App Review Emsisoft Internet Security 11 Protection Test

[Terry Ganzi]

 

[frogboy]

Thanks very interesting as i am using this AV at this point in time but that drag and drop is a bit of a worry. Not that i have done that so not to much of a problem for me.

 

[Terry Ganzi]

He is running Emsisoft on default setting so when run that way it does not interact until you execute,simple.
The real issue here,is that he executed some and no flags were raised.

 

[Cats-4_Owners-2]

Thank you @Terry Ganzi! My interest in this test was (like frogboy's) partly rooted in the fact I'm using Emsisoft, and since it's now set at default settings, any of my dragging or clicking on "items" shall be done more thoughtfully; and shall follow methodical right <click> safeguarding only. Oh, oh.. here come the flashbacks of when I was careless with UAC!

Additionally, I'd nearly forgotten how enjoyable mrizos' narrative tests truly are. Thanks for reminding me!

 

[spaceoctopus]

It should be a bug in the product or something is not working correctly with the virtualisation.It is often the case when testing security products.You get delays in detections, notifications, files don't execute correctly and so on

On default settings the product File Guard is set on BALANCED ''Scans files when they are modified''. Emsisoft blocks malwares when they are extracted or modified. On many other videos this problem is not present. This case is specific and if it's a bug in the product, that will surely be fixed.

 

[jamescv7]

Well the behavior blocker of Emsisoft is something that I notice even before about the blocking activity where no pop interaction except being automated.

 

[_CyberGhosT_]

His issue with the 3rd and 4th folder he tried to run, may have been that the Ransomware was aware it was in a virtual environment, some ransomware & viruses check for that now, and if they detect that they are within a virtual environment will refuse to execute.
For someone who works in the field I am surprised that did not cross his mind.
Thanks Terry for the share

 

[_CyberGhosT_]

The real issue here,is that he executed some and no flags were raised.

No, they did not execute, he tried, but neither executed, and it may be for the reason I posted above, had it tried to execute I am sure Emsisoft would have reacted.

 

[Der.Reisende]

Thanks very interesting as i am using this AV at this point in time but that drag and drop is a bit of a worry. Not that i have done that so not to much of a problem for me.

The reason for EIS real-Time doing nothing on those script files is the limited preset of file extensions to be monitored in real-time. If you add further extensions (like .wsf) manually, it should flag / remove them automatically. You can also simply untick the box next to "monitor only certain extensions", which might lead more RAM usage, or to some FP, in the worst case.

Spoiler: Emsisoft Stock Settings

Not wanting to act like a smarta**, but regarding those scripts doing nothing on the first glance, I'd suggest mrizos should use at least SysInternals ProcessExplorer to spot malicious processes (turn on VT detections there manually), as malware more and more tries to sleep for some minutes before rolling out it's actions (and make EIS HIPS intercept it in most cases). However, me speaking of ShadowDefender protected environment, the VM-awareness mentioned by @_CyberGhosT_ is still to be considered.

Back to topic, this is a great share, thank you for that @Terry Ganzi!

 

[Rebsat]

@Der.Reisende Hi bro. You're participating alot in testing malware samples in Malware Vault section. Your favourite Antivirus is EIS. Whenever I am looking at the result of testing malware pack over there then I see KTS is performing very well. It totally prevent each malware from running and at last the system is safe and not infected but the situation is different for EIS since I saw most of the time it left 2 or 3 malwares and sometimes the system got infected.

I just wonder to know... Why are you still use EIS despite that facts? and What was the reasons that makes you keep EIS as your favourite Antivirus?

Thank you bro for your good assistance

 

[Der.Reisende]

@Der.Reisende Hi bro. You're participating alot in testing malware samples in Malware Vault section. Your favourite Antivirus is EIS. Whenever I am looking at the result of testing malware pack over there then I see KTS is performing very well. It totally prevent every malware from running and at last the system is safe but the situation is different for EIS since I could see most of the time it left 2 or 3 malwares and sometimes the system got infected.

I just wonder why are you still use EIS despite that? What was the reasons that makes you keep EIS as your favourite Antivirus no matter happened? Thank you bro

I think Kaspersky does use some kind of Sandbox / Anti-Exe on every file it thinks is untrusted because unknown (which is preset). @harlan4096 might know more about it

Emsisoft was on of those AVs not used by another HUB Member, so I thought to give it a chance, as it's reputation is quite good but never had the chance to test it myself, especially the firewall (which Qihoo 360 Total Security misses, despite one of the first with signatures, you can get your PC infected, too).
I love the lightweight, the cloud assisted HIPS which still intercepts most Zero-Days (speaking of EIS / Bitdefender signatures) and the reliable auto-update. Also, the GUI is really intuitive. Did I mention the good PUP/PUA blocker by Emsisoft's signatures?

In realtime use, you can boost settings, I just noticed an option which Kaspersky seems to have too, but which is not enabled in EIS (probably to prevent many false positives). I would not worry about that (unless you're always on dangerous pages), no AV is bulletproof these days, you can let Zemana Anti Malware next to it and it will probably catch every possible virus.

