Q&A Currently what is the best free AV?

amitkumargiri

Level 1
Mar 13, 2022
35
Regarding recent Kaspersky rumors I am unsure should I uninstall (free version) it or leave it. Today I looked for other free alternatives and seems like there is no big choice:

BitDefender - they are retiring free version soon
Norton owns Avast, AVG and Avira and by user comments they all become bloatware and cryptominers
Panda - by some reviews seems like it has lower detection rate

Anything else worth mentioning except Microsoft Defender?

For passive scanner Malwarebytes is still a top choice (free version)?
Sophos antivirus , it's free
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
786
this is annoying... my most recent test 305 new samples from malware bazaar, (simple extract of zipfiles, not running the malware) F-Secure got rid of most, down to maybe 20 leftover files.... then between EMSI & Sophos cleared the rest.
Im left with 3 samples
View attachment 265017





Now Running F-secure scan shows NO ISSUES it thinks clean - F-secure had missed maybe 17 other samples in this test....
running EMSIsoft shows clean - these 3 files are clean.....
running Sophos scan and clean (or even tried hitman pro) and it says these are clean.....

now I run windows defender...... custom scan and it can see they are threats, and is the only thing that detects them.... (3 of 3 items detcted) but it doesnt attempt to remove them, or give me any option to remove them, congrats to defender here! but it should remove the files i think!

View attachment 265018


so after running all these emsi/f-secure/wd/sophos/hitman, 3 .exe files exist ...... only WD actually detects them right now.. Microsoft's AV has come such a long way.
Once its detection's get the speed of F-secures removal.... ill be happy!
FWIW one of those samples is actually corrupt and doesn't run:
JoeSandbox:
  • Corrupt sample or wrongly selected analyzer. Details: %1 is not a valid Win32 application.
The other ones are cloud-detected now:
1647486599892.png

1647486677022.png
 

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,577
noticed a new WD update so scanned again and now it gives the option to remove
View attachment 265027View attachment 265028

good old windows defender......... everything else missed is or wouldn't detect it, eventually it removed it ( i could of just manually deleted this static sample.... but i wanted a tool to do it for me) Windows defender was the first to do so
Did you submit the samples to the vendors that missed them?
 
  • Like
Reactions: Nevi and Venustus

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,944
@kC77 please use the Spoiler function for your picture ;)
In some situations with many or extra large pictures/images it's preferred yes. Extra since it can have a very negative effect for mobile users when they gets forced to scroll too much.

Here's a very good staff tip/hint for general spoiler use anywhere on the forum!

Please do Not use the " Inline Spoiler " option in the editor. That's what create the " blurry " effect over text or pictures. Try use the normal basic Spoiler option instead.
2022-03-17-16-52-03.jpg


giphy-109.gif
 

brambedkar59

Level 24
Verified
Top poster
Well-known
Apr 16, 2017
1,337
Windows Defender teamed up with Configure defender in highest mode is solid and was my normal choice.... and for free it would by number 1.

recently picked up a free 3 year f-secure trial, wasnt even planning to use it, but after seeing the many positive posts on here i gave it a go, and have to say I like it a lot so now my current protect - Im leaving F-secure to resident duties, and using task scheduler have 2nd opinion scanners which run staggered...

F-Secure Safe - Resident
Microsoft Defender - Commandline updates/quickscans task scheduler every 2 hours (takes about 1min)
EmsisoftEEK - commandline updates/quickscans every 2hours (takes about 35 seconds)
Sophos Scan & Clean (basocally free version of hitman pro) - commandline scans every 2 hours (takes about 2-3mins)


Ive been testing with a lot (200+ samples from Malware bazaar)
Windows defender would pick them up, but would seemingly take ages to action them/delete etc, F-Secure is like lightning.... so fast at processing (but it does miss a fair few samples!)
whatever F-secure missies, at least one of the other manual scanners do find and remove (WD/EMSI/Sophos)
3 different 2nd opinion scanners running on schedule every 2 hours, that is not just 'Overkill' it is 'Overkill Ultra Max Pro' version. Weekly scans with 2nd opinion scanners is more than enough, if it's not sufficient than you need to change your browsing/downloading habits.

Stay safe, not paranoidᵀᴹ

Edit: Oops forgot to answer the OP's question: Kaspersky
 
Last edited:

plat

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,673
Far as I'm concerned, all the big ones are already similar in terms of protection. I mean, they compete neck-and-neck for your money. In my opinion, it's more now about how you set it up, what you (can) bolster it with, and/or how it interacts with the hardware and software on one's system.

Plus, antivirus performance can fluctuate quarterly in their metrics. Look at Defender for a clear example.
 

Shadowra

Level 21
Verified
Malware Tester
Sep 2, 2021
1,046
Anyway, even with Windows Defender currently on Win10/Win11, a user is very well protected.

