Software to Compare
Emsisoft Anti - Malware
Eset Internet Security
F - Secure Safe
Compare
  1. Core protection (AV engine, Heuristic engine)
  2. Internet protection (Web filtering, Anti-Phishing, Antispam, Browser extension)
  3. Proactive protection (Behavior blocker, HIPS, Sandbox)
  4. Network protection (Firewall, Botnet protection)
  5. Ransomware protection
  6. Machine Learning and A.I. capabilities

Soulbound

Moderator
Verified
Staff member
Hips that don't work, everyone knows that, ESET is weak in behavior. Yes, antivirus needs behavior module.
I have extensively tested Hips and it works.
Smart mode works fine.
If you are paranoid, learning then policy based or annoying interactive mode.

The default setting is questionable but still works.

Clearly you are not familiar with ESET and how it works. perhaps you would like to try in a VM and also read the user documentation/KB
 

toto

Level 4
Verified
I looking for protection for website. I watch a lot of movies on internet and some websites have very agressive ad systems with porn, hazard and more. (potencionaly phising or malware?)

I have monthly subscription on Hbo go and Netflix, but a lot of movies, what I want see isn't available on this services.
I would use Eset in this case, it is very good at blocking adware and websites that offer adware. You might want to enable the PUA blocking feature in the settings, but even on default it has really good protection against dodgy websites
 

SecureKongo

Level 4
You might be right that the Antivirus should work well by default, but I don't see the connection to Eset there. Just because their BB isn't as good as some others from Kaspersky for example, doesn't mean that it's terrible and a bad AV. They need to balance their products between usability and security for the average user. So I think it's good that Eset doesn't come in Paranoid mode by default.

Mod Edit: cleaned up post to reflect recent changes in thread.
 
Last edited by a moderator:

Soulbound

Moderator
Verified
Staff member
Thread cleaned up from misinformation. Some posts have been removed due to the cleanup.

One thing to note: Different solutions rely on several layers of protections.

Common to misconception: One solution that has Behaviour Blocker does not mean it does not use additional layers of protection. The same for solutions that include HIPS.
 

Raiden

Level 18
Verified
Content Creator
Thread cleaned up from misinformation. Some posts have been removed due to the cleanup.

One thing to note: Different solutions rely on several layers of protections.

Common to misconception: One solution that has Behaviour Blocker does not mean it does not use additional layers of protection. The same for solutions that include HIPS.

Spot on!

There's always a tendency to ASSUME how these types of programs work/not work one way, or another. Most suites now a days have multiple layers built in and many of them are designed to work with one another. There's also a tendency to assume that this program does better than that one because it uses x technology.

At the end of the day, no program is perfect, all AV's will miss samples and there are plenty of examples out there of people getting infected regardless of which program they are using. These types of threads are good to get a GENERAL idea, but the only sure way is for the OP to try out all the programs they are interested in and choose the one they like the most. Most have 30 day trials, take advantage of them all. It's your system and your money, so you have to be happy with the choice, not us. Remember an AV is only one aspect of your over all security, the rest, if not the majority of it falls on you the user and what your habits are. An AV is there to help assist you, it's not there to solve all your problems.:):emoji_beer:
 
Last edited:

Local Host

Level 22
Verified
It is not recommended to use antivirus without behavior blocker, Eset has no behavioral blocker, depends mostly on signatures, Avira has better signatures than ESET, it has always been like this, F Secure uses avira engine, however it has a very bad behavior blocker and cannot remove threaten properly. Emsisoft has a strong behavior blocker, which is no different from Bitdefender, which can generate false positives.
ESET has HIPS as already stated, plus signatures between ESET and Avira are not much different, they both high quality.

Claiming F-Secure BB is weak, no offense but is ridiculous, they have one of the best BBs of the industry (DeepGuard).
 

SeriousHoax

Level 30
Verified
Malware Tester
Eset has no behavioral blocker, depends mostly on signatures, Avira has better signatures than ESET
Yes ESET don't have a typical behavior bkocker but results shows that they don't need it as much as some users may think. ESET does a lot with their signatures and can detect most new threats better than most other AVs with their smart signatures.
And no, Avira don't have better signatures than ESET. Avira is far worse. It's very good against exe based malwares but awful against scripts. Also, I'm not sure why you're saying F-Secure has a bad behavior blocker. It's very good actually. But I agree with you on the removal part. F-Secure's malware removal is very bad indeed. Kaspersky, Bitdefender, Norton, Microsoft Defender are your best bet if you want an AV with good malware removal ability. F-Secure would be near the bottom if not at the bottom in this category.
Btw, in case of ESET, I have tested ESET for almost a year here on the malware hub. You can check the results to get an idea about how ESET performs. (Spoiler: Extremely good results overall).
P.S. Personally opinion: Behavior blockers are overrated for home users. I never needed an AV to save me with its behavior blocker. If the AV has good and fast signatures, a user would almost never see the behavior blocker in action.
 

