- Dec 23, 2014
- 8,591
Bitdefender ATD and Kaspersky SW - I consider them the most effectiv based on detections, FPs etc.
Kaspersky SW is not entirely local and it cooperates with other AV modules.
https://content.kaspersky-labs.com/se/media/pdf/Kaspersky_Lab_Whitepaper_System_Watcher_ENG.pdfUsing the BSS (Behavior Stream Signatures) module, System Watcher can independently make decisions as to whether a program is malicious based on the data it analyzes. In addition, Kaspersky Lab’s security products include a mechanism whereby the module continually exchanges information with other components – the web antivirus module, the IM Antivirus, the Host Intrusion Prevention System and the firewall. As a result, the security solution delivers better overall detection of malware and security policy breaches, and is better at identifying the sequences of events which lead up to such incidents
Bitdefender ATD is behavior monitoring + advanced heuristics. I did not find any information that it is entirely local.
https://www.bitdefender.com/consume...yv4GgruN0iQxutM66vjJyFVkB8a7O8n0Q22e10yu2wGpX
Anyway, Microsoft Defender works kinda similar. It has local behavior monitoring + local heuristics that can block most malware. But, from available tests, it follows that it works as a first defense layer. When the local modules cannot decide if the suspicious file is malicious, Defender can suspend the file execution (up to one minute, but the default delay is up to 10 seconds) and use the cloud backend for confirmation. The cloud backend uses advanced behavior-based modules trained by machine learning. It can also use sandbox, but it is not clear if this feature is available on Windows Home.
Additionally, one can activate ASR rules that mainly work locally as a special behavior blocker related to exploit and post-exploitation prevention (Microsoft applications, Adobe Acrobat Reader, ransomware-specific methods, etc.).
One ASR rule related to 0-day malware prevention depends on the cloud backend.
Last edited: