool and 2 others
Nikola Milanovic

Nikola Milanovic

Level 2
Oct 17, 2023
92
RRlight said:
Thank you for the reply.

But I tried Comodo 2025 frankly speaking, with default setting, which is closer to common home users. 1st VM I installed its firewall component with F-Secure. So it does have HIPS and VirusScope. But for the new samples I tried to execute, only containment, firewall and HIPS are triggered, didn’t see VirusScope pop up. And even HIPS not quite much F-Secure’s Deep Guard is triggered several times. The 2nd VM is purely CIS 2025. Out of 40 samples the VirusScope is triggered only 4 times, scan detects only 1. So it's 5/40 in total. Compared to Kaspersky with File Protection turned off and without internet, Kaspersky intercepts and kills more than half of the samples., while with internet, more than 30. Although I must say Comodo's containment/sandbox is another viable way for unknown threats surely, with years of history.
Click to expand...
Also Xcitium/Comodo has a cloud based file analysis system that has Static and Dynamic Analysis Cloud Verdict Customer Login | Xcitium Cloud Verdict
VirusScope is Static and Dynamic Analysis
Dynamic Analysis:
Static Analysis:
1717844541475.png
1717844484526.png
 
Last edited:
  • Like
Reactions: Dave Russo, JB007, simmerskool and 2 others
ErzCrz

ErzCrz

Level 22
Verified
Top Poster
Well-known
Aug 19, 2019
1,156
Emsisoft I felt was good at behaviour detection though by that point, the malware would already be running. I prefer the default deny approach of CyberLock, Comodo's containment or @Andy Ful 's hardening tools where files are denied by default and analyzed/cloud checked.
 
  • Like
Reactions: Dave Russo, JB007, Andy Ful and 5 others

Similar threads

RRlight
    • Like
    • Wow
Serious Discussion How good is Microsoft Defender's protection now in 2024?
Replies
27
Views
1,398
Microsoft Defender
Andy Ful
Andy Ful
ifacedown
Battle Kaspersky Free + Kaspersky Anti-Ransomware Tool Free vs. ESET Security Ultimate
Replies
21
Views
632
Software Comparison
Ashish1+1
Ashish1+1
Trident
    • Like
    • Applause
    • +Reputation
  • Poll
Battle Planned: Real-world Test of Trend Micro, ZoneAlarm, Eset and Webroot
Replies
202
Views
11,047
Software Comparison
Adrian Ścibor
Adrian Ścibor

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top