Advice Request Free Antivirus is Good Enough (5 reasons why)

Please provide comments and solutions that are helpful to the author of this topic.

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
  • Like
Reactions: [correlate]

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
All family devices are running AVG IS which I get for a few bucks from eBay. I have enabled hardened mode. The only issue I am having is PUPs. I have tried to use WD with HC set to high and that was catastrophic; family members were not able to update or restore firmware to iPhone unless I disabled WD’s realtime protection. I am not talking about protection capabilities, I am talking about usability and convenience. I pay to achieve convenience. Regarding the PUPs issue, i run periodic scans with ADWCleaner and EEK.
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
I am talking behavior based, not just decide which programs can access my files.
It has behavior monitoring (not just ATP) but not as good as the big guns.
Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign - Microsoft Security
There's also an ASR rule, "Use advanced protection against ransomware" and I've seen it action once.
1.PNG
Microsoft creates behavioral signatures regularly against all kinds of threats, not just ransomware. Check signature history here:
Anyway, these are off topics so ending it here. More applicable for this thread:
Maybe an admin can move the discussion there.
 
Last edited:

EndangeredPootis

Level 10
Verified
Well-known
Sep 8, 2019
461
It has behavior monitoring (not just ATP) but not as good as the big guns.
Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign - Microsoft Security
There's also an ASR rule, "Use advanced protection against ransomware" and I've seen it action once.
View attachment 248283
Microsoft creates behavioral signatures regularly against all kinds of threats, not just ransomware. Check signature history here:
Anyway, these are off topics so ending it here. More applicable for this thread:
Maybe an admin can move the discussion there.
I am talking about behavior based ransomware protection, not behavior based protection as a whole, and the Use advanced protection against ransomware is awful, it detects everything that touches your files, I tested it once in a VM, I tried using office, the window pop up, but as soon as it does WD pop up with its Your administrator blocked this action and was unable to click anything on office except click the X button.
 
Last edited:
  • Like
Reactions: [correlate]

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
Which app was it blocking? Can you share the details? I'll report that as false positive if you haven't yet.
It did not block anything. We could not restore iPhone firmware (using iTunes) when WD is enabled. Itunes gets stuck at preparing restore message for eternity. Disabling WD’s realtime protection fixes the issue.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
Hi @EndangeredPootis,

Do you know any free AV that has a BB feature only for ransomware? :unsure:
It seems that only WD has something like that (one of ASR rules), although it is not available from Security Center. We can see it working as @SeriousHoax showed in his post:

1.png


After running the file from the "Documents\test" folder (left image), another file is dropped/executed and its suspicious action is blocked by the ASR rule (right window). One can see the name of this rule: "Use advanced protection against ransomware". This rule can be activated on Windows 10 Home via ConfigureDefender or PowerShell. Furthermore, other ASR rules are also good anti-ransomware prevention.

There is also "Ransomware protection" feature available via Security Center (Controlled Folder Acces), but this is not BB, but smart-default-deny access to some folders and system protected disk locations.

WD on default settings and other free AVs can apply (for now) anti-ransomware protection only via deep learning and heuristic-based behavior detections.
 
Last edited:

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
It did not block anything. We could not restore iPhone firmware (using iTunes) when WD is enabled. Itunes gets stuck at preparing restore message for eternity. Disabling WD’s realtime protection fixes the issue.
Did you use the ConfigureDefender Log to see the issue?
It seems that it followed not from ConfigureDefender HIGH preset, but from Controlled Folder Acess which can be activated both via ConfigureDefender or Security Center.

Edit.
Controlled Folder Access (CFA) is not included in ConfigureDefender HIGH preset because it requires to make several exclusions for 3rd party applications (system optimizers, backup software, disk management, document editors, media management, etc.).
 
Last edited:

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
A small friendly neighbourhood polar bear tip! :p Instead of risk turn this thread into a support thread and derail too much, please try use the correct section for software issues.
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
Did you use the ConfigureDefender Log to see the issue?
It seems that it followed not from ConfigureDefender HIGH preset, but from Controlled Folder Acess which can be activated both via ConfigureDefender or Security Center.

Edit.
Controlled Folder Access (CFA) is not included in ConfigureDefender HIGH preset because it requires to make several exclusions for 3rd party applications (system optimizers, backup software, disk management, document editors, media management, etc.).
If it was my personal device, it would have been worth the hassle. It was a family device and they don’t know how to deal with any issues. AVG is working as intended. I am sure a memeber can try to reproduce the issue if they have time.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
A small friendly neighbourhood polar bear tip! :p Instead of risk turn this thread into a support thread and derail too much, please try use the correct section for software issues.
Advice taken. There is already an appropriate thread on MT, e.g.:

How the hell WD works on Windows Home & Pro?

I have summarized there the WD Ransomware Protection and related problems. So, the readers of this thread can decide for themselves if WD free is good enough. (y) :)

 

ChoiceVoice

Level 6
Verified
Oct 10, 2014
280
if you deal with a lot of money online, you need more protection than a solitary free antivirus. i like WD, but it should be stacked with some form of proven banking protection. from all the testing I've seen, WD is eaten alive by zeus and other banking malware. this test is 5 years old, but WD was in the zone then with all the same supporters as it is now. high-end malware like this distinguishes the mice from the men.

 
  • Like
Reactions: oldschool

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630
if you deal with a lot of money online, you need more protection than a solitary free antivirus. i like WD, but it should be stacked with some form of proven banking protection. from all the testing I've seen, WD is eaten alive by zeus and other banking malware. this test is 5 years old, but WD was in the zone then with all the same supporters as it is now. high-end malware like this distinguishes the mice from the men.

Don't link an ancient test result while a more recent one is already available. WD was no way near as good as it's today and its weakness in this types of banking Botnet and Simulator test is known to most MT users by now. Here's a recent online banking test:
 

ChoiceVoice

Level 6
Verified
Oct 10, 2014
280
Don't link an ancient test result while a more recent one is already available. WD was no way near as good as it's today and its weakness in this types of banking Botnet and Simulator test is known to most MT users by now. Here's a recent online banking test:
thank you for the newer test showing WD failing certification and supporting what I said. nothing against it, i love WD. but as i said, if you deal with large sums of money, free should be supported with something extra.
 

monkeylove

Level 10
Verified
Well-known
Mar 9, 2014
489
It's also possible that YMMV. In my case, across several machines at home, sometimes Defender doesn't affect performance and sometimes it does. Sometimes it can block malware and sometimes it can't. When I try to harden it, it may cause more problems which novice users can't understand. Meanwhile, similar problems concerning protection and performance affects third-party AVs.

Meanwhile, the cost can be high for the latter: for several machines, there's usually a promo price for the first year, but it goes up substantially by the second year. And what happens when something is changed in the AV or Windows such that it causes systems to slow down or breaks some apps?

Given that, my strategy has been to stick to free versions of AVs based on performance, system impact, and the least annoyances, and then wait for Defender to improve.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top