Best Behaviour Blocking

[mlnevese]

If you know what you are doing Emsisoft's BB is really good. For a non-technical user I'd really recommend Kaspersky or Norton... And I never thought I would ever recommend Norton again.... a few years ago I wouldn't have installed Norton even if I had a free license...

 

[Wave]

Why dont you try Emsisoft ? It holds its reputation for good BB and now with improved ransom ware protection. I use it myself and I have to say its no less compared to an Antiexe combo with a solid AV.
You don't need a complete internet security suit, EAM is sufficient as Windows Firewall is also good.

1. Ad-blocker for the web-browser (or use MVPS) + HTTPSEverywhere (extension - helps force HTTPS and this helps keep the info you submit to websites secured)
2. Windows Defender (real-time enabled)
3. BB/HIPS system + on-demand scanner (use Emsisoft Anti-Malware - enable the Behaviour Blocker but disable the real-time protection)
4. System backups (e.g. Paragon Backup & Recovery) (if you get infected, use the clean backup)

+ use your brain and watch what you do, don't be click happy = well protected

Or as an alternate you can mix Anti-Executable with Emsisofts' Behaviour Blocker or Windows Defender and that will probably be enough... Although if you are just using Anti-Executable, as long as you pay attention to what you allow and keep your focus game strong, you'll be fine anyway.

Or as another alternate you can mix Windows Defender with e.g. HitmanPro.Alert.. List can go on. Just keep it nice and light and stick to what you really need.

In reality you don't need a super fancy configuration with tons of stuff... The more products working in real-time will improve on the system performance slow-down and the amount of FPs, just use what is necessary (what you actually need) and ditch what you don't need, use what works best for you.

(BTW @Purshu_Pro this post isn't aimed at you, I am agreeing with you)

 

[Captain Awesome]

Emsisoft's BB is really good.

 

[jAcos]

I have Emsisoft and seems okay. Blocks any or something out of ordinary.

 

[shmu26]

use Emsisoft Anti-Malware - enable the Behaviour Blocker but disable the real-time protection)

@Wave, how would you compare that to Hitmanpro.Alert?

 

[Wave]

@Wave, how would you compare that to Hitmanpro.Alert?

HitmanPro.Alert includes exploit mitigation (protection against exploits, e.g. BadUSB) and also includes protection features such as ransomware protection. The official website provides a lot of information: Hitman Pro Alert: Real Time Malware Scanner, Anti-Exploit Tool | HitmanPro.Alert Download

 

[koko]

emsisoft internet security is still verry buggy so its best to buy emsi anti malware instead

What do you mean,'buggy' ? what bug's did you encounter ?

 

[omidomi]

Emsisoft BB mark both safe and dangerous files with the same alert.
Trend Micro BB Fps is very high.
just Kaspersky and Symantec are the best

 

[SHvFl]

HitmanPro.Alert includes exploit mitigation (protection against exploits, e.g. BadUSB) and also includes protection features such as ransomware protection. The official website provides a lot of information: Hitman Pro Alert: Real Time Malware Scanner, Anti-Exploit Tool | HitmanPro.Alert Download

You really can't compare them in my opinion. They offer protection using different methods.
But you are the expert so please correct me if you believe i am wrong.

 

[MalwareBlockerYT]

I would have to say that Kaspersky has the better blocker. I have been using Kaspersky Internet Security for about 6 months now after switching from Norton Internet Security & am extremely happy with Kaspersky's detection rate & features/settings. From what I've seen Kaspersky has the best out of the three but Emsisoft also has very high detection rates/good quality signatures & decent Behaviour Blocking.

 

[rosendalek]

Obviously we cant forget about Bitdefender's Active Threat Control (used to be called Active Virus Control)

 

[aragornnnn]

Kaspersky for me... malware hub proves everything

 

[ForgottenSeer 55474]

Bitdefender i would hope

 

[Wave]

You really can't compare them in my opinion. They offer protection using different methods.
But you are the expert so please correct me if you believe i am wrong.

