App Review How Secure Are You? Testing Windows Defender Against Ransomware! (Shocking Results?) | 2024 [TESTED]

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
https://www.youtube.com/@nbinfotech
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,458
likeastar20 said:
Bitdefender ATD and Kaspersky SW - I consider them the most effectiv based on detections, FPs etc.
Click to expand...

Kaspersky SW is not entirely local and it cooperates with other AV modules.
Using the BSS (Behavior Stream Signatures) module, System Watcher can independently make decisions as to whether a program is malicious based on the data it analyzes. In addition, Kaspersky Lab’s security products include a mechanism whereby the module continually exchanges information with other components – the web antivirus module, the IM Antivirus, the Host Intrusion Prevention System and the firewall. As a result, the security solution delivers better overall detection of malware and security policy breaches, and is better at identifying the sequences of events which lead up to such incidents
Click to expand...
https://content.kaspersky-labs.com/se/media/pdf/Kaspersky_Lab_Whitepaper_System_Watcher_ENG.pdf


Bitdefender ATD is behavior monitoring + advanced heuristics. I did not find any information that it is entirely local.
https://www.bitdefender.com/consume...yv4GgruN0iQxutM66vjJyFVkB8a7O8n0Q22e10yu2wGpX

Anyway, Microsoft Defender works kinda similar. It has local behavior monitoring + local heuristics that can block most malware. But, from available tests, it follows that it works as a first defense layer. When the local modules cannot decide if the suspicious file is malicious, Defender can suspend the file execution (up to one minute, but the default delay is up to 10 seconds) and use the cloud backend for confirmation. The cloud backend uses advanced behavior-based modules trained by machine learning. It can also use sandbox, but it is not clear if this feature is available on Windows Home.
Additionally, one can activate ASR rules that mainly work locally as a special behavior blocker related to exploit and post-exploitation prevention (Microsoft applications, Adobe Acrobat Reader, ransomware-specific methods, etc.).
One ASR rule related to 0-day malware prevention depends on the cloud backend.
 
Last edited:
  • +Reputation
Reactions: Miravi, simmerskool, oldschool and 1 other person
L

likeastar20

Level 9
Verified
Mar 24, 2016
419
Andy Ful said:
Kaspersky SW is not entirely local and it cooperates with other AV modules.

https://content.kaspersky-labs.com/se/media/pdf/Kaspersky_Lab_Whitepaper_System_Watcher_ENG.pdf


Bitdefender ATD is behavior monitoring + advanced heuristics. I did not find any information that it is entirely local.
https://www.bitdefender.com/consume...yv4GgruN0iQxutM66vjJyFVkB8a7O8n0Q22e10yu2wGpX

Anyway, Microsoft Defender works kinda similar. It has local behavior monitoring + local heuristics that can block most malware. But, from available tests, it follows that it works as a first defense layer. When the local modules cannot decide if the suspicious file is malicious, Defender can suspend the file execution (up to one minute, but the default delay is up to 10 seconds) and use the cloud backend for confirmation. The cloud backend uses advanced behavior-based modules trained by machine learning. It can also use sandbox, but it is not clear if this feature is available on Windows Home.
Additionally, one can activate ASR rules that mainly work locally as a special behavior blocker related to exploit and post-exploitation prevention (Microsoft applications, Adobe Acrobat Reader, ransomware-specific methods, etc.).
One ASR rule related to 0-day malware prevention depends on the cloud backend.
Click to expand...
How would the detection (name) appear when Defender BB detects a file based on local behavior+local heuristics? Is there any information given to the user that this module is the one that detected the file?
 
  • Like
Reactions: Andy Ful, simmerskool and oldschool

Similar threads

NB InfoTech
    • Like
App Review PC Matic Home Review | PC Matic Home Security Antivirus vs Ransomware | 2024
Replies
4
Views
724
Video Reviews - Security and Privacy
Dave Russo
Dave Russo
NB InfoTech
    • Like
App Review Trend Micro Maximum Security Antivirus Review | Trend Micro vs Ransomware Test | [TESTED]
Replies
1
Views
714
Video Reviews - Security and Privacy
Bot
Bot
NB InfoTech
App Review ESET Antivirus vs Malwarebytes Antivirus | Ransomware vs ESET VS Malwarebytes vs Ransomware | 2024 [TESTED]
Replies
1
Views
731
Video Reviews - Security and Privacy
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top