I often do computer troubleshooting and especially in the Pro environment (in my IRL job), I keep Windows Defender that I confugurate and also explain how to avoid pitfalls and to authorize manually (for example if the anti Ransomware protection blocks any file).

Same thing when someone asks me for a free Antivirus. Microsoft offers an excellent protection shield that has evolved well, you can trust it 😉😉
 

kC77

Level 5
Aug 16, 2021
201
"overkill ultra max pro" lol i like it!

Ive never actually had a virus, the school of common sense, (gateway IPS/adbock/pihole/os updates/firmware updates/Vlans/geoblocking firewall/immutable backups/common sense etc being the first)

but purely out of boredom a few days ago I did grab f-secure safe, which then got me onto grabbing hundreds of samples to test.... F-secure missed a fair few samples, defender got a few of the stragglers, emsi a few & sophos a few more ... to clear out the folder of samples took 4 products/engines.

been testing even more again today and 954 samples.... 72 were missed by F-secure, Defender then cleaned 32, emsi got 22 and sophos got the rest, just intrigued testing the capabilities of them.

as for adding the scheduled tasks I was just testing commmandline usage of them all, and as yet there is no pop ups or noticeable slowdowns as background sig updates quick/scans run (lowest priority) - they all stagger x minutes after logon, then repeat every 2 hours, so none of them run at the same time.
yep every 2 hours maybe overkill! ultra max overkill! if i notice any impacts ill adjust, or delete! :p


for Free protection, MS defender is very capable!
 
  • Like
Reactions: goodjohnjr

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
786
but purely out of boredom a few days ago I did grab f-secure safe, which then got me onto grabbing hundreds of samples to test.... F-secure missed a fair few samples, defender got a few of the stragglers, emsi a few & sophos a few more ... to clear out the folder of samples took 4 products/engines.

been testing even more again today and 954 samples.... 72 were missed by F-secure, Defender then cleaned 32, emsi got 22 and sophos got the rest, just intrigued testing the capabilities of them
FWIW for whatever reason, F-Secure doesn’t seem to care about their on demand scanner performance. Often times it will fail to pick something up and then attempting to execute it results in an online detection.

Plus the best part of F-Secure is the DeepGuard on execution behavior blocker which is their most common defense for the variations of Emotet/Formbook that all act the same way on execution.

Testing their ability to clean a folder of malware samples is not representative of their ability to protect your machine.
 

kC77

Level 5
Aug 16, 2021
201
FWIW for whatever reason, F-Secure doesn’t seem to care about their on demand scanner performance. Often times it will fail to pick something up and then attempting to execute it results in an online detection.

Plus the best part of F-Secure is the DeepGuard on execution behavior blocker which is their most common defense for the variations of Emotet/Formbook that all act the same way on execution.

Testing their ability to clean a folder of malware samples is not representative of their ability to protect your machine.
yep still its impressive how fast it deals with files and deletes them near instantly, and hopefully I never get to see deepguard:ROFLMAO: but yes the tests im doing is basic detection of static samples unzipped to a folder.
 

MacDefender

Level 16
Verified
Top poster
Oct 13, 2019
786
yep still its impressive how fast it deals with files and deletes them near instantly, and hopefully I never get to see deepguard:ROFLMAO: but yes the tests im doing is basic detection of static samples unzipped to a folder.
Yeah put it this way: I’m very confident in F-Secure protection against my machine being infected by any kind of malware, including zero day and ones custom written and truly never before seen. Just attempting to hook an AutoRun as an unsigned binary will bring out DeepGuard.

I’m not nearly as confident of using F-Secure as a static scanner.
 
  • Like
Reactions: kC77 and blackice

goodjohnjr

Level 2
Jul 11, 2018
74
Windows Defender teamed up with Configure defender in highest mode is solid and was my normal choice.... and for free it would by number 1.

recently picked up a free 3 year f-secure trial, wasnt even planning to use it, but after seeing the many positive posts on here i gave it a go, and have to say I like it a lot so now my current protect - Im leaving F-secure to resident duties, and using task scheduler have 2nd opinion scanners which run staggered...

F-Secure Safe - Resident
Microsoft Defender - Commandline updates/quickscans task scheduler every 2 hours (takes about 1min)
EmsisoftEEK - commandline updates/quickscans every 2hours (takes about 35 seconds)
Sophos Scan & Clean (basocally free version of hitman pro) - commandline scans every 2 hours (takes about 2-3mins)


Ive been testing with a lot (200+ samples from Malware bazaar)
Windows defender would pick them up, but would seemingly take ages to action them/delete etc, F-Secure is like lightning.... so fast at processing (but it does miss a fair few samples!)
whatever F-secure missies, at least one of the other manual scanners do find and remove (WD/EMSI/Sophos)
I did not know that Sophos Scan & Clean existed, thank you very much KC77, I am going to try it now.
 
  • Like
Reactions: South Park