Battle Emsisoft Anti-Malware or Norton Internet Security 2017

giants8058

Level 4
Verified
Jan 26, 2016
150
In my opinion Bitdefender's signature are not" at their best" in the last month.
Other users in other forums saw the same.
Of course it can be discussed if the missed ones are rare ones or not and that they are nothing compared to the 300k new/day...but I still think static detection is not as good as before, at least for new malware.
BB compensate incredibly well most of the time so total protection is still at top level in my opinion.
I'll try the sources you mentioned above in the next time, that might also influence detection.
That's really good to know, thanks. Because from my past experiences, their signatures were amongst the best with newer threats. You are right though. I just ran a scan on your new pack, and it only picked up 1/21 while Kaspersky picked 14/21. The BB picked up the majority of the rest but at one point Emsisoft's protection completely dropped. So did Kaspersky's but after several attempts it eventually came back. It appears one of the files is able to kill AV components that unfortunately Emsisoft couldn't recover from, even after a reboot. Real-time protection process was still running, but after re-running the samples again, some that were blocked before, weren't blocked the 2nd time around. That's not good.

Update:
Tested on my other system and static scan was 2/21 but Emsisoft blocked remaining threats without crashing this time. Both pdf's were missed but possible FPs or most likely phishing sites, one executable was blocked from connecting to a url, .bat file most likely FP, and 2 files being monitored by BB with Bad reputation..so most likely will eventually be quarantined. Good possibility reason for previous crash was due to some kind of system conflict with the VM, host and AVs. Second opinion scanners just picked up initial files that were missed. No auto-runs or malware in memory. This is a testament to just how good Emsisoft's BB really is. Just wish it had better results with the initial static scan (looking at you BD).
 
Last edited:
  • Like
Reactions: Solarquest

sona

Level 5
Verified
Well-known
Nov 14, 2013
248
don't need to pay go for norton.
I voted for EAM because as a long time user(using it now as secondary) I know how good is it.
 

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
That's really good to know, thanks. Because from my past experiences, their signatures were amongst the best with newer threats. You are right though. I just ran a scan on your new pack, and it only picked up 1/21 while Kaspersky picked 14/21. The BB picked up the majority of the rest but at one point Emsisoft's protection completely dropped. So did Kaspersky's but after several attempts it eventually came back. It appears one of the files is able to kill AV components that unfortunately Emsisoft couldn't recover from, even after a reboot. Real-time protection process was still running, but after re-running the samples again, some that were blocked before, weren't blocked the 2nd time around. That's not good.

Update:
Tested on my other system and static scan was 2/21 but Emsisoft blocked remaining threats without crashing this time. Both pdf's were missed but possible FPs or most likely phishing sites, one executable was blocked from connecting to a url, .bat file most likely FP, and 2 files being monitored by BB with Bad reputation..so most likely will eventually be quarantined. Good possibility reason for previous crash was due to some kind of system conflict with the VM, host and AVs. Second opinion scanners just picked up initial files that were missed. No auto-runs or malware in memory. This is a testament to just how good Emsisoft's BB really is. Just wish it had better results with the initial static scan (looking at you BD).

I run all samples yesterday night. The only one that Emsi really missed was the PO &PO ... one. It was in memory and Emsi missed it.
According to VT and other AV it's a fareit trojan, a spy/keylogger according to Microsoft www page.
All other were quarantined or firewall blocked them.
It's difficult to choose..E.g. Eset has a great static detection but bad dynamic one.
As of now Emsi, KIS and Norton in my opinion seems to have something more than the other AV.
 

insanity

Level 5
Verified
Oct 9, 2016
216
I think a more appropriate comparison would be EAM x Norton Antivirus or EIS x Norton Internet Security instead. But anyway, both software are really very good in terms of features and protection. Overall, I tend to prefer Emsisoft, but in your case, since you've got Norton for free, I would be inclined to use Norton from now on and save a few extra bucks ;).
 

