App Review How Secure Are You? Testing Windows Defender Against Ransomware! (Shocking Results?) | 2024 [TESTED]

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,591
Bitdefender ATD and Kaspersky SW - I consider them the most effectiv based on detections, FPs etc.

Kaspersky SW is not entirely local and it cooperates with other AV modules.
Using the BSS (Behavior Stream Signatures) module, System Watcher can independently make decisions as to whether a program is malicious based on the data it analyzes. In addition, Kaspersky Lab’s security products include a mechanism whereby the module continually exchanges information with other components – the web antivirus module, the IM Antivirus, the Host Intrusion Prevention System and the firewall. As a result, the security solution delivers better overall detection of malware and security policy breaches, and is better at identifying the sequences of events which lead up to such incidents
https://content.kaspersky-labs.com/se/media/pdf/Kaspersky_Lab_Whitepaper_System_Watcher_ENG.pdf


Bitdefender ATD is behavior monitoring + advanced heuristics. I did not find any information that it is entirely local.
https://www.bitdefender.com/consume...yv4GgruN0iQxutM66vjJyFVkB8a7O8n0Q22e10yu2wGpX

Anyway, Microsoft Defender works kinda similar. It has local behavior monitoring + local heuristics that can block most malware. But, from available tests, it follows that it works as a first defense layer. When the local modules cannot decide if the suspicious file is malicious, Defender can suspend the file execution (up to one minute, but the default delay is up to 10 seconds) and use the cloud backend for confirmation. The cloud backend uses advanced behavior-based modules trained by machine learning. It can also use sandbox, but it is not clear if this feature is available on Windows Home.
Additionally, one can activate ASR rules that mainly work locally as a special behavior blocker related to exploit and post-exploitation prevention (Microsoft applications, Adobe Acrobat Reader, ransomware-specific methods, etc.).
One ASR rule related to 0-day malware prevention depends on the cloud backend.
 
Last edited:

likeastar20

Level 9
Verified
Mar 24, 2016
423
Kaspersky SW is not entirely local and it cooperates with other AV modules.

https://content.kaspersky-labs.com/se/media/pdf/Kaspersky_Lab_Whitepaper_System_Watcher_ENG.pdf


Bitdefender ATD is behavior monitoring + advanced heuristics. I did not find any information that it is entirely local.
https://www.bitdefender.com/consume...yv4GgruN0iQxutM66vjJyFVkB8a7O8n0Q22e10yu2wGpX

Anyway, Microsoft Defender works kinda similar. It has local behavior monitoring + local heuristics that can block most malware. But, from available tests, it follows that it works as a first defense layer. When the local modules cannot decide if the suspicious file is malicious, Defender can suspend the file execution (up to one minute, but the default delay is up to 10 seconds) and use the cloud backend for confirmation. The cloud backend uses advanced behavior-based modules trained by machine learning. It can also use sandbox, but it is not clear if this feature is available on Windows Home.
Additionally, one can activate ASR rules that mainly work locally as a special behavior blocker related to exploit and post-exploitation prevention (Microsoft applications, Adobe Acrobat Reader, ransomware-specific methods, etc.).
One ASR rule related to 0-day malware prevention depends on the cloud backend.
How would the detection (name) appear when Defender BB detects a file based on local behavior+local heuristics? Is there any information given to the user that this module is the one that detected the file?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top