- Feb 7, 2014
- 1,540
Then what do you have to say about this.
What i was talking about when you responded was the Kaspersky vid, and the person who produce that vid is Leo.
Last edited:
Emsisoft Internet Security 11 Protection Test
- Thread starter Terry Ganzi
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Then what do you have to say about this.
What i was talking about when you responded was the Kaspersky vid, and the person who produce that vid is Leo.
- Jul 28, 2016
- 950
Leo ( thepcsecuritychannel ) is working for emsisoft , as he is explaining in the video you just shared , but Matt ( Mrizos ) is not. the are two different persons.
EIS verifies any newly ran file with the cloud reputation, next to it's HIPS actions. If cloud rep tells the file safe, HIPS let it run (can even happen for malicious files!).
Because of seldom (to my experience) false cloud reputation decisions, you can uncheck that.
I haven't seen Application control in EIS like it is in KIS...
Last edited:
- Aug 2, 2015
- 4,286
I don't think my comment was twords this fellas ability to do his job as a professional malware removal tech.
I dont care who he knows or works for that's not even relevant to the situation.
My comments were directed at the video and his testing skillz. He was ill prepaired for it.
Clearly he does not work for Emsisoft, his unfamilarity with EIS made that painfully obvious.
He says himself they may have all been the same sample, just disguised diffrently but he didn't know for sure, which means he didn't do his prep work before testing.
Experienced testers will know where i'm coming from.
If they were all the same samples then when the first failed to run, of course none of them would have run after that, and the ramsomware samples he had could have very well been VM aware
and that's not something unheard of, its plastered all over the internet, but as a professional I am sure he is good at helping clean up machines, I just think he has a ways to go from the video testing
aspect of things. But it was a good attempt.
I dont care who he knows or works for that's not even relevant to the situation.
My comments were directed at the video and his testing skillz. He was ill prepaired for it.
Clearly he does not work for Emsisoft, his unfamilarity with EIS made that painfully obvious.
He says himself they may have all been the same sample, just disguised diffrently but he didn't know for sure, which means he didn't do his prep work before testing.
Experienced testers will know where i'm coming from.
If they were all the same samples then when the first failed to run, of course none of them would have run after that, and the ramsomware samples he had could have very well been VM aware
and that's not something unheard of, its plastered all over the internet, but as a professional I am sure he is good at helping clean up machines, I just think he has a ways to go from the video testing
aspect of things. But it was a good attempt.
Last edited:
- Jul 13, 2014
- 766
It depends in what sense you find it superior. Personally i find it (KSN) to be one among many ways of protecting a system.
Some malwares are designed to evade detection or pretend to be a legitimate and signed software. Bots are particularly effective in doing that. Some are a real headache to detect and remove. They download hundreds of malwares, while they are detected by your security software, the bot hides its location and ''move around'' in your system. It could trick Kaspersky in that case, pretending to be a legitimate software,thus, gaining high privilege and infect your system.
Taking this situation into account and the type of malware, you better have a good Behavior blocking and analysis module in your security software. In that area, Emsisoft excels and could detect the malicious behaviors and successfully protect the system. The behavioral detection would be more effective than the cloud analysis in that situation, it really depends.
thanks for you explanation but KIS also has behavioral protection, I dont know if KIS doesnt have anything that EIS has. I dont know which behavioral detection is better, probably EIS
The feature that I THINK KIS is probably better is its application control, not sure if EIS has
That's why I haven't seen any "infected" status with 2nd opinion scanners with KIS in malware hub posts. I have been in MT for a few months so I started watching some of these threads since then
- Jul 13, 2014
- 766
Yes you are right, Kaspersky has behavioural protection. Emsisoft is not the best product on the market, there is no best software anyway, but behavioural protection is an area where they are very strong. I think in behavioural detection Emsisoft would have a higher percentage of detection than Kaspersky.(I'm talking about behavioral protection only)
Application control is a component that Emsisoft has i think, but it is integrated in their behavioural module. The way behavioural detection works anyway, it should control and monitor how applications behave. Emsisoft also checks the programs in the cloud, notifies you or take the appropriate action automatically.
It is also important to note that manufacturers have preferences depending on how they think they can offer the best protection. Some products, such as Kaspersky, the application control is more or less automatic. Some other products prefer an interactive approach such as Panda. Some don't use application control and prefer to focus on the IDS, HIPS, cloud technology, sandboxing, or an intelligent firewall and so on. Emsisoft uses two engines(Their own and that of Bitdefender), which already gives a very high level or detection. So they choose to focus a lot on their behavioral module. I may be wrong, but personally i think their behavioral module is ''hybrid''. It is like a mix of IDS, application control,behavioural analysis and blocking, and cloud technology.
- Jul 27, 2013
- 43
A few remarks we want to add to this video review (as posted on youtube):
1. It seems most of the tested files originated from the same ransomware campaign. They all use the same .wsf file extension, which is currently not being monitored by the File Guard component. We'll fix that with the upcoming update. But as you can see the scripts themselves were not able to perform any malicious action - that's why the Behavior Blocker didn't alert them either.
2. We'll also fix the scanner window glitch with the result list. Both detected items were part of the same archive file, so after cleaning the first, the other finding couldn't be deleted as the archive file was already removed before. The list item staying on screen doesn't have any impact on the actual removal - that worked just fine.
Side note: EAM/EIS v12 pulic beta will be out soon. Stay tuned.
1. It seems most of the tested files originated from the same ransomware campaign. They all use the same .wsf file extension, which is currently not being monitored by the File Guard component. We'll fix that with the upcoming update. But as you can see the scripts themselves were not able to perform any malicious action - that's why the Behavior Blocker didn't alert them either.
