Serious Discussion Deep Instinct | Deep Learning AI Cybersecurity Platform

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,597
I'm not seeng a firewall in the spoilers on the 1st page. So I should be using Windows default firewall?

Thanks
I mean you've got most of the protection covered, but I think restricting the outbound connections of LOLBins can be quite useful for stealer-malware. So I am personally using Microsoft Defender Firewall with a public profile and hardened it with the Firewall Hardening Tool from @Andy Ful
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
From the rating for DI given below it's much better than Trellix and Harmony


I'll not take any endpoint with rating less than 4.7. And those who qualify are

1) Deep Instinct 4.7/5
2) Sophos Intercept X 4.8/5
3) CrowdStrike Falcon 4.8/5
4) Singularity XDR 4.8/5
5) CylancePROTECT 4.7/5
6) GravityZone Business Security Enterprise 4.7/5
7) REVE Endpoint Security 4.8/5
8) G Data Endpoint Protection 4.8/5
9) Application Control 4.8/5
10) 360 Total Security for Business 4.7/5
11) Nucleon Smart Endpoint 5/5
12) VIPRE Endpoint Security 5/5
13) EMSISOFT 5/5
14) TRAPMINE Platform 5/5
15) AhnLab EPP 5/5

The question is which are the ones more affordable for home use?

I don't think these notes are important.
At work, we use Trendmicro's ApexOne to protect all our computers (we use MacOS a lot, but we also have Windows servers) and it works very well.
The administration console is as complete as DI, especially in terms of rules, and I believe it also includes an EDR.
Detection is also very good.

The same goes for SEP (Norton), one of the leaders in the enterprise market.
 

NormanF

Level 9
Verified
Jan 11, 2018
404
Majority of them have no reseller that would sell just a single or even few stations license. Specially the one that contain Enterprise in the name or XDR, expect a minimum requirement of >150 stations. For less, they won’t even reply to you.

I am guessing Vipre Endpoint, GData Endpoint are quite affordable. I know for a fact that Sophos is affordable.

Harmony Endpoint is affordable. If you're looking for endpoint software that runs only on servers, look elsewhere. That's why they're only made available for the corporate market and don't have relevance for home users.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
The DI engine was tested by AV-Comparatives a few months ago:

Test Results for DI engine (PE files):
malware detection rate 92.4%
False Alarm rate 0

From other sources, it follows that DI can be a strong protection against ransomware attacks.
DI should enhance Defender protection because Defender's local AI is not so strong.

Edit.
For comparison:

I think AV/AM like BD/Kaspersky/Norton etc give better detection rate, right? I thought EPP/EDR etc should be superior than AV/AM for end user? Then buy DI for what?
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
I think AV/AM like BD/Kaspersky/Norton etc give better detection rate, right? I thought EPP/EDR etc should be superior than AV/AM for end user? Then buy DI for what?
I do not use DI and do not have sufficient knowledge of DI to compare it with other solutions. This would require more testing.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
Find a sample that isn't already detected by static AI and let's test. 🧐
The following rootkit/bootkit malware affect the UEFI

1) Lojax - detected by ESET-NOD32 but cannot be removed because it resides in the UEFI
2) Moonbounce
3) BlackLotus

If you can find them you can test DI with them

Generally, these malware are trojans and AV/AM will detect and block them, if possible. However, once they infect the UEFI then likely you are gone.

FYI

Lojax - It is capable of surviving the re-installation of the Windows operating system or even hard drive replacement.
Moonbounce - Moonbounce is a persistent malware that can survive drive formats and OS reinstalls
BlackLotus - BlackLotus was able to run on fully patched Windows 11 systems with UEFI Secure Boot enabled
 
Last edited:

NormanF

Level 9
Verified
Jan 11, 2018
404
The following rootkit/bootkit malware affect the UEFI

1) Lojax - detected by ESET-NOD32 but cannot be removed because it resides in the UEFI
2) Moonbounce
3) BlackLotus

If you can find them you can test DI with them

Generally, these malware are trojans and AV/AM will detect and block them, if possible. However, once they infect the UEFI then likely you are gone.

FYI

Lojax - It is capable of surviving the re-installation of the Windows operating system or even hard drive replacement.
Moonbounce - Moonbounce is a persistent malware that can survive drive formats and OS reinstalls
BlackLotus - BlackLotus was able to run on fully patched Windows 11 systems with UEFI Secure Boot enabled

Malware that infects hardware can't removed by any known endpoint security product because its persistent. The only way to eradicate it is to destroy and replace the infected machine.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Malware that infects the UEFI can be destroyed only by flashing the UEFI. In fact even products that scan the UEFI such as Bitdefender, Eset and Avast detect malware but require you to proceed with the flashing. They are unable to clean the UEFI or tamper with it in any way. DI does not feature UEFI scanning.
 

NormanF

Level 9
Verified
Jan 11, 2018
404
Malware that infects the UEFI can be destroyed only by flushing the UEFI. In fact even products that scan the UEFI such as Bitdefender, Eset and Avast detect malware but require you to proceed with the flushing. They are unable to clean the UEFI or tamper with it in any way. DI does not feature UEFI scanning.

You mean flashing? Like how people upgrade the BIOS on their PC.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
You mean flashing? Like how people upgrade the BIOS on their PC.
Exactly, that's the only way to clean it. Malware that infects system firmware is not that frequently seen and if you receive frequent firmware updates, on every update such malware will be cleaned. Exception are laptops such as the HP laptops with SureStart (part of Wolf Security), where the firmware is checked by a dedicated chip every 5 seconds. If it has been tampered with, flashing will be initiated automatically.
 

NormanF

Level 9
Verified
Jan 11, 2018
404
Exactly, that's the only way to clean it. Malware that infects system firmware is not that frequently seen and if you receive frequent firmware updates, on every update such malware will be cleaned. Exception are laptops such as the HP laptops with SureStart, where the firmware is checked by a dedicated chip every 5 seconds. If it has been tampered with, flashing will be initiated automatically.

My HP ZBook mobile workstation is protected from such tampering. High end devices in the business world are more exposed to cyber threats to subvert endpoints than home users are.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
Exactly, that's the only way to clean it. Malware that infects system firmware is not that frequently seen and if you receive frequent firmware updates, on every update such malware will be cleaned. Exception are laptops such as the HP laptops with SureStart (part of Wolf Security), where the firmware is checked by a dedicated chip every 5 seconds. If it has been tampered with, flashing will be initiated automatically.
If I'm not wrong SureStart has DI inside
 

monoloko88

New Member
May 12, 2015
2
Hello I recently purchased a license but I dont know exactly how to add an exclusion.
DeepInspect is throwing alerts of Steam code injection and what I can only do is to put code inject behaviour to 'detect' and not to 'prevent'.
Any idea? Thanks
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top