App Review CheckPoint vs Eset Protect vs GravityZone

[Shadowra]

I have Harmony on one win10_VM and ESET Nod32 on another. Somewhat surprised to see Harmony come-in 3rd out of 3. @Shadowra not obvious to me from the video, was Harmony noticeably slower with web protection (downloads) then ESET Protect? In your opinion (if you have one) is ESET Protect substantially better than Nod32? Is Protect easy enough to deploy? Not willing to uninstall Harmony based on 1 test, but I surely might "upgrade" Nod32 to Protect. Thanks for this test!!

Harmony is slower on downloads because it analyzes and emulates at the same time (so it slows down the transfer) despite my high fiber optic speed (I'm at 8Gbps on my connection and at 2Gbps with my home VPN created on a 10Gbps VPS).

Eset is more responsive. But I'd tell you to get a special version (like Smart Security), because the Protect version doesn't do much... (apart from a rather poor panel and deployment via Active Directory).

 

[Shadowra]

Nice test @Shadowra. Good to see Endpoint products being tested. But I didn't see HyperDetect in your Bitdefender console. Did this version not have it? I also didn't see the Sandbox feature. Looks like the version you tested didn't have these features. When I tried it in the past, due to HyperDetect and Sandbox BD Enterprise could detect more threats than the home versions. Their EDR edition detects even more.

After verification, HyperDetect is available in the Premium version of GravityZone :/.

 

[Shadowra]

A complementary video will be available next week with GravityZone + HyperDetect vs Eset Protect
(this week, I'm busy with personal appointments)

( @kamiloxf , @SeriousHoax , @IceMan7 )

 

[IceMan7]

So I'm waiting. Although I would prefer Eset Smart Security Premium vs Bitdefender Total Security

 

[Shadowra]

So I'm waiting. Although I would prefer Eset Smart Security Premium vs Bitdefender Total Security

This is also planned, but a little later

 

[IceMan7]

Cool. Just take no prisoners in this test and squeeze everything out of them

 

[SeriousHoax]

I just wrote about that The test shows that pages on Bitdefendfer open slowly because the scanner scans longer. Eset is really fast.

The slowdowns mainly come from the HTTPS scanning feature. All AVs with HTTPS scanning feature have some slowdowns because decrypting + scanning + re-encrypting takes time. ESET's HTTPS scanning is very fast so it's unnoticeable for most users. Bitdefender's is slower than most. But they don't perform HTTPS scanning on most websites. Almost on all sites that supports QUIC protocol. BD as well as even many enterprise products at the moment cannot scan QUIC. There's also a several year old Chromium browser bug that don't allow decrypting QUIC traffic by using self-signing certificate. Firefox don't have this limitation.

Eset takes up about 100-150MB on the disk and when working in the background you can barely feel it. Bitdefender takes up about 1GB of space and takes up 1GB of RAM and sometimes even more.

BD takes up more RAM as they keep the signatures loaded in Ram for faster operation. Bitdefender's I/O activity is low probably because of this though ESET is also low (usually even lower than BD). But anyway, it's just different tech working differently in different products. It would be nice if BD could use less ram, but it is what it is. System snappiness is more important though that's also an area where they have room for improvements. Their app launching performance has worsen in the last 2 years.
BTW, Bitdefender's installation size is not 1 GB, it's around 2 GB or maybe even more. They hide their signature folder. It used to be accessible from File Explorer, but they locked it around 2023 probably to hide the 500 MB disk writes complaints from users.

However, if I remember correctly, thanks to Photon, Bitdefender was also light while working in the background and you couldn't feel it every day. And I had it installed on the HDD then, not on the SSD.

Any disk-based activity like signature update is a horrible experience on HDD. IMO, HDD users should stay away from BD.
Yeah, Photon improves system performance over time. But it takes a few days for it to learn the system pattern. From 5 to 7 days at least I think. Photon is actually part of a local anomaly detection ML model that trains itself on each system. The collected telemetry is used to fine-tune their detection algorithms.

So what do they need this cloud for?

Every product need cloud. Checking reputation of a file is a must to improve protection and performance. Sometimes a file is blacklisted in the cloud before a signature update is pushed. Some product's cloud does the heavy lifting of analyzing files with powerful ML models that cannot be deployed locally. Some products like McAfee, Panda, Trend Micro are heavily cloud-based.

