- Mar 15, 2022
- 108
I am definitely intrigued with the results regarding telemetry visibility. I will be eagerly waiting for the results! Thank you for your work Adrian.
Is Emsisoft really so impressive?
- Thread starter zkSnark
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
Andrezj
Level 6
- Nov 21, 2022
- 248
there is only so many things that a malicious process can perform, and that has not changed over the years
the emsisoft behavior blocker (mamutu) was tuned all those years ago and still gets it right
there have been refinements to it over the years to be sure
how many people set the behavior blocker to "notify always"?
it is never tested by any lab in that configuration
the test outcomes will be much different on the side of emsisoft
do you mean the monitoring\reporting\edr-xdr or the protection capabilities?
- Apr 9, 2018
- 182
Indeed. Thank you for your interest. Be patient!
- Jan 13, 2019
- 203
Waiting for the report to see how it performs against others
- Sep 2, 2021
- 2,306
- Dec 21, 2017
- 478
I am using Emsisoft Enterprise, i think it's great!
- Apr 6, 2016
- 440
I have no other options beside Dr.Web and Emsisoft so i have to use it
i'd use Bitdefender/F-Secure over Emsisoft if i had the chance, they don't do business with my country due to US Sanctions
- May 4, 2018
- 2,261
Maybe this is one software I need to try out at some point and see what is it like and give feedback in relevant posts!
~LDogg
~LDogg
- Dec 21, 2012
- 84
For my work I have a Norton license, months ago I won a Fsecure license for 3 years and I also have Emsisoft.
I at least chose Emsisoft in my work for the ease of managing computers and protection. I have Norton on my and my wife's mobile devices.
Fsecure is a license that I have forgotten. It is very good security software, of that I have no doubt.
I at least chose Emsisoft in my work for the ease of managing computers and protection. I have Norton on my and my wife's mobile devices.
Fsecure is a license that I have forgotten. It is very good security software, of that I have no doubt.
- Mar 16, 2019
- 3,635
The Emsisoft BB is still based on that old HIPS. The main thing that they have added later is the ability to look for reputation in the cloud and ignore items that are whitelisted. They surely have polished it, added more pre-defined rules, etc but the old HIPS is still there and it's very aggressive. This aggressiveness is the reason why I faced so many false positives with it.
Many AVs BB is like this but some of the top tier products like Bitdefender and Kaspersky have more to it than just ignoring what is trusted by their cloud.
For example one of the main elements of Bitdefender's BB is behavioral profiles. These are machine learning based and also fine-tuned by humans. They monitor the characteristics of everything that runs on the system. When a program does a certain task, they get a score/points. Every characteristic would add or remove points and when certain points are reached, the program will be deemed malicious. Let's assume if the score is 90/100 then it will be stopped and the system modifications done by it will be reversed. Avast also works similarly. When Bitdefender's BB detects something, you're likely to see it showing "SuspiciousBehavior.********". Those random words are one of many ML based behavioral profiles.
Kaspersky's engine is apparently mainly math based without argument and Application Control aka Intrusion Prevention treats every item individually. Trust is assigned to each object, script, instead of the script interpreter. In theory and often in practice, their method is more failure-proof than some others.
Anyway, this is just one aspect. There are many other protection components. Most products have script emulators, in product sandboxing, local & cloud ML models etc. like BD, Avast, ESET, Kaspersky, MD, Norton have them. Don't know if Emsisoft has them. Let me know if anyone has the answer.
Do you know AVs like Norton even give your system a score? It's based on your behavior. If you almost never come in contact with malware you'll have a more favorable score and AVs may take certain actions and optimize itself accordingly. Norton's old blog post/changelog talked about it briefly.
Surely many other AVs also take this approach but they don't disclose it. Trend Micro for example would block anything unknown if it detects multiple malware on your system in a short period of time. Which is why it's not easy to test Trend Micro.
I believe Bitdefender's photon technology also has some similarities to Norton's scoring system. It's a patented tech that makes BD optimize itself differently on each system based on the user's behavior and usage pattern. Bitdefender has a hefty engine and quite a few BD-based products have/had more or less performance issues with it eg: formerly F-Secure and G-Data which uses it still now. Bitdefender has photon while others don't which could be one of the reasons. I'm just guessing here.
Emsisoft's Behavior Blocker's notifications are a giveaway that the base is still the old HIPS and might not be as advanced as many of its competitors. I'm sure you could find many samples that would not bypass even older Emsisoft because certain methods used by the malware were already a pre-defined HIPS rules back in the day.
But It's not a surprise because their user base is much lower, revenue is lower and probably don't have enough to invest like Bitdefender, Kaspersky, Avast, Trend Micro, Microsoft, etc.
So to answer your question, no Emsisoft is not too impressive or too strong. Any product can be too strong if they want but that would kill the user experience.
One more point that I would say is that IMO based on overall protection, user experience and performance impact, Bitdefender is the best AV using the Bitdefender engine.
Many AVs BB is like this but some of the top tier products like Bitdefender and Kaspersky have more to it than just ignoring what is trusted by their cloud.
For example one of the main elements of Bitdefender's BB is behavioral profiles. These are machine learning based and also fine-tuned by humans. They monitor the characteristics of everything that runs on the system. When a program does a certain task, they get a score/points. Every characteristic would add or remove points and when certain points are reached, the program will be deemed malicious. Let's assume if the score is 90/100 then it will be stopped and the system modifications done by it will be reversed. Avast also works similarly. When Bitdefender's BB detects something, you're likely to see it showing "SuspiciousBehavior.********". Those random words are one of many ML based behavioral profiles.
