App Review Emsisoft Anti-Malware 12 Behavior Blocker Test (without cloud assistance)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
RejZoR

RejZoR

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2016
699


Remembered Emsisoft also features behavior blocker, so here is a test of it without their cloud capabilities, forcing behavior blocker to do all the heavy lifting on its own. To my surprise, very good results. If I'm really honest, I didn't expect results to be this good. Especially with ransomware, but they did implement special detection routines in version 12 and it seems to be indeed working really well. Good job Emsisoft.
 
  • Like
Reactions: Parsh, Solarquest, spaceoctopus and 30 others
Emsisoft

Emsisoft

From Emsisoft
Verified
Developer
Jul 27, 2013
43
Mamutu kind of only was a demonstration product of Emsisoft Anti-Malware's behavior blocker capabilities, in a time when nobody thought, behavior blockers would have any significant relevance in the antivirus world. We stopped it after a few years because demand for a standalone product couldn't pay for the development time, but it's the same tech that's now incorporated in EAM and EIS.
 
  • Like
Reactions: shukla44, Solarquest, spaceoctopus and 20 others
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,350
tim one said:
Thank you @SHvFl
It is a pity that they have abandoned the standalone BB!
Click to expand...
It was probably because the bb is so good as shown in the video that many would skip the whole EAM product. And a standalone bb would have to cost way less to make sense.
So in a sense keeping it alive would probably mean losing money and creating unnecessary competition from their own team.

EDIT: I feel stupid the developer above said the same thing and stupid me 15 minutes later is speculating. Hahahahaha.
 
  • Like
Reactions: Solarquest, spaceoctopus, DardiM and 9 others
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
SHvFl said:
It was probably because the bb is so good as shown in the video that many would skip the whole EAM product. And a standalone bb would have to cost way less to make sense.
So in a sense keeping it alive would probably mean losing money and creating unnecessary competition from their own team.

EDIT: I feel stupid the developer above said the same thing and stupid me 15 minutes later is speculating. Hahahahaha.
Click to expand...
No problem, double explanation reinforces the concept :)
 
  • Like
Reactions: spaceoctopus, DardiM, Deleted member 2913 and 7 others
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Great test thanks.

Is there any chance that any of top security companies could have failsafes built in to their product so that the sigs or heuristics kick in at a certain point with some behaviors? By this I mean a built in override of the settings (in this case HIPS only). I am considering this possibility with other elements of a security program too.

This would kind of make sense to me that a company might do this, because they aren't thinking of testing and it's their names on the product. I think it's a curiosity to consider this kind of thing, but when I view the tests I try to keep in mind the developers big picture viewpoint. Kind of can't get around being curious about how they think with settings choices, the customer, and the product.
 
  • Like
Reactions: spaceoctopus, DardiM, tim one and 6 others
Emsisoft

Emsisoft

From Emsisoft
Verified
Developer
Jul 27, 2013
43
I don't think behavior blocking alone is the holy grail of security really. It's just one component of several, that sum up to a great security concept. Each component has advantages, but also disadvantages, and the right balance effectively does the trick.

Surf protection is a good first layer of defense because it's blocking stuff long before it can get started. It's a safe bet (technically), but the disadvantage is that you can never have a complete list of hosts to block as they change every minute, and not all malware is spread via websites directly.

File guard usually does the biggest part of the protection job. It's also relatively safe because the scan engine gives clear results on files without many FPs, and after all, it's able to detect >90% of all threats reliably. Downside is that it requires frequent updates. It naturally misses zero day threats that no AV vendor knows about yet (setting side heuristic methods).

Behavior Blocker's job is to provide a safety net to pick up stuff that the other two layers missed. It's really difficult for malware writers to bypass it because the behavior of a program can hardly be manipulated in a way it gets invisible. But the downside is that it is a very blurred detection. Good software often behaves exactly like malware (from a technical view), so that needs to be reliably filtered out. If you turn off cloud lookups in everday-use, you'll probably see many false alerts, so I'd strongly suggest to always keep it on, unless you feel comfortable dealing with alert boxes for good programs.
 
  • Like
Reactions: shukla44, Parsh, Solarquest and 20 others
M

MalwareBlockerYT

Emsisoft said:
I don't think behavior blocking alone is the holy grail of security really. It's just one component of several, that sum up to a great security concept. Each component has advantages, but also disadvantages, and the right balance effectively does the trick.