We can compare them regardless of the methods they use, both Emsisoft Behaviour Blocker/Kaspersky Application Control and HitmanPro.Alert are very strong, no matter which one is used you will be well protected. However in terms of actual protection features, both Emsisofts' Behaviour Blocker and HitmanPro.Alert provide some form of ransomware/exploit protection.

I assume HitmanPro.Alert identifies things browser manipulation by doing things such as searching for signs of API hooking on a list of functions which are commonly hooked by malware such as Zeus to steal login credentials (e.g. in Internet Explorer some malware may hook HttpSendRequestA/W) or attempts to identified unknown modules loaded in the browser process (as an example).

Whereas Emsisoft Anti-Malware will not do things like this (again, I "assume" HitmanPro.Alert identifies things like browser manipulations that way, I have not checked nor know if that is a fact or not), it will monitor the untrusted processes and attempt to identify when they are trying to add to startup, inject into external processes (process manipulation), and so on.

However, if I look at it with a different view, I have to agree with you about the comparison, because I think you are both right and wrong about comparing them. Emsisoft Anti-Malware Behaviour Blocker is designed much differently to HitmanPro.Alert to be fair to them, where HitmanPro.Alert aims mostly at exploit mitigation especially (it seems this way at least).

As a summary I am kind of biased between them being compared, since both Emsisoft BB and HitmanPro.Alert have some similarities (e.g. the ransomware protection).

PS: I'm no more of an expert than you are. And this is all just speculation/opinions really

 

[SHvFl]

We can compare them regardless of the methods they use, both Emsisoft Behaviour Blocker/Kaspersky Application Control and HitmanPro.Alert are very strong, no matter which one is used you will be well protected. However in terms of actual protection features, both Emsisofts' Behaviour Blocker and HitmanPro.Alert provide some form of ransomware/exploit protection.

I assume HitmanPro.Alert identifies things browser manipulation by doing things such as searching for signs of API hooking on a list of functions which are commonly hooked by malware such as Zeus to steal login credentials (e.g. in Internet Explorer some malware may hook HttpSendRequestA/W) or attempts to identified unknown modules loaded in the browser process (as an example).

Whereas Emsisoft Anti-Malware will not do things like this (again, I "assume" HitmanPro.Alert identifies things like browser manipulations that way, I have not checked nor know if that is a fact or not), it will monitor the untrusted processes and attempt to identify when they are trying to add to startup, inject into external processes (process manipulation), and so on.

However, if I look at it with a different view, I have to agree with you about the comparison, because I think you are both right and wrong about comparing them. Emsisoft Anti-Malware Behaviour Blocker is designed much differently to HitmanPro.Alert to be fair to them, where HitmanPro.Alert aims mostly at exploit mitigation especially (it seems this way at least).

As a summary I am kind of biased between them being compared, since both Emsisoft BB and HitmanPro.Alert have some similarities (e.g. the ransomware protection).

PS: I'm no more of an expert than you are. And this is all just speculation/opinions really

OK i didn't think about the ransomware protection. Mostly when i think of HMPA i think of exploit protection.Reason i do that is mostly because i am stupid but meh.
The fact that a lot of malware are ransomware it lets the 2 products be compared and you are right. Thanks.

 

[Wave]

Kaspersky for me... malware hub proves everything

If I were you I would take the results from the Malware Hub with a grain of salt and nothing more, even though people are now performing dynamic testing. There are so many samples out there and each product works differently, and just because a sample is missed in the Malware Hub doesn't necessarily make it a "bad" product because that same product that missed the sample may pickup samples that other vendors don't, and without manually checking, how do you know that the sample being tested is 100% malicious? For all you know, some vendors may have FP detection's. Every product will have a good and bad day... One product doing well in the Malware Hub may not do so well the next day with some different samples. There are so many samples being released into the wild on a regular basis that it's impossible to mark different products in an order of which ones are the best, therefore there are no "best" products, it's just recommended to use what works well for yourself.

