Best Behaviour Blocker?

Best Behaviour Blocker?

  • Emsisoft

    Votes: 52 41.6%

  • Kaspersky

    Votes: 47 37.6%

  • Avast

    Votes: 7 5.6%

  • Bitdefender

    Votes: 11 8.8%

  • ESET

    Votes: 1 0.8%

  • Other (Specify)

    Votes: 7 5.6%
  • Total voters
    125
D

Deleted Member 3a5v73x

Lockdown said:
The Antiransomware module is a bit odd. Most typical users will look at the alerts and logging and scratch their head. G DATA is a techie security soft.
Click to expand...
Some of the Locky variants with (.lukitus) extension also leave me scratching my head, because AntiRansomware module detects most variants, stating that ".. following proccess were therefore interrupted by G DATA.." however it wasn't (or it was too late after clicking "Block", because encryption proccess weren't "frozen" when dialog box came up, and still kept going in background). Anyway, log files were collected and sent so I hope they come up with some improvements in next updates. :)
Capture2.PNG
Capture3.PNG
 
  • Like
Reactions: Davidov, RoboMan, shukla44 and 2 others
Plebman123

Plebman123

Level 2
Verified
Aug 30, 2017
69
I can name a few G Data, Emsisoft, Kaspersky and AVG, but id recommend Emsisoft since it offers the most specific settings and is an internal part of their program
 
  • Like
Reactions: Fritz
P

plat1098

Peter2150 said:
And here in lies the problem in even asking this kind of questions. Multiple opens of different folks which leaves the equestion still unanswered. The answer is you have to evaluate and make your own decision.
Click to expand...

This is the fundamental truth--one might be influenced by loyalty, subscription cost or customer service, variables that have nothing to do with a specific feature. It's not possible to be strictly objective when it comes to behavior blockers because of user interaction in real time, plus infinite machine/software combinations, etc.

Which leaves these AVs heavily dependent on marketing and word of mouth, both crucial for survival. And polls like this. :)
 
  • Like
Reactions: Deleted Member 3a5v73x, Fritz and frogboy
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,400
davisd said:
Some of the Locky variants with (.lukitus) extension also leave me scratching my head, because AntiRansomware module detects most variants, stating that ".. following proccess were therefore interrupted by G DATA.." however it wasn't (or it was too late after clicking "Block", because encryption proccess weren't "frozen" when dialog box came up, and still kept going in background). Anyway, log files were collected and sent so I hope they come up with some improvements in next updates. :)
View attachment 165499
View attachment 165500
Click to expand...
In the same log, GDATA stated that processes were stopped and malware was deleted. Suspicious activity that triggered the detection was the rename of picture filles. Aka the behaviour blocker triggered the anti ransomware module when it was too late. It probably stopped the encryption at some time, too late. Another proof of this is that GData mentions the block of wscript.exe but the payload was already downloaded since it blocked it from the AppData folder.
 
  • Like
Reactions: Fritz and Deleted Member 3a5v73x
nsm0220

nsm0220

Level 21
Verified
Sep 9, 2013
1,054
RoboMan said:
In the same log, GDATA stated that processes were stopped and malware was deleted. Suspicious activity that triggered the detection was the rename of picture filles. Aka the behaviour blocker triggered the anti ransomware module when it was too late. It probably stopped the encryption at some time, too late. Another proof of this is that GData mentions the block of wscript.exe but the payload was already downloaded since it blocked it from the AppData folder.
Click to expand...
I saw that happening with malware i been testing from the hub.
 
  • Like
Reactions: Fritz
amico81

amico81

Level 21
Verified
Top Poster
Well-known
Jan 10, 2017
1,061
so Gdata should more improve their bb? no recommendation?
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Fake zero-day PoC exploits on GitHub push Windows, Linux malware
Replies
1
Views
1,526
News Archive
upnorth
upnorth
upnorth
    • +Reputation
    • Like
WhatsApp “ Zero-Day Exploit ” News Scare - What You Need to Know
Replies
0
Views
609
News Archive
upnorth
upnorth
A
    • Like
Some cuestions about configuring Kaspersky plus
Replies
3
Views
367
Kaspersky
Brahman
Brahman

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top