Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

NormanF

Level 9
Verified
Jan 11, 2018
404
Me :)


I tried to install HP Sure Click and it was aborted because it didn't support my hardware. I did some more digging and it turned out its an HP hypervisor machine. Now if you're going to have it, you need to turn off Microsoft hypervisor. Many of the Internet reports on slowdown with HP Wolf Security results from the fact if you have two hypervisors running, they will conflict with each other and fight for priority. A pity HP Sure Click isn't optional on HP Wolf Security.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
I see in DeepIn management console a suspicious event, powershell script, related to compattelrunner that occurs around 430am. No alerts on my desktop. I have a general understanding of what compattelrunner is doing and that some of its data collection can be disabled in win10. If this is a normal and regular MS system process, why does Di mark it as suspicious some mornings, but it seems that some mornings it runs and it is not marked as suspicious. This is where paranoid person sees "curious" and asks why :unsure: I assume I have to try to compare & analyze the ps scripts. Does a suspicious flag equal a false positive? fwiw VT DeepIn sees compattelrunner as clean. So it must be Behavioral related to the script itself, ie, I assume that not the same ps script runs every morning...?
PS Di runs super quiet and fast on my hardware win10, no detections past 7 days, more like 21 days... :)
I received an email from Cyberforce support re the above Di suspicious event:

"If this has been identified as a legitimate process, then we can consider it a False Positive and add to the allow list.
As for why some days and not others, it seems to be showing up every other day in the event list but each event has 2 occurrences. If the same event occurs more than once in a 24 hour period then its occurrence count is incremented so as to not inundate a person with multiple events. This event is being considered suspicious because it is mapping to a mitre attack. Not every mitre attack is bad but could be and that is why it is flagged as suspicious. These are usually seen to help identify possibly third party attacks."
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
From the rating for DI given below it's much better than Trellix and Harmony


I'll not take any endpoint with rating less than 4.7. And those who qualify are

1) Deep Instinct 4.7/5
2) Sophos Intercept X 4.8/5
3) CrowdStrike Falcon 4.8/5
4) Singularity XDR 4.8/5
5) CylancePROTECT 4.7/5
6) GravityZone Business Security Enterprise 4.7/5
7) REVE Endpoint Security 4.8/5
8) G Data Endpoint Protection 4.8/5
9) Application Control 4.8/5
10) 360 Total Security for Business 4.7/5
11) Nucleon Smart Endpoint 5/5
12) VIPRE Endpoint Security 5/5
13) EMSISOFT 5/5
14) TRAPMINE Platform 5/5
15) AhnLab EPP 5/5

The question is which are the ones more affordable for home use?
 
Last edited:

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
From the rating for DI given below it's much better than Trellix and Harmony


I'll not take any endpoint with rating less than 4.7
These are just user ratings there, they are not really of extreme importance. Deep Instinct should not really be counted as Endpoint even, it is a prevention layer that you are supposed to combine with other components.

Trellix has 2 flavours, one is the EDR which was moved over from FireEye and hasn’t changed, and McAfee Endpoint protection which hasn’t changed either. All three of them (FireEye which also uses BD engine, MEP and Harmony Endpoint) are full featured suites with Trellix and Harmony being EDR solutions. They can’t even be compared as they are not the same class of product. It’s like comparing Adidas floppers with smart shoes.

Also, you need to take into consideration how many people voted. For example Symantec Endpoint Protection has 4.4 with almost 2K reviews, whilst DI has <50 reviews.

Most of the solutions you’ve enumerated are not for home use at all and nobody will even sell them to you. Good luck buying an XDR.
 
Last edited:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
These are just user ratings there, they are not really of extreme importance. Deep Instinct should not really be counted as Endpoint even, it is a prevention layer that you are supposed to combine with other components.

Trellix has 2 flavours, one is the EDR which was moved over from FireEye and hasn’t changed, and McAfee Endpoint protection which hasn’t changed either. All three of them (FireEye which also uses BD engine, MEP and Harmony Endpoint) are full featured suites with Trellix and Harmony being EDR solutions. They can’t even be compared as they are not the same class of product. It’s like comparing Adidas floppers with smart shoes.

Also, you need to take into consideration how many people voted. For example Symantec Endpoint Protection has 4.4 with almost 2K reviews, whilst DI has <50 reviews.

Of couse cannot compare based on 1 site. They are meant for business use rather than for home use.

From the given list which 3 are the most affordable for home use?
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Of couse cannot compare based on 1 site. They are meant for business use rather than for home use.

From the given list which 3 are the most affordable for home use?
Majority of them have no reseller that would sell just a single or even few stations license. Specially the one that contain Enterprise in the name or XDR, expect a minimum requirement of >150 stations. For less, they won’t even reply to you.

I am guessing Vipre Endpoint, GData Endpoint are quite affordable. I know for a fact that Sophos is affordable.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
Yep, this is how much @Kongo and @simmerskool mentioned they’ve paid. I am not sure if it includes ongoing management as well, as I paid just a little over £17 per station.

Hmmmm..........no USB and malware scans? How to scan USB devices upon insertion.............need to install Malwarebytes like what @Shadowra did? He even has Ghost with Acronis. Does that means we don't trust DI's excellent prevention-first strategy?

No web protection.......no issue as I have Adguard for desktop and NextDNS to handle this.
 
