I think if one sets the BB to autopilot it will auto-resolve. It is something I have not tested yet. I test at maximum settings as that is typically where are the bugs and issues are revealed in security softs.
Best Behaviour Blocker?
- Thread starter LukeLovesSecurity
- Start date
I think if one sets the BB to autopilot it will auto-resolve. It is something I have not tested yet. I test at maximum settings as that is typically where are the bugs and issues are revealed in security softs.
I wish there was such option, it's much needed, or something like that in regards.
I'm pretty sure autopilot. It is easy enough to test.
G DATA could use more feedback. It is just that everything needs to be directed through their closed support. You can open a case and then enable CTRL + GG, enable logging (top item first, recreate issue, then the remaining log collection and use the case number you opened to submit it). Videos and screenshots are helpful.
- Jan 8, 2017
- 1,318
I know that Dr. Web Katana reacts very fast and good (on paranoid settings). It will block each attack.
- Sep 9, 2013
- 1,054
Well they have been updating their Anti-Ransomware module,i think in a few updates it should take ransomware like Petea on.Best is Kaspersky, but I gave my vote for other, that is G Data.
I have experienced that G Datas Anti-Ransomware module is too slow to react, upon detecting suspicous encryption of user files, it gives an option to Allow or Block, if you (user input) is slow (action isn't taken in about 5sec upon alert) files get encrypted, no matter what you click after, Block or Allow. But if you click Block fast enough, files stay safe. I have seen this couple of times just by testing BB module and with virus monitor disabled. You probably understand what I am talking about, since you know G Data very well, so you might be able to enlighten on this a bit. I think BB module is very strong. I love reading those detailed G Data Logs
- Feb 22, 2013
- 451
1. Emsisoft
2. Kaspersky
3. Bitdefender
4. ESET
2. Kaspersky
3. Bitdefender
4. ESET
BB yeah, but AntiRansomware module I haven't seen working entirely on autopilot when it comes suspicious encryptions in the background, asking wether you want to Allow or Block (this was the case with the Locky (Diablo6) when files got trashed even after clicking Block, thanks to @silversurfer for the sample). Too bad I can't reproduce the issue now since G Data cloud look-up picks it up right away and I don't have any screen for proof. However in another case with 12345.js sample (thanks to @silversurfer) Cerber got recognized quite fast by AntiRansomware module and no user input was needed and no harm was done to files. Maybe it is about G Data handling differently "Suspicious" (by user input) and "Malicious" (by autopilot) encryption methods recognized by AntiRansomware module? I'm not sure.
Last edited by a moderator:
I think you hit the nail right on the head. The BB needs some improvements. Back in Jan it would not stop Cerber. Now it does most of the time.
I have seen various other bugs:
A. Treats *.js files as archives
B. Detected files not moved to Quarantine
C. Alert states will Quarantine entire archive, but nothing is moved to Quarantine
D. Files deleted from Recycle bin are re-detected
E. Bank protection will keep throwing infection alert until Quarantine is deleted
F. File images left in file system with size 0 KB
G. Multiple firewall Alert\GUI bugs for server applications (e.g. DropBox)
H. When select "Move to Quarantine" file is not moved to Quarantine
I. Duplicate firewall alerts for programs that already have the same Allow rule
J. Bugs in firewall alerts (Known\Unknown processes > look up modules)
etc
It's all GUI bug\error stuff; system is protected.
That's why I said G DATA needs more feedback.
The Antiransomware module is a bit odd. Most typical users will look at the alerts and logging and scratch their head. G DATA is a techie security soft.
- Oct 30, 2015
- 1,251
This is what I feel:
Most if not all BB worked decently well to suit majority of users around the world (minus the complicated/complex case where new malware emerges). I personally go for Emsisoft because it's cheap (5 yrs+ subscription) and very user friendly for my family desktop/laptop uses.
However, if you're those happy clicker type; especially those who are curious and loves to click/download potentially unknown site/files; then I suggest you go for those anti-executables or SRP-type program. E.g. NVT ERP or AppGuard (both in Lockdown Mode)
Most if not all BB worked decently well to suit majority of users around the world (minus the complicated/complex case where new malware emerges). I personally go for Emsisoft because it's cheap (5 yrs+ subscription) and very user friendly for my family desktop/laptop uses.
However, if you're those happy clicker type; especially those who are curious and loves to click/download potentially unknown site/files; then I suggest you go for those anti-executables or SRP-type program. E.g. NVT ERP or AppGuard (both in Lockdown Mode)
- Jul 6, 2017
- 2,392
For me, the best born behavior detector is from Emsisoft, but if Kasperky is configured it is almost invincible
- Sep 9, 2013
- 1,054
Well it could be the latest update that made the AntiRansomware acts like the Web Protection.
- Jul 3, 2017
- 625
What about the BB in Avast? Much has been mentioned on this forum about tweaking the hardened mode, and heuristics and one will be set with a good configuration along with CFcs.
Avast is out of favor now?
Avast is out of favor now?
avast's BB is very good but not as good as emsi, KIS, Dr.Web, BD, Gdata. Avast'ss BB relies strictly on the internet connection so if the internet is unstable or not present, avast won't work
the good thing is, it's constantly improving due to realtime updates/fix while most other BBs don't
for example, now it may miss a few samples but after several hours, it would detect the samples
if we configure Hardened mode properly with a few windows tricks, it's seriously hard to bypass because it's default-deny module For example, disabling Windows script host and powershell + tell yourself never execute anything other than .exe files because HM only supports exe file
in other for avast to work best with CF, I recommend to disable hardware virtualization (in troubleshooting) and add comodo folders to exclusion in the main settings screen
optional, you can disable cybercapture, web shield, reputation services (this will slightly decrease the detection rate but significantly increase the speed of avast)
Last edited:
- May 7, 2016
- 1,287
Avast is ok.For me 1.Emsisoft,2.ESET(if u set it properly),3.Kaspersky,4.Avast/Bitdefender,5.Norton,6.Quick Heal(Recent update).
I Eset doesn't have any BB. Only has HIPS and HIPS is different
Kaspersky's application control is also HIPS but not as easy as ESET to configure
there is some guides here which are useful too
- Jul 3, 2017
- 625
Evjl's Rain, I am using Avast Premier 2017 now, and per your earlier postings, I have enabled Hardened Mode and switched to Aggressive. I do not have the web shield component installed but regarding the disabling of cybercapture and reputation services, do you mean increase the speed of detection or the responsiveness of Avast?
I have now disabled the hardware virtualization, and have added Comodo to my Exclusions. Thanks for you support, and suggestions.
Btw, I forgot to mention, I have Heuristics set at Normal. Should I bump it to High, too?
because if you disbale cybercapture, I don't think it affects the result because cybercapture requires several modules enabled and one of them is web shield, which we disabled => CC won't work
moreover, if hardened mode is enabled, malwares are 99% won't proceed to cybercapture because they are blocked by Hardened mode first. I have seen this many times, enabling Hm and disabling CC is good
disabling reputation services will improve the speed and responsiveness of everything. it's one of the modules that make avast slow. Again, if we have HM, I can see reputation service is redundant because HM will block most of the malwares
if reputation services is disabled, avast won't have to wait for result from the cloud. You won't see the detection of FileRepMalware anymore but in exchange you have a faster-than-light avast
of course disabling this will slightly decrease the detection rate but you already have HM comodo so there is no need to worry
setting heuristics to normal is ok. if you want you can set it to high but beware the performance impact
Last edited:
- Jul 3, 2017
- 625
Similar threads
