- Feb 25, 2017
- 2,498
I disagree with one thing. I would put F-Secure as second tier. It doesn't have as many FPs as Norton and DeepGuard is really responsive. Definitely wouldn't put it on the same level as McAfee... That's an insult.
Best behavior blocker/0 day
- Thread starter likeastar20
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Aug 28, 2015
- 772
Well said. I like how he picked my post out of multiple people mentioning ESET here in this thread.
- Feb 25, 2017
- 2,498
But to be fair it's really not effective with the default ruleset.
- Aug 28, 2015
- 772
But to be fair it's really not effective with the default ruleset.
It's effective enough. But if you setup HIPS which really is not that difficult, it does quite well. Not on the level of Kaspersky however.
- Apr 16, 2017
- 1,876
I have seen BB/0 day module in action for Kaspersky, Bitdefender, Emsisoft & Avast, but it was fortunately/unfortunately only for PUA/PUM/adware (with 1-2 VT detections), because I rarely encounter malware. Each of them protected the system when it needed to.
Does that mean they are the best? Not really. It means that either I just haven't used other AV/AM that much or I rarely see such scary stuff like an actual ransomware or Trojan.
Also last time I used Emsisoft its support was top notch.
Does that mean they are the best? Not really. It means that either I just haven't used other AV/AM that much or I rarely see such scary stuff like an actual ransomware or Trojan.
Also last time I used Emsisoft its support was top notch.
Last edited:
In MY opinion: Kaspersky System Watcher, Bitdefender ATD, G-Data BEAST
+ F-Secure DG(weaker than 3 of them I think)
Other than these, I've never seen a product detecting threats using 'behavirol module'.
+ F-Secure DG(weaker than 3 of them I think)
Other than these, I've never seen a product detecting threats using 'behavirol module'.
Last edited:
- Feb 17, 2018
- 870
Is McAfee's BB that bad? Mcafee has had long history of behaviroal guard called "Artemis" and I think it's still effective.(But yeah can't compare to 'top-tier' products)
These days, I think AV Company doesn't strictly discern their detecting methodologies. They make some " blahblah tech™ " and incorporates all the modern technologies(Machine learning(AI), Behavioral Guard, Cloud-Based, Reputation system, etc.) under those name.
Like, Bitdefender Theta, McAfee's Artemis, G-DATA Deepray or BEAST, ESET LiveGuard.. These trademarks are just for advertisement or something, in the real world they use multiple moduels at once to detect 1 malware.
Like, Bitdefender Theta, McAfee's Artemis, G-DATA Deepray or BEAST, ESET LiveGuard.. These trademarks are just for advertisement or something, in the real world they use multiple moduels at once to detect 1 malware.
- Jan 14, 2015
- 1,761
It's endpoint solution had it more decent than home use versions although contrary to popular belief mcafee home versions were and still are perfectly fine for average Joe usage granted you don't go on a mad crusade to download everything under the sun while not using any pop up blocker and just unsafe web surfing practices.
Ever since McAfee moved their endpoint to another company however I stopped using it as I couldn't be bothered to go through the process of renewing my grant number etc and there was no need to anymore.
Thanks for sharing informations. although McAfee scores bad on some tests and its reputation is also bad for people, yes Mcafee is more than enough for average Joe.
Btw, McAfee's enterprise was merged into the Trellix as I know(is that right?
) and Trellix uses Bitdefender engine. Then They don't use McAfee's signature anymore?
- Sep 9, 2017
- 55
The best support service from publishers...no other does as well in supporting its customers and especially not F-Secure
Yeah that was my best guess for what 'abch' was. I didn't want to be unethical and submit something harmless to Malware Bazaar but I suspected that they might be adding cloud hashes for almost everything in Malware Bazaar or perhaps automated sandboxes where certain criteria are met.Maybe the FP rate of F-Secure is lower in your country due to a larger user base. DeepGuard will sometimes block unknown applications based on their prevalence (I think ML also plays a role in deciding whether to block or not). You can check for the reason why DeepGuard blocks an application in the logs. In most cases, the reason is "rare".
I got this idea (abch = abuse.ch) from @MacDefender.
I personally don't like the practice. While it may improve zero-day detections some, I feel it is more of a cheap trick to make performance look strong when amateur malware testers try the product.
FWIW DeepGuard can be a little touchy with unknown applications, but it's not the most sensitive. I have been doing some ASP.NET Core app development this past month and had to remove Emsisoft Business Security from my server because its behavior blocker kept flagging almost every compilation product of an ASP.NET Core webapp as behavior "trojan horse". And because the hashes and paths all change as the app gets compiled per commit, I can't whitelist it.
- Mar 19, 2022
- 650
- Jan 14, 2015
- 1,761
sorry thought I answered before.Thanks for sharing informations. although McAfee scores bad on some tests and its reputation is also bad for people, yes Mcafee is more than enough for average Joe.
Btw, McAfee's enterprise was merged into the Trellix as I know(is that right?
In fact Trellix is a brand launched by Symphony Technology Group - STG for short, which first acquired in 2021 McAfee Enterprise and then FireEye sold their brand and products to STG. Result = Trellix.
Fun fact FireEye also previously acquired another company that was known for cyber security investigation and handling and as a result, it further expanded from there.
On its own, STG basically incorporated both acquisitions technology into a new one known as Trellix.
It has a lot of similarities to MD (Microsoft Defender for Endpoint) in terms of underlaying technologies:
Malware protection
Anti-phishing
Behavioral threat analysis
Machine learning
Cloud-based threat detection
In terms of Attack detection and mitigation, from what I know Trellix quarantines suspicious threats or suspected threads into quarantine straight away but also does a backup/duplication of safe copies of files as a counter measure.
MD doesn't as far as I know but I could be wrong.
When it comes to machine learning, both are top notch but while MD sends sensor data for threat detection, Trellix uses the more traditional way of recording process level behaviour to analyze data etc, so basically a more traditional behaviour blocker technology.
The final difference between the two is S-A and M-A (Single-Agent and Multi-Agent)
MD uses M-A while Trellix uses S-A.
I personally prefer S-A but both are easy to maintain except one small difference. For MD, you have to have an OS update to update the platform while on Trellix you dont.
As for the engine that Trellix uses, I do not know. If I can get my hands on it, I will let you know.
Hmm, Thoma Bravo still lists McAfee (with text that includes its NextGen enterprise divisions). Thoma Bravo should have updated its site long ago but McAfee is still listed there.
Thoma Bravo Portfolio Companies
Thoma Bravo's private equity investment portfolio includes many of the world's leading companies in applications, infrastructure and cybersecurity.
.png)
www.thomabravo.com