giants8058

Level 4
Verified
Jan 26, 2016
150
I run all samples yesterday night. The only one that Emsi really missed was the PO &PO ... one. It was in memory and Emsi missed it.
According to VT and other AV it's a fareit trojan, a spy/keylogger according to Microsoft www page.
All other were quarantined or firewall blocked them.
It's difficult to choose..E.g. Eset has a great static detection but bad dynamic one.
As of now Emsi, KIS and Norton in my opinion seems to have something more than the other AV.
It's possible that the Emsisoft Anti-Malware network updated after you ran your tests, because it flagged both with "bad" reputation on my end. Eset's signatures are excellent but their real-time protection against newer unknown threats is pretty weak. To my understanding, it does memory heuristic analysis of unknown threats, which I don't think is enough. There's no fallback in the event it misses something. Yeah and those three I would have to say as well are probably the best now with Emsisoft and Kaspersky being the clear top 2. Norton's static detection could be better but it's sonar system is really good.
 
Last edited:

Solarquest

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
The problem with Emsi is that they don't check files with the cloud and react accordingly unless BB detects something suspect enough to check online for help.
If you check BB under the protection tab it triggers the cloud check but even if the file has a bad reputation, BB doesn't block it unless it does a suspicious action.
I discussed this already with Fabian but he said it's as they want it to be.
They don't want to check all files with the cloud for privacy (performance) reasons.
After many messages he was open to implement a rule to allow BB to block a file if user triggers the online check and file is flagged as bad.
No idea if and when he'll do it.:(
 

giants8058

Level 4
Verified
Jan 26, 2016
150
That's good to know, and would be a welcome option. Hopefully it's something they are really looking into. It doesn't have to happen automatically but at least give us the option to make the choice or if they are worried about FPs and people making the wrong decision, then make it an option in settings that you can enable/disable.

If they are saying it's for privacy reasons, that doesn't really add up since they already upload any executable that is flagged by the BB, so its most likely just a performance issue. I actually wouldn't mind them checking more file types against the cloud EXCEPT for any personal data files. That should help improve their detection rates like Kaspersky's hybrid scan does. I would trade off a little extra impact on performance for the added security.
 
Last edited:

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,714
That's good to know, and would be a welcome option. Hopefully it's something they are really looking into. It doesn't have to happen automatically but at least give us the option to make the choice or if they are worried about FPs and people making the wrong decision, then make it an option in settings that you can enable/disable.

If they are saying it's for privacy reasons, that doesn't really add up since they already upload any executable that is flagged by the BB, so its most likely just a performance issue. I actually wouldn't mind them checking more file types against the cloud EXCEPT for any personal data files. That should help improve their detection rates like Kaspersky's hybrid scan does. I would trade off a little extra impact on performance for the added security.
Behavior blocker - monitoring files

Some quotes from Fabian:
"As mentioned before: It is working as intended. Doing what you ask would require us to send hashes of every single application you ever start to our server for checking. We won't do that, as it is highly invasive to your privacy. We most likely will never do that."


"Because you force the BB to do the reputation check by going to the list. The BB does not do a reputation check before then and naturally doesn't know what is and isn't bad because the reputation check is only triggered on observing a malicious behaviour. Obviously, we could add that it asks you to quarantine then. But that is not what you want. You want us to check the reputation of every application you start indiscriminately and quarantine automatically, which is something we won't do for privacy reasons. Because then we would know at any time exactly what applications you are running. You may be fine with that, but a tonne of other people would not."
 

giants8058

Level 4
Verified
Jan 26, 2016
150
Behavior blocker - monitoring files

Some quotes from Fabian:
"As mentioned before: It is working as intended. Doing what you ask would require us to send hashes of every single application you ever start to our server for checking. We won't do that, as it is highly invasive to your privacy. We most likely will never do that."