Surf protection is a good first layer of defense because it's blocking stuff long before it can get started. It's a safe bet (technically), but the disadvantage is that you can never have a complete list of hosts to block as they change every minute, and not all malware is spread via websites directly.

File guard usually does the biggest part of the protection job. It's also relatively safe because the scan engine gives clear results on files without many FPs, and after all, it's able to detect >90% of all threats reliably. Downside is that it requires frequent updates. It naturally misses zero day threats that no AV vendor knows about yet (setting side heuristic methods).

Behavior Blocker's job is to provide a safety net to pick up stuff that the other two layers missed. It's really difficult for malware writers to bypass it because the behavior of a program can hardly be manipulated in a way it gets invisible. But the downside is that it is a very blurred detection. Good software often behaves exactly like malware (from a technical view), so that needs to be reliably filtered out. If you turn off cloud lookups in everday-use, you'll probably see many false alerts, so I'd strongly suggest to always keep it on, unless you feel comfortable dealing with alert boxes for good programs.
Click to expand...
Couldn't have put it better myself :) Really good explanation. I recently switched from Kaspersky Internet Security 2017 to Emsisoft Internet Security - I've been testing your AV for a few weeks on the Malware Hub here & also in my own time & I am extremely impressed with the amazing results. And since I won a copy for free in the latest giveaway & because of the quality of the product I switched ;) Big fan Emsisoft!
 
  • Like
Reactions: Solarquest, spaceoctopus, DardiM and 8 others
RejZoR

RejZoR

Level 15
Thread author
Verified
Top Poster
Well-known
Nov 26, 2016
699
Emsisoft said:
I don't think behavior blocking alone is the holy grail of security really. It's just one component of several, that sum up to a great security concept. Each component has advantages, but also disadvantages, and the right balance effectively does the trick.

Surf protection is a good first layer of defense because it's blocking stuff long before it can get started. It's a safe bet (technically), but the disadvantage is that you can never have a complete list of hosts to block as they change every minute, and not all malware is spread via websites directly.

File guard usually does the biggest part of the protection job. It's also relatively safe because the scan engine gives clear results on files without many FPs, and after all, it's able to detect >90% of all threats reliably. Downside is that it requires frequent updates. It naturally misses zero day threats that no AV vendor knows about yet (setting side heuristic methods).

Behavior Blocker's job is to provide a safety net to pick up stuff that the other two layers missed. It's really difficult for malware writers to bypass it because the behavior of a program can hardly be manipulated in a way it gets invisible. But the downside is that it is a very blurred detection. Good software often behaves exactly like malware (from a technical view), so that needs to be reliably filtered out. If you turn off cloud lookups in everday-use, you'll probably see many false alerts, so I'd strongly suggest to always keep it on, unless you feel comfortable dealing with alert boxes for good programs.
Click to expand...

Well, certainly. But when behavior blocker alone can pick up nearly 99,99% of everything you throw at it, that means pretty much anything not covered by traditional signatures will with great certainty be detected by behavior blocker. If behavior blocker only detects like 5% or 10% of samples on its own, I wouldn't exactly rely on it catching what signatures miss, unless the missed stuff is exactly those 5-10% of what behavior blocker does detect. But we all know math doesn't work that way when we're dealing with malware.

Which is why I'm testing behavior blockers as stand alone components. To give users general idea how much they can rely on behavior blockers doing the job when you take signatures out of the equation (basically emulating a signature miss scenario).
 
  • Like
Reactions: Solarquest, spaceoctopus, DardiM and 10 others

Similar threads

Shadowra
    • Like
    • +Reputation
    • Applause
App Review Malwarebytes Anti-Malware Premium
Replies
8
Views
1,193
Video Reviews - Security and Privacy
nickstar1
nickstar1
Shadowra
    • Like
    • Thanks
    • +Reputation
App Review Emsisoft Anti-Malware 2022
Replies
38
Views
4,218
Video Reviews - Security and Privacy
flaubert1971
flaubert1971
Jack
    • Like
    • Applause
    • +Reputation
  • thread_type.competition
MalwareTips Giveaway 100 Free License Keys For Emsisoft Anti-Malware
Replies
14
Views
5,518
MalwareTips Giveaways
Jack
Jack

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top