Testing security products is like an art, however not everyone has the time and patience to check over everything... And that is not a problem, that is why I recommend you take the results with a grain of salt. Same for results from "independent" AV testing labs such as AV-Comparatives, I wouldn't trust them as far as I could throw them, their results provide vendors an excuse for misleading marketing such as "100% detection" (and then maybe in some small-print next to that, "Based on AV-C tests").

 

[Wave]

OK i didn't think about the ransomware protection. Mostly when i think of HMPA i think of exploit protection.Reason i do that is that mostly because i am stupid but meh.
The fact that a lot of malware are ransomware it lets the 2 products be compared and you are right. Thanks.

No I am not "right", that was just my view in my own opinion, you are also right at the same time and I do agree with what you said as well. That being said, when I think of HitmanPro.Alert, exploit protection also comes to my mind as the main goal of the product, so you are not alone with this.

 

[shmu26]

use Emsisoft Anti-Malware - enable the Behaviour Blocker but disable the real-time protection

just trying to understand how to do this. Tell me if this is right:
1 enable real-time protection at startup
2 untick "activate file guard"
3 tick "activate behavior blocker"

Based on the discussion here, it sounds like this Emsisoft setup could be used in combo with HMPA and a simple AV.

 

[Wave]

just trying to understand how to do this. Tell me if this is right:
1 enable real-time protection at startup
2 untick "activate file guard"
3 tick "activate behavior blocker"

Based on the discussion here, it sounds like this Emsisoft setup could be used in combo with HMPA and a simple AV.

It's possible that Emsisoft Anti-Malware and HitmanPro.Alert may conflict, especially if you don't white-list both software in each product. However if anyone uses both in combination, let me know if it works well.

The reason I suspect it may potentially cause conflict is because since Emsisoft Anti-Malware has a Behaviour Blocker feature, it will work the same way other BB/HIPS systems work, usually via API hooking (so it can monitor the actions and intercept when necessary). Depending on how HitmanPro.Alert works, this may cause a conflict, since I believe HitmanPro.Alert will most likely attempt to detect hooks and repair them/notify the user of the manipulation (e.g. especially for browser processes to identify the browser becoming compromised).

Therefore, if Emsisoft does set hooks and then HMA starts detecting these and alerting the user about them = conflict. Even worse if it tries to repair them, and then Emsisoft tries to put them back in place, and it can continue in a loop.

However this is all just guesses, of course it would be a good idea to test and see if there is a conflict (I'd be interested in hearing about this), maybe if I get the chance I will test it myself if no one else currently uses both in combination to provide the feedback.

 

[shmu26]

It's possible that Emsisoft Anti-Malware and HitmanPro.Alert may conflict, especially if you don't white-list both software in each product. However if anyone uses both in combination, let me know if it works well.

The reason I suspect it may potentially cause conflict is because since Emsisoft Anti-Malware has a Behaviour Blocker feature, it will work the same way other BB/HIPS systems work, usually via API hooking (so it can monitor the actions and intercept when necessary). Depending on how HitmanPro.Alert works, this may cause a conflict, since I believe HitmanPro.Alert will most likely attempt to detect hooks and repair them/notify the user of the manipulation (e.g. especially for browser processes to identify the browser becoming compromised).

Therefore, if Emsisoft does set hooks and then HMA starts detecting these and alerting the user about them = conflict. Even worse if it tries to repair them, and then Emsisoft tries to put them back in place, and it can continue in a loop.

However this is all just guesses, of course it would be a good idea to test and see if there is a conflict (I'd be interested in hearing about this), maybe if I get the chance I will test it myself if no one else currently uses both in combination to provide the feedback.

I would love to hear your test results. I am trying it out myself right now, and I don't see any alerts or other signs of conflict. But it's too early to tell.