As you can see, you can't have everything. More efficient in Eset but fewer signatures. Heavy in BD but more signatures.

Maybe I didn't explain properly but BD having more signatures by numbers doesn't by definition make it better. Number of signatures is not too relevant here. Bitdefender creates a lot of useless signatures. About 3-4 times I have asked them to delete some useless signatures and to their credit they did every time except one. As I said, ESET, Avast can detect more with less. That's how their product is designed. If you take 100 in-wild-samples of the last 5 days, chances are that ESET will detect more than BD in a right-click scan. Even in Shadowra's test here, ESET detected a few more. But that's only half the test, the other half is if it can block them after execution.

Does it make sense to remove the old ones? It's hard to say. But it should also be noted that BD still supports Windows 7, whereas all competitors that do not have the BD engine have long abandoned this system.
I've seen a few tests on YT where Eset didn't always detect old samples when scanning them. Removing old signatures has its advantages and disadvantages. Like in life. You can't have everything and sometimes you have to compromise.

Windows 7 threats is okay, but I don't see the point of still keeping Windows 98, Windows DOS era malware in their database. Maybe they don't take much space but still what other vendors does is smarter and more efficient. Those ancient malwares cannot infect your system.

They could finally fix it. It's very annoying. Remodel, compress or do something. Or at least change it to a more intelligent one like Eset has. It shouldn't be a problem for BD

As I implied, if it was easy then I'm sure they would've done it. There must be something that is holding them back. Or maybe it's not even in their plan at the moment due to the popularity of fast SSDs and high Ram systems of today's. I think 16 GB ram is the most common nowadays which is plenty for Bitdefender to function normally. Well, for Steam users at least, turns out 32 GB is the most common now.

 

[IceMan7]

First of all, respect to you for your great knowledge. WOW

ESET's HTTPS scanning is very fast so it's unnoticeable for most users. Bitdefender's is slower than most.

It is clearly visible that Eset is faster. Although I do not hide the fact that I used to use the BD plug-in in my browser. Fortunately, I have been loyal to Firefox for years and I do not intend to change that

BD takes up more RAM as they keep the signatures loaded in Ram for faster operation. Bitdefender's I/O activity is low probably because of this though ESET is also low (usually even lower than BD). But anyway, it's just different tech working differently in different products. It would be nice if BD could use less ram, but it is what it is. System snappiness is more important though that's also an area where they have room for improvements. Their app launching performance has worsen in the last 2 years.
BTW, Bitdefender's installation size is not 1 GB, it's around 2 GB or maybe even more. They hide their signature folder.

This is just shocking. BD is like a fat bear on a computer. I am shocked. The last time I had BD on a computer was about 6 or 7 years ago. And I remember that it took up about 1GB in the system. The installer was well over 500MB. And this constant downloading of a lot of data with each update. And the most annoying thing was when you turn on the computer, BD updates and immediately screams to restart.
I am also surprised what you are writing about. BD is now slower than it used to be and has lost the speed of launching applications?
I am not a programmer and it seems to me that keeping these signatures in RAM is so that in the event of a threat, BD is ready to act faster


Now I looked at the Eset folder in Program Files. It also weighs quite a bit. Currently, the total is 1.06 GB. Adding Eset in the Program Data folder 0.46 GB to that, we have about 1.5 GB of Eset on the computer. Eset has become fat after so many years

Yeah, Photon improves system performance over time. But it takes a few days for it to learn the system pattern. From 5 to 7 days at least I think. Photon is actually part of a local anomaly detection ML model that trains itself on each system. The collected telemetry is used to fine-tune their detection algorithms.

It is known that BD with Photon needs time to optimize with the system. Although on the BD forum you can read more than one case that over time their computer with BD installed does not work faster but slows down even more.
Just so it does not turn out that Photon is a spy on your documents on your computer

As I said, ESET, Avast can detect more with less. That's how their product is designed. If you take 100 in-wild-samples of the last 5 days, chances are that ESET will detect more than BD in a right-click scan. Even in Shadowra's test here, ESET detected a few more. But that's only half the test, the other half is if it can block them after execution.

BD has quite a big problem with these signatures. I know that. You can read a lot about it on the web. And apart from that, problems with various programs. Some even complained that they couldn't connect an external drive because BD blocked etc
Overall, BD is not a pleasant program, it has a lot of problems and flaws. It had and still has.