MacDefender

Level 11
Verified
I have extensively tested Hips and it works.
Smart mode works fine.
If you are paranoid, learning then policy based or annoying interactive mode.

The default setting is questionable but still works.

Clearly you are not familiar with ESET and how it works. perhaps you would like to try in a VM and also read the user documentation/KB
Could you elaborate on what sets off the HIPS? In the past I’ve tried writing some naive attempts at ransomware or startup annoyance ware and they tend to set off Kaspersky, Norton, F-Secure, etc but ESET didn’t react, at least not until someone complained on their forums and got a signature written for them. I figure the module does something, I just couldn’t figure out through experimentation.

FWIW as others have said, I found F-Secure DeepGuard to be an extremely effective behavior blocker against executable malware, right up there with Emsisoft. Last I tried it was pretty weak against scriptors, especially non PowerShell malware, and it was also blind to anything that a whitelisted process gets exploited to do. As others have stated, F-Secure is weak for cleanup. If you get infected then you need a different product to disinfect the machine, though the combination of DeepGuard and Avira cloud ought to make that rare. Unfortunately recently I have noticed that Avira Cloud seems to be increasing in false positive rates, more and more unsigned binaries trigger APC cloud heuristic signatures. F-Secure tries to combat some of that via their certificate whitelisting engine.

not everyone needs a behavior blocker though. ESET often catches zero day packs by well written signatures at a higher rate than behavior blockers, so I would say their strategy works for the most part.
 

Soulbound

Moderator
Verified
Staff member
Could you elaborate on what sets off the HIPS? In the past I’ve tried writing some naive attempts at ransomware or startup annoyance ware and they tend to set off Kaspersky, Norton, F-Secure, etc but ESET didn’t react, at least not until someone complained on their forums and got a signature written for them. I figure the module does something, I just couldn’t figure out through experimentation.
I wrote some rules in the past but the easiest way was the following:

Knowing that your system is clean, set to learning mode for a couple of days max - perform most of your actions: launch often use programs, etc.

then switch to interactive mode for a few more days, you might have some pop ups or not. Then go Policy Based mode. Alternatively keep interactive mode since most rules should be populated by now anyway. Smart mode is the extremely lazy mode but I still recommend some rules before using smart mode.

Taken directly from KB:

HIPS settings
Filtering Mode
—There are five filtering modes you can select to change how HIPS filters system activity. The modes are:

  • Automatic mode: This is the default setting. In this mode, operations are enabled except for those that are blocked by pre-defined rules that protect your system.
  • Smart mode: You will only receive notifications about suspicious system events.
  • Interactive mode: Only recommended for advanced users. You will receive notifications that prompt you to Allow or Deny each operation detected. Select the Create rule check box to save your response as the rule for a given operation. Selecting the check box next to Temporarily remember this action for this process will cause the action (Allow/Deny) to be remembered until HIPS rules are changed, the HIPS filtering mode is changed, the HIPS module is updated or your computer is restarted.
  • Policy-based mode: Operations not defined by a rule are blocked. See HIPS—Advanced setup for more details.
  • Learning mode: In Learning mode, operations are enabled and a rule is created after each operation. Rules created in this mode can be viewed in the Rule editor, but their priority is lower than the priority of rules created manually or rules used in automatic mode.
    • Selecting Learning mode enables the Learning mode will end at option. Once the specific time period passes, Learning mode is disabled. The maximum time period is 14 days. After this time period has passed, you will be prompted to edit the rules and select a different filtering mode.
.
 

MacDefender

Level 11
Verified
I wrote some rules in the past but the easiest way was the following:

Knowing that your system is clean, set to learning mode for a couple of days max - perform most of your actions: launch often use programs, etc.

then switch to interactive mode for a few more days, you might have some pop ups or not. Then go Policy Based mode. Alternatively keep interactive mode since most rules should be populated by now anyway. Smart mode is the extremely lazy mode but I still recommend some rules before using smart mode.