"Because you force the BB to do the reputation check by going to the list. The BB does not do a reputation check before then and naturally doesn't know what is and isn't bad because the reputation check is only triggered on observing a malicious behaviour. Obviously, we could add that it asks you to quarantine then. But that is not what you want. You want us to check the reputation of every application you start indiscriminately and quarantine automatically, which is something we won't do for privacy reasons. Because then we would know at any time exactly what applications you are running. You may be fine with that, but a tonne of other people would not."
Thanks for the link. Learned something new as to what exactly triggers a reputation lookup with the BB. Actually feeling kind of dumb right about now and not sure why Fabian didn't bring it up. When you trigger a reputation check when going into the protection tab and something at that point is marked bad, there are 6 options if you right click a process including quarantine. Hence if the scan missed it and you never opened the tab to begin with, that means it wouldn't have been marked bad on its own since it never displayed any malicious behavior. And then if you find it for yourself, you can just manually quarantine it. That's actually the option I was referring to but it completely slipped my mind that it's already available but I wouldn't want it to auto-quarantine. Even when the BB picks something up on its own, it doesn't auto-quarantine. You get an alert with the recommended action. It would be pretty cool though if they also included a VirusTotal lookup along with their own AM Network. Not a big deal though.

I guess that is a good point about scanning every application that's running/installed each time in the cloud. I would never want my personal files to be scanned in the cloud, but then again I guess I also wouldn't want them knowing if I had a password manager, book keeping/invoice program or tax preparation app on my system every time either. If they are already known to be safe or never exhibited any malicious behavior, then there is no reason a company needs to know what I have installed on my system.

Update:

"The BB does not do a reputation check before then and naturally doesn't know what is and isn't bad because the reputation check is only triggered on observing a malicious behaviour."

It appears what Fabian said was incorrect unless I'm looking at this wrong. Any program in the list that has a Good reputation, must have been at some point submitted to the cloud. Not every time, but at least once for it to have a trusted designation.
 

Attachments

  • BB.png
    BB.png
    317.4 KB · Views: 453
Last edited:
  • Like
Reactions: harlan4096

Pearl96

Level 5
Verified
Jan 14, 2017
203
Go for Norton alongside Zemana as a second-opinion scanner! Norton offers Sonar ( works as a behavioural module ) and its firewall is really Great! What I don't like about Norton is the very low detection rate but you can use zemana as it offer high detection rate in comparison to Norton! This does not mean Emsisoft isn't good, but Norton is a complete suite and offers the Norton's Promise thing ( if you're computer gets infected and a Norton's agent could not disinfect, your money backs to you ). If you're not 100% sure, just give both of them a try and then decide that's why Companies offer trial version :D
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,159
Should compare Emsisoft Internet Security vs Norton Internet Security

Besides their malware detection can also compare who's firewall has better features and can perform better. How about network protection features for both?

Anyone knows whose firewall is better? One thing I know is that both do NOT have arp protection
 
Last edited:

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
Should compare Emsisoft Internet Security vs Norton Internet Security

Besides their malware detection can also compare who's firewall has better features and can perform better. How about network protection features for both?

Anyone knows whose firewall is better? One thing I know is that both do NOT have arp protection
Emsisoft solely because of its behavior blocker.
 

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
Emsisoft is too much User Dependent.

Thank god. Like I'd click yes for some funny-named process I didn't start in the first place. :rolleyes:

Just yesterday, I was running the Norton trial on my Mac. Compiled an .exe and put it in my Dropbox so I could sign it on my other PC. Before I could select it in the GUI, the file was gone. Tried again, gone. Wash, rinse, repeat.

What happened? Norton on my Mac took the liberty to silently trash the damn file. No info, no pop-up, nada. Had to dig through heaps of windows until I finally found it somewhere in the log as deleted. Didn't think of it at first, because I hadn't worked on the Mac that day.

Emsisoft on the other hand, which is running on my Windows machines, didn't flinch. And why would it? I didn't even try to execute anything, especially not before digitally signing it with a valid certificate. Then again, it would have asked me anyway before assuming I can't tie my shoes and simply deleting something potentially important just for the heck of it.

Naturally, Norton went into its natural habitat (the bin) the moment I found out. Now, if you like this infantilizing behavior go for it, by all means. I won't be patronized / belittled in that manner. Not like a little window, maybe accompanied by a simple blip sound would have hurt anything. Oh well, good riddance. :cool:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top