Best Behaviour Blocker?

Best Behaviour Blocker?

  • Emsisoft

    Votes: 52 41.6%

  • Kaspersky

    Votes: 47 37.6%

  • Avast

    Votes: 7 5.6%

  • Bitdefender

    Votes: 11 8.8%

  • ESET

    Votes: 1 0.8%

  • Other (Specify)

    Votes: 7 5.6%
  • Total voters
    125
Lockdown said:
The Antiransomware module is a bit odd. Most typical users will look at the alerts and logging and scratch their head. G DATA is a techie security soft.
Click to expand...
Some of the Locky variants with (.lukitus) extension also leave me scratching my head, because AntiRansomware module detects most variants, stating that ".. following proccess were therefore interrupted by G DATA.." however it wasn't (or it was too late after clicking "Block", because encryption proccess weren't "frozen" when dialog box came up, and still kept going in background). Anyway, log files were collected and sent so I hope they come up with some improvements in next updates. :)
Capture2.PNG
Capture3.PNG
 
  • Like
Reactions: Davidov, RoboMan, shukla44 and 2 others
I can name a few G Data, Emsisoft, Kaspersky and AVG, but id recommend Emsisoft since it offers the most specific settings and is an internal part of their program
 
  • Like
Reactions: Fritz
Peter2150 said:
And here in lies the problem in even asking this kind of questions. Multiple opens of different folks which leaves the equestion still unanswered. The answer is you have to evaluate and make your own decision.
Click to expand...

This is the fundamental truth--one might be influenced by loyalty, subscription cost or customer service, variables that have nothing to do with a specific feature. It's not possible to be strictly objective when it comes to behavior blockers because of user interaction in real time, plus infinite machine/software combinations, etc.

Which leaves these AVs heavily dependent on marketing and word of mouth, both crucial for survival. And polls like this. :)
 
  • Like
Reactions: Deleted Member 3a5v73x, Fritz and frogboy
davisd said:
Some of the Locky variants with (.lukitus) extension also leave me scratching my head, because AntiRansomware module detects most variants, stating that ".. following proccess were therefore interrupted by G DATA.." however it wasn't (or it was too late after clicking "Block", because encryption proccess weren't "frozen" when dialog box came up, and still kept going in background). Anyway, log files were collected and sent so I hope they come up with some improvements in next updates. :)
View attachment 165499
View attachment 165500
Click to expand...
In the same log, GDATA stated that processes were stopped and malware was deleted. Suspicious activity that triggered the detection was the rename of picture filles. Aka the behaviour blocker triggered the anti ransomware module when it was too late. It probably stopped the encryption at some time, too late. Another proof of this is that GData mentions the block of wscript.exe but the payload was already downloaded since it blocked it from the AppData folder.
 
  • Like
Reactions: Fritz and Deleted Member 3a5v73x
RoboMan said:
In the same log, GDATA stated that processes were stopped and malware was deleted. Suspicious activity that triggered the detection was the rename of picture filles. Aka the behaviour blocker triggered the anti ransomware module when it was too late. It probably stopped the encryption at some time, too late. Another proof of this is that GData mentions the block of wscript.exe but the payload was already downloaded since it blocked it from the AppData folder.
Click to expand...
I saw that happening with malware i been testing from the hub.
 
  • Like
Reactions: Fritz
so Gdata should more improve their bb? no recommendation?
 
You must log in or register to reply here.

You may also like...