I agree here. Signatures are one thing. Behavioral protection is another. And despite these numerous flaws under the BD mask, it still manages to be at the forefront in this regard. For years.
It should also be noted that @Shadowra does what a regular user does. First, it scans the folder. AV detects the threat and removes it. And only then does it work on the files, checking whether AV will block the malware.

In the network, testers do the opposite. First, they perform the operation on the files and then they scan. A regular user does not do this.
Besides, no one at home clicks on 1500 or more files (threats) at once.

As I implied, if it was easy then I'm sure they would've done it. There must be something that is holding them back.

If you don't know what it's all about, it's probably about money. They wrote on the BD forum that they've given up on beta testing. Today, the tester is the user. Rebuilding the engine means spending money. And BD is also one of the cheapest paid solutions today, at least in my country.
6-7 years ago, the default amount of RAM for Windows was 8GB. Today, the default is 16GB. Ideally, when someone buys a new computer, it's best to have 32GB.


In conclusion.

On paper, Eset seems to be a much more modern solution for today's times. Now they have invested a lot of money in the cloud. This is also visible in the prices they are shouting for their software. Eset is not afraid to invest in newer solutions.
Considering the pros and cons, Eset has definitely more of them.
BD as of today (because we have known it for years) is definitely a mega solid AV with great behavioral protection. And it seems that it has better technical support. I tested it thanks to emails. All answers in one day. You have to wait at least 24 hours for Eset to respond.

That is why I am very interested in LiveGuard in Eset and whether it is at least as high a level in behavioral protection as BD. Even if Eset were slightly worse, it defends itself with many other advantages.

@SeriousHoax - Today, considering that you know these solutions and have a lot of knowledge, which solution do you prefer? Or what do you use on your computer?

Looking at these guys on YT who conduct tests, (apart from Leo) in the comments they prefer or use Eset.

BTW
I'm also not surprised that @Shadowra is so happy with Eset

 

[IceMan7]

A complementary video will be available next week with GravityZone + HyperDetect vs Eset Protect

If Eset has released something, show what you can see in SysInspector from Eset, if this version has it

 

[TuxTalk]

BD Heavy ?

You guys never seen GDATA i think.

 

[kamiloxf]

The following product versions will be used in the test

Bitdefender GravityZone Cloud MSP Security: Bitdefender GravityZone Cloud MSP Security Suite
ESET Protect Enterprise: Cyber Security for Enterprise - Future ready protection | ESET
Checkpoint Harmony Endpoint Advanced

Which will allow you to easily show the detection and details of how it can be seen in EDR

 

[IceMan7]

No one claims that BD is so heavy that it is impossible to work on a computer. But it is not light either.
I used Gdata a few years ago and its two engines - one from BD, the other proprietary Gdata (I forgot its name) could put a heavy load on the system. I will not comment on how it is now, because according to information, Gdata is currently lighter.
Similarly, I have read several conclusions that Kaspersky free is heavier than Bitdefender free. And in the case of paid ones, it is supposedly the other way around.
In any case, paid Bitdefender is not the lightest, but it is not the heaviest on the market either.
In the case of Bitdefender, apart from the fact that it is not easy on the system, we must also remember about its weight in the system and the fact that they have probably never avoided any problems in its operation.
They always have to make updates for something.

 

[kamiloxf]

Gdata (I forgot its name)

CloseGap

 

[IceMan7]

Thanks
I only remembered that .....Gap and I forgot the first part of the name

 

[SeriousHoax]

Today, considering that you know these solutions and have a lot of knowledge, which solution do you prefer? Or what do you use on your computer?

Bitdefender has the edge in protection, for example, ESET very rarely defeats Bitdefender in any test (mainly professional lab tests). It also does better when I test samples in my VM (I haven't done in a while).
ESET has the edge in system performance, accurate detection, customizability.
So, it depends on your priority.

 

[IceMan7]

Bitdefender has the edge in protection, for example, ESET very rarely defeats Bitdefender in any test (mainly professional lab tests). It also does better when I test samples in my VM (I haven't done in a while).