Spoiler: Screenshots

 

[JM Safe]

Thanks for sharing this interesting review @Terry Ganzi .

 

[CMLew]

@Der.Reisende Hi bro. You're participating alot in testing malware samples in Malware Vault section. Your favourite Antivirus is EIS. Whenever I am looking at the result of testing malware pack over there then I see KTS is performing very well. It totally prevent each malware from running and at last the system is safe and not infected but the situation is different for EIS since I saw most of the time it left 2 or 3 malwares and sometimes the system got infected.

I just wonder to know... Why are you still use EIS despite that facts? and What was the reasons that makes you keep EIS as your favourite Antivirus?

Thank you bro for your good assistance

FYI, I'm also a (loyal) Emsisoft user (Both EAM and EIS). It's installed on my most family and relatives laptop. They always asked me the same question: "Is Emsisoft good? Never heard of that. Why not Avast, Norton, Bitdefender, etc.. "

My response to them:
1) No AV/IS is impenetrable.
2) All AV/IS have the same purposes, to detect and prevent infection.
3) User behaviour is way more important than an AV/IS capabilities.
4) (Somewhat Personal) Emsisoft is way more affordable than the rest you mentioned.
5) Never single-rely on AV/IS alone to detect/prevent infection. Learn how your software behave instead and work from there.

 

[Terry Ganzi]

MY reason for this post is I'm a very,very long time user of this product,but here of late it seem to be diluted a little,and on other forums you get people that state there yet to see something get pass Emsisoft but in reality stuff do get past this product,it is not very prevalent but stuff do get past it,this video does not show that for certain but I just wanted to put that out there.

 

[Evjl's Rain]

I think Kaspersky does use some kind of Sandbox / Anti-Exe on every file it thinks is untrusted because unknown (which is preset). @harlan4096 might know more about it

Emsisoft was on of those AVs not used by another HUB Member, so I thought to give it a chance, as it's reputation is quite good but never had the chance to test it myself, especially the firewall (which Qihoo 360 Total Security misses, despite one of the first with signatures, you can get your PC infected, too).
I love the lightweight, the cloud assisted HIPS which still intercepts most Zero-Days (speaking of EIS / Bitdefender signatures) and the reliable auto-update. Also, the GUI is really intuitive. Did I mention the good PUP/PUA blocker by Emsisoft's signatures?

In realtime use, you can boost settings, I just noticed an option which Kaspersky seems to have too, but which is not enabled in EIS (probably to prevent many false positives). I would not worry about that (unless you're always on dangerous pages), no AV is bulletproof these days, you can let Zemana Anti Malware next to it and it will probably catch every possible virus.

Spoiler: Screenshots

View attachment 114285 View attachment 114286

it's because of kaspersky's application control, rules are loaded from KSN. If the file is not so popular, it will be put into "low restricted" group
In this group, app can only read and start other processes but it cannot inject codes or write anything to the critical system folders that's why I think we hardly see kaspersky gets "infected" in malware hub tests. perhaps petya ransomware can bypass it
in the default settings, "Trust digitally signed applications" is checked so malwares may use this to bypass application control. It must be unchecked
This is why I think kaspersky is superior to other AVs. Does EIS have similar feature?

correct me if I'm wrong

 

[spaceoctopus]

@Der.Reisende Hi bro. You're participating alot in testing malware samples in Malware Vault section. Your favourite Antivirus is EIS. Whenever I am looking at the result of testing malware pack over there then I see KTS is performing very well. It totally prevent each malware from running and at last the system is safe and not infected but the situation is different for EIS since I saw most of the time it left 2 or 3 malwares and sometimes the system got infected.

I just wonder to know... Why are you still use EIS despite that facts? and What was the reasons that makes you keep EIS as your favourite Antivirus?

Thank you bro for your good assistance

On reading your post i remembered of a video of Kaspersky 2017 that i stumbled upon last week.You are right, it is true that it's an excellent product, but not perfect as it is shown in the test video. Just wanted to share, thnx

 

[silversurfer]

This test seems to be done by a novice. It should be tested some different samples but not only the same type of samples

 

[Terry Ganzi]

This test seems to be done by a novice. It should be tested some different samples but not only the same type of samples

The person who did this video is not a novice,he has been doing those videos for sometime.
I think he also works for Emsisoft.

 

[_CyberGhosT_]

This test seems to be done by a novice. It should be tested some different samples but not only the same type of samples

Agreed, and reguardless the comments the evidence is right there in the video. Good catch surfer.

 

[FrFc1908]

The person who did this video is not a novice,he has been doing those videos for sometime.
I think he also works for Emsisoft.

Matt does not work for Emsisoft , I am quite sure about that. you are right about the part that he is not a novice! he runs his own company , where cleans customers pc's from malware and tune them up. I believe he does have his own site / forum as well. @silversurfer : he is doing these reviews for some years now he and languy99 where the pioneers in the product testingfield. allthough matt's testing methology might not be that accurate.