2. We'll also fix the scanner window glitch with the result list. Both detected items were part of the same archive file, so after cleaning the first, the other finding couldn't be deleted as the archive file was already removed before. The list item staying on screen doesn't have any impact on the actual removal - that worked just fine.
Side note: EAM/EIS v12 pulic beta will be out soon. Stay tuned.
- Aug 2, 2015
- 4,286
Thanks EmsiSoft for the Heads Up, you have some of the best Dev's in the business and it shows.A few remarks we want to add to this video review (as posted on youtube):
1. It seems most of the tested files originated from the same ransomware campaign. They all use the same .wsf file extension, which is currently not being monitored by the File Guard component. We'll fix that with the upcoming update. But as you can see the scripts themselves were not able to perform any malicious action - that's why the Behavior Blocker didn't alert them either.
2. We'll also fix the scanner window glitch with the result list. Both detected items were part of the same archive file, so after cleaning the first, the other finding couldn't be deleted as the archive file was already removed before. The list item staying on screen doesn't have any impact on the actual removal - that worked just fine.
Side note: EAM/EIS v12 pulic beta will be out soon. Stay tuned.
No Security suite is 100% and no realistic consumer expects 100% protection all the time, if they do they are dillusional.
Tell Mr. Ott, Mr. Shimer says Hello
- Jul 22, 2014
- 2,525
Thanks for the update, @Emsisoft
I think Kis as Emsi are very good products.
In general no AV is perfect and detection/protection will vary in time too.
I have both and I tested Emsi IS before Der.Reisende.
I think their overall detection rate, including BB, has worsened on the last months.
BB is missing some samples in the Hub tests, more than in the past in my opinion.
What's excellent with Emsisoft is that they release new versions as soon as available, without waiting as all othwrs I know the next year.
I' m pretty confident they are working on these issues and versin 12 will bring Emsi back to the "top".
@Emsisoft,
Can you pks explain how exactly Emsi behaves when a file not detected by signature /heuristic is executed?
1- Emsi checks the network database every time an unknown file is run: if the file is found the "info" is used, if not BB monitors the file's behavior and if suspect it alerts the user.
2- the network database is checked not alwas but only when BB flags the file as suspicious.
After that the network "info" is used if available, if not BB will ask user what to do.
If memory serves, Fabian said Emsi uses the 2nd approach, but I might be wrong.
I would prefer the 1st...
Can you pls help us to understand this?
Thank you
I think Kis as Emsi are very good products.
In general no AV is perfect and detection/protection will vary in time too.
I have both and I tested Emsi IS before Der.Reisende.
I think their overall detection rate, including BB, has worsened on the last months.
BB is missing some samples in the Hub tests, more than in the past in my opinion.
What's excellent with Emsisoft is that they release new versions as soon as available, without waiting as all othwrs I know the next year.
I' m pretty confident they are working on these issues and versin 12 will bring Emsi back to the "top".
@Emsisoft,
Can you pks explain how exactly Emsi behaves when a file not detected by signature /heuristic is executed?
1- Emsi checks the network database every time an unknown file is run: if the file is found the "info" is used, if not BB monitors the file's behavior and if suspect it alerts the user.
2- the network database is checked not alwas but only when BB flags the file as suspicious.
After that the network "info" is used if available, if not BB will ask user what to do.
If memory serves, Fabian said Emsi uses the 2nd approach, but I might be wrong.
I would prefer the 1st...
Can you pls help us to understand this?
Thank you
- Jul 13, 2014
- 766
Thank you for these clarifications.A few remarks we want to add to this video review (as posted on youtube):
1. It seems most of the tested files originated from the same ransomware campaign. They all use the same .wsf file extension, which is currently not being monitored by the File Guard component. We'll fix that with the upcoming update. But as you can see the scripts themselves were not able to perform any malicious action - that's why the Behavior Blocker didn't alert them either.
2. We'll also fix the scanner window glitch with the result list. Both detected items were part of the same archive file, so after cleaning the first, the other finding couldn't be deleted as the archive file was already removed before. The list item staying on screen doesn't have any impact on the actual removal - that worked just fine.
Side note: EAM/EIS v12 pulic beta will be out soon. Stay tuned.
- Apr 13, 2014
- 254
@spaceoctopus According to your explanation then Emsisoft would give ultimate protection which no other Security softwares would give it
Is that right?
- Jul 13, 2014
- 766
No,i simply highlighted Emsisoft behavioral blocking capabilities in a particular situation as an example. In a situation where a malware evades your scanners, good behavioral protection would be an invaluable asset. No product has or would give the ''ultimate protection''. Hope that this answers your question.@spaceoctopus According to your explanation then Emsisoft would give ultimate protection which no other Security softwares would give it
- Jul 22, 2014
- 2,525
Luckily memory still serves...
Below GT500 (Emsi employee) answer:
"Currently the Behavior Blocker doesn't check an application until it attempts to do something that could be malicious. This is done for performance reasons, as checking every application each time they launch causes delays in launching programs, and can even cause some programs to crash or behave strangely.
When our software does monitor some sort of suspicious behavior from a running application, it attempts to prevent the behavior until the safety of the application can be verified, either by our Anti-Malware Network or by the user. "
Below GT500 (Emsi employee) answer:
"Currently the Behavior Blocker doesn't check an application until it attempts to do something that could be malicious. This is done for performance reasons, as checking every application each time they launch causes delays in launching programs, and can even cause some programs to crash or behave strangely.
When our software does monitor some sort of suspicious behavior from a running application, it attempts to prevent the behavior until the safety of the application can be verified, either by our Anti-Malware Network or by the user. "
Similar threads