  • Like
Reactions: Kongo

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
USB Devices upon insertion don’t need to be scanned since Windows 7 when Microsoft killed the AutoPlay. Antivirus vendors offer this feature on “I wanna show you how much I do for you” basis or in other words, pure marketing. There are various threats for USB devices, all of which can be covered by on-access scanning.

If you are looking for advanced USB control such as port control, this is absent from DI. This is why I am migrating from it slowly (and other reasons not relevant to home users).

Btw NextDNS and Adguard can’t handle botnet-related activity and other network-related attacks. How will you stop these?
 
Last edited:

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
USB Devices upon insertion don’t need to be scanned since Windows 7 when Microsoft killed the AutoPlay. Antivirus vendors offer this feature on “I wanna show you how much I do for you” basis or in other words, pure marketing. There are various threats for USB devices, all of which can be covered by on-access scanning.

If you are looking for advanced USB control such as port control, this is absent from DI. This is why I am migrating from it slowly (and other reasons not relevant to home users).

Btw NextDNS and Adguard can’t handle botnet-related activity and other network-related attacks. How will you stop these?

I meant NextDNS and Adguard for web protection

I thought behavior-approach should thwart this? Is DI better than Bitdefender/Kaspersky/Norton because the latter do provide such protection? In addition, they do malware scans and USB device scan. The difference I see is that AV/AM don't provide elaborate graphical displays

For port controls you can use Windows Group Policy or dedicated software for that purpose
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
I meant NextDNS and Adguard for web protection

I thought behavior-approach should thwart this? Is DI better than Bitdefender/Kaspersky/Norton because the latter do provide such protection? In addition, they do malware scans and USB device scan
To an extent behaviour-based approach, specially combined with the hardening techniques will thwart this, yes.

You can still do malware scans with Deep Instinct and you have the contextual menu scans on the machine as well. Is it better than Norton… I would say yes, as Norton has a weakness with scripts and offers no built-in features to harden the system (though you can use other tools). Is it better than Kaspersky, I would say yes, as it is lighter and not on the news. Is it better than Bitdefender? I would say yes, because Bitdefender engine is heavily reliant on signatures (in this day and age). It also relies on generic detections, heuristics and machine learning to an extent, but this all takes time to be researched and developed/updated. The deep learning approach has advantages and disadvantages.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Deep Instinct should not really be counted as Endpoint even, it is a prevention layer that you are supposed to combine with other components.
Some confusion on my part about what to run with DeepInstinct, if anything. Originally installed Di without integration with WSC which left MS Defender as primary av. Cyberforce etc urged me to integrate Di, ok, & Di has been fine but running solo other than whatever SmartScreen does... I tried running VS with Di but was seeing subtle issues running them together so no longer running VS with Di, although @Shadowra is running VS w/Di aok. Is there an "ideal" Di combo, suggestions welcome. Or just continue run Di solo? :unsure:
 
  • Like
Reactions: Kongo and Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Some confusion on my part about what to run with DeepInstinct, if anything. Originally installed Di without integration with WSC which left MS Defender as primary av. Cyberforce etc urged me to integrate Di, ok, & Di has been fine but running solo other than whatever SmartScreen does... I tried running VS with Di but was seeing subtle issues running them together so no longer running VS with Di, although @Shadowra is running VS w/Di aok. Is there an "ideal" Di combo, suggestions welcome. Or just continue run Di solo? :unsure:
I personally wouldn’t run VS with Deep Instinct. It would be best combined with a secure gateway (or router because we are talking about home usage) that can provide filtering and IPS capability.
Software-wise, I believe you managed to combine it with Avast Web Shield? This is a combo that’s not bad and doesn’t leave corners uncovered.

But my understanding is that soon you will be running Check Point. With that you need nothing else. It is a complete solution with no false positives.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
Yep, this is how much @Kongo and @simmerskool mentioned they’ve paid. I am not sure if it includes ongoing management as well, as I paid just a little over £17 per station.
Cyberforce answers email questions, and they can login to my console, but they only made some suggestions at the beginning. Been running Di +32 days. It runs lightly.
 
  • Like
Reactions: Kongo and Trident

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
I meant NextDNS and Adguard for web protection

I thought behavior-approach should thwart this? Is DI better than Bitdefender/Kaspersky/Norton because the latter do provide such protection? In addition, they do malware scans and USB device scan. The difference I see is that AV/AM don't provide elaborate graphical displays

For port controls you can use Windows Group Policy or dedicated software for that purpose
At installatoin Di scanned my win10, took +4h18m. You can schedule periodic scans. I have the sense that is monitors just about everything in the background.
 
  • Like
Reactions: Kongo and Trident

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,784
I personally wouldn’t run VS with Deep Instinct. It would be best combined with a secure gateway (or router because we are talking about home usage) that can provide filtering and IPS capability.
Software-wise, I believe you managed to combine it with Avast Web Shield? This is a combo that’s not bad and doesn’t leave corners uncovered.

But my understanding is that soon you will be running Check Point. With that you need nothing else. It is a complete solution with no false positives.
My plan is to run Harmony on VM for awhile. Hope to start using it this weekend... I have a Ubiquity router. (I used to have a Cisco Meraki but license expired and then I ran out of money) I looked into Avast Web Shield a few weeks ago, not copacetic, but I don't recall why. (sidenote: I did get Avast One (free) to install and run smoothly on win10 VM). I am ok running Di solo, ie, I don't feel uncomfortable.
 
  • Like
Reactions: Kongo and Trident

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top