Taken directly from KB:

HIPS settings
Filtering Mode
—There are five filtering modes you can select to change how HIPS filters system activity. The modes are:

  • Automatic mode: This is the default setting. In this mode, operations are enabled except for those that are blocked by pre-defined rules that protect your system.
  • Smart mode: You will only receive notifications about suspicious system events.
  • Interactive mode: Only recommended for advanced users. You will receive notifications that prompt you to Allow or Deny each operation detected. Select the Create rule check box to save your response as the rule for a given operation. Selecting the check box next to Temporarily remember this action for this process will cause the action (Allow/Deny) to be remembered until HIPS rules are changed, the HIPS filtering mode is changed, the HIPS module is updated or your computer is restarted.
  • Policy-based mode: Operations not defined by a rule are blocked. See HIPS—Advanced setup for more details.
  • Learning mode: In Learning mode, operations are enabled and a rule is created after each operation. Rules created in this mode can be viewed in the Rule editor, but their priority is lower than the priority of rules created manually or rules used in automatic mode.
    • Selecting Learning mode enables the Learning mode will end at option. Once the specific time period passes, Learning mode is disabled. The maximum time period is 14 days. After this time period has passed, you will be prompted to edit the rules and select a different filtering mode.
.
Thank you sir. I definitely can see the protection value of learning mode and manual rules but I was wondering if the default Smart mode without any training would stop zero day attacks and in my experience it was not generalized like that. Perhaps they did program in rules for very specific malware activities that are unique to a family of real malware but it did not respond at all to the more general example of an unsigned EXE that loops through your documents and replaces them with encrypted copies (a pattern that most behavior blockers react to in the naive form, and many behavior blockers can even protect against in trickier forms)

I consider it more of an enterprise or server hardening tool. I don’t think the average person derives much benefit from the ESET HIPS due to the need to train it, which is really odd because it is such a powerful tool when used properly. It just needs some more default rules or even better, cloud based curated rules.
 

bribon77

Level 34
Verified
Although Eset. it has tools, like a great heuristic, a great number of signatures and of course the HIPS.

BUT, HIPS is not for all users, it is annoying for a user who does not know how to respond to the alerts it generates. Like the Comodo suite that also comes with HIPS.

I think that for a non-advanced user a behavior detector is preferable, like the one that Emsisoft or F Secure have
 

Soulbound

Moderator
Verified
Staff member
Although Eset. it has tools, like a great heuristic, a great number of signatures and of course the HIPS.

BUT, HIPS is not for all users, it is annoying for a user who does not know how to respond to the alerts it generates. Like the Comodo suite that also comes with HIPS.

I think that for a non-advanced user a behavior detector is preferable, like the one that Emsisoft or F Secure have
Ill point you to Page 1 post #17
 

Raiden

Level 18
Verified
Content Creator
Although Eset. it has tools, like a great heuristic, a great number of signatures and of course the HIPS.

BUT, HIPS is not for all users, it is annoying for a user who does not know how to respond to the alerts it generates. Like the Comodo suite that also comes with HIPS.

I think that for a non-advanced user a behavior detector is preferable, like the one that Emsisoft or F Secure have

Your post highlights an important point that often gets missed, in all of this.

To me there's a big difference between being weak against malware in general and having a similar but different technology that may, or may not be easier to use. In the case of Eset, yes, it doesn't have a "behavior blocker" like the others, it has HIPS. Some confuse the lack of a "behavior blocker" as being weak... Eset is not a weak AV, it's quite capable. Their signatures/heuristics are some of the best and they usually are one of the first to have signatures for new malware. That being said, it has HIPS to help with newer unknown malware, among other things like Live Grid, etc... Like you said, HIPS is very strong, however, it does require some understanding and tinkering to get the best out of it, but regardless it does what it's suppose to.

The others have a behavior blocker, which really is like HIPS, but automated. It's just a set of rules to help the AV determine potential malware activity. So when one steps back, you realize they have similar capabilities, it's just that one requires some potential setup and the other is automated. It not that one is more secure than the other, it's more of an ease of use case IMHO. Again and I know I am repeating myself, but malware can still get by regardless if you have a behavior blocker, HIPS, whatever, nothing is ever perfect. People just need to stop assuming and making generalizations about products just because it doesn't have x. It may very well have that capability, just done differently.
 
Yes ESET don't have a typical behavior bkocker but results shows that they don't need it as much as some users may think. ESET does a lot with their signatures and can detect most new threats better than most other AVs with their smart signatures.
And no, Avira don't have better signatures than ESET. Avira is far worse. It's very good against exe based malwares but awful against scripts. Also, I'm not sure why you're saying F-Secure has a bad behavior blocker. It's very good actually. But I agree with you on the removal part. F-Secure's malware removal is very bad indeed. Kaspersky, Bitdefender, Norton, Microsoft Defender are your best bet if you want an AV with good malware removal ability. F-Secure would be near the bottom if not at the bottom in this category.
Btw, in case of ESET, I have tested ESET for almost a year here on the malware hub. You can check the results to get an idea about how ESET performs. (Spoiler: Extremely good results overall).
P.S. Personally opinion: Behavior blockers are overrated for home users. I never needed an AV to save me with its behavior blocker. If the AV has good and fast signatures, a user would almost never see the behavior blocker in action.
Avira does have better signatures than ESET, so much so that it always does better in tests.
 
Top