Exactly. Bitdefender is a fat and lazy bear but when needed it knows how to attack - of course dangerously samples.
Eset and Bitdefender are like fire and water, like two opposite poles.
As you write, you haven't tested for a long time, so I'm all the more curious how Eset v18 is doing.
Nobody at home does tests and checks thousands of samples, but it needs a competitor who works, doesn't interfere, doesn't annoy and when it comes to reacting sometimes, it has to react.
Since I'm a fan of BD and now I'm testing the Eset test version, I can admit (apart from the results in tests on thousands of samples because I don't do that) that today when I see how Eset behaves on the computer and it's heaven and earth in relation to BD, I would choose Eset.
When I see how Eset is developing and how much more "modern" and better "thought-out" AV is, I believe that sooner or later Eset will be better than Bitdefender. Or at least it has a big chance of doing so.
But I'll wait for a few more comparative tests because the Fsecure license ends in October so I have time.
Thank you for the conversation, for a lot of information and for the exchange of views. Best regards

 

[simmerskool]

BD Heavy ?

View attachment 287843

You guys never seen GDATA i think.

I like GData, never seemed heavy to me, but not currently running to check its data.

 

[IceMan7]

It's a tie between Eset and Bitdefender.

I have one more question.
During this test and others, when Eset neutralizes malicious samples, sometimes some additional windows or some error pop up, which you usually have to confirm by closing or clicking OK.
Bitdefender neutralizes/blocks silently and only informs the pop up that it has done its job (of course, such a pop up also occurs in Eset).
What is the reason for this?
@SeriousHoax Maybe you know?

And another thing - in Eset, pop ups immediately show information about what it has blocked and in what place - this is extremely legible and important information.

 

[IceMan7]

The slowdowns mainly come from the HTTPS scanning feature. All AVs with HTTPS scanning feature have some slowdowns because decrypting + scanning + re-encrypting takes time. ESET's HTTPS scanning is very fast so it's unnoticeable for most users. Bitdefender's is slower than most. But they don't perform HTTPS scanning on most websites. Almost on all sites that supports QUIC protocol. BD as well as even many enterprise products at the moment cannot scan QUIC. There's also a several year old Chromium browser bug that don't allow decrypting QUIC traffic by using self-signing certificate. Firefox don't have this limitation.

I'm reading it and I don't fully understand. So can they scan HTTPS or not? Only Eset can and BD can't? Does the problem you're writing about only affect Chrome or every browser on the Chromium engine? You wrote that Firefox has no problem. And if you have a Mac and Safari, is that also no problem?

 

[SeriousHoax]

During this test and others, when Eset neutralizes malicious samples, sometimes some additional windows or some error pop up, which you usually have to confirm by closing or clicking OK.
Bitdefender neutralizes/blocks silently and only informs the pop up that it has done its job (of course, such a pop up also occurs in Eset).
What is the reason for this?

In this test, I see that ESET handled everything automatically. It usually asks for users' permissions for PUA detection. There are many legit tools that are can be considered to be a potentially unwanted app. Many of those are often used for malicious purposes. ESET ask for your permission to decide what to do with them. There are legal reasons too. Companies can potentially sue if an AV detect and delete their non-malicious apps. ESET's PUA even detect AnyDesk. So, they leave it up to the user. PUA detection has to enabled during installation or after.
BD's philosophy is 100% automatic protection. So, they don't detect legit apps like that. In the home version they only detect what they considered to be actual PUAs which sometimes may not match with other product's detection criteria. BD's PUA detection is not the best. In BD Enterprise edition many such tools are detected

I'm reading it and I don't fully understand. So can they scan HTTPS or not? Only Eset can and BD can't? Does the problem you're writing about only affect Chrome or every browser on the Chromium engine? You wrote that Firefox has no problem.

HTTPS scanning is just a term that refers to the decryption of secured HTTPS protocol and scan the contents a website loads to look for malicious contents like malicious javascript. It's a confusing terminology since it sounds like that without HTTPS scanning, AVs will not even block a known malicious HTTPS host but that is not the case. If it's a blacklisted host, e.g., malware(.)com, then both products will block them systemwide.
So don't worry or overthink about it. Along with AVs, use a DNS service like NextDNS, AdGuard or security oriented Quad9 or something similar.

And if you have a Mac and Safari, is that also no problem?

On Mac, both of them cannot decrypt HTTPS traffic, I think. Most if not all products don't. On iOS or even in Android phone, AVs don't to HTTPS scanning. They will have to use a local VPN connection to achieve that similar to what AdGuard for Android does or root your phone. So, it is not ideal.