Kaspersky's engine is apparently mainly math based without argument and Application Control aka Intrusion Prevention treats every item individually. Trust is assigned to each object, script, instead of the script interpreter. In theory and often in practice, their method is more failure-proof than some others.
Anyway, this is just one aspect. There are many other protection components. Most products have script emulators, in product sandboxing, local & cloud ML models etc. like BD, Avast, ESET, Kaspersky, MD, Norton have them. Don't know if Emsisoft has them. Let me know if anyone has the answer.
Do you know AVs like Norton even give your system a score? It's based on your behavior. If you almost never come in contact with malware you'll have a more favorable score and AVs may take certain actions and optimize itself accordingly. Norton's old blog post/changelog talked about it briefly.
Surely many other AVs also take this approach but they don't disclose it. Trend Micro for example would block anything unknown if it detects multiple malware on your system in a short period of time. Which is why it's not easy to test Trend Micro.
I believe Bitdefender's photon technology also has some similarities to Norton's scoring system. It's a patented tech that makes BD optimize itself differently on each system based on the user's behavior and usage pattern. Bitdefender has a hefty engine and quite a few BD-based products have/had more or less performance issues with it eg: formerly F-Secure and G-Data which uses it still now. Bitdefender has photon while others don't which could be one of the reasons. I'm just guessing here.
Emsisoft's Behavior Blocker's notifications are a giveaway that the base is still the old HIPS and might not be as advanced as many of its competitors. I'm sure you could find many samples that would not bypass even older Emsisoft because certain methods used by the malware were already a pre-defined HIPS rules back in the day.
But It's not a surprise because their user base is much lower, revenue is lower and probably don't have enough to invest like Bitdefender, Kaspersky, Avast, Trend Micro, Microsoft, etc.
So to answer your question, no Emsisoft is not too impressive or too strong. Any product can be too strong if they want but that would kill the user experience.
One more point that I would say is that IMO based on overall protection, user experience and performance impact, Bitdefender is the best AV using the Bitdefender engine.
Last edited:
Anyone know what happened to the BB revamp? Did it happened?
malwaretips.com
Emsisoft 2019.2: Preparing for a big leap
This month’s release comes with mostly minor visible improvements such as improved support of high DPI displays, as our developers spent most of their time on preparing the next major step in Emsisoft’s protection software development. We are planning on launching the public beta testing...
malwaretips.com
- Mar 29, 2018
- 7,111
Does this sounds like something that Windows SAC may be doing?
Just wondering out loud.I might add that your post was quite detailed and informative.
Andrezj
Level 6
- Nov 21, 2022
- 248
the way emsisoft does things it was completed probably within months of that post by fabian wosarAnyone know what happened to the BB revamp? Did it happened?
Emsisoft 2019.2: Preparing for a big leap
This month’s release comes with mostly minor visible improvements such as improved support of high DPI displays, as our developers spent most of their time on preparing the next major step in Emsisoft’s protection software development. We are planning on launching the public beta testing...
not sure if it was documented though, perhaps in change log or somewhere within the old emsisoft support forum? (although there is no web archive of the old emsi support forum)
- Jul 13, 2014
- 766
I don't understand too much the term "Impressive" here, no offense intended, but what is sure, is that EAM is a well matured product. It does what it was designed for, killing malware. Easy to use, efficient and really cheap, for such a good product.
Some people want something more...an antivirus or antimalware that talks to them, cook their food, smile to them, cry with them, drive their car, feed their dogs...this is the real problem.
Some people want something more...an antivirus or antimalware that talks to them, cook their food, smile to them, cry with them, drive their car, feed their dogs...this is the real problem.
Last edited:
- Dec 12, 2013
- 541
Emsisoft's inbuilt BB is based on formerly well-known standalone Mamutu that has actually nothing to HIPS. It's behaviour was based on the predefined list of monitored action and nothing more. No possibility to make granular rules for single process comparing to earlier acquired and than abandoned Online Armor. As I remember Mamutu offered option of connecting to community to get rank of reputation of suspicious process and online database Emsisoft A-MN that was something like prototype of cloud.
Some parts of OA and Mamutu technologies been incorporated to EA-M but I don't know how they are currently working.
- Nov 9, 2022
- 282
Bitdefender is good, the support is the lacking part. They claim to have the " best " support, but as soon when a question or bug is too difficult they keep quiet.
For example, promoting Parental Control, there is a bug in it, the bug is the PC does not actively monitor the apps and hours the child uses on the phone.
So the PC app is useless imo. I brought this to their attention and the only one who replied me was a normal customer , telling me to go to the chat.
In the chat the very cool answer : Not on our priority list. Well if its not then remove the whole option and stop advertising.
- Jan 13, 2019
- 203
Wow.
As mentioned below, "Since Bitdefender, ESET, F-Secure, Kaspersky and G-Data didn't participate in all test editions, so were ineligible for the award......".
AVLab.pl - Product of the year 2022: a summary of security tests by AVLab
Dear Readers! We have just published a summary of the Advanced In The Wild Malware Test from the entire year 2022. We have awarded products - a special certificate for very good results. This is contingent on two points: Participation in all editions of the Advance In The Wild Malware Test...
malwaretips.com
Curious to know if they had participated in all test editions, maybe the result would have been different.
- Nov 9, 2022
- 282
- Nov 7, 2016
- 468
One thing i really like about Emsisoft when compared with KIS is its threat handling- it automatically quarantines the threat and does not ask for user action. KIS is also excellent but for veey few 1% threats, it does ask for user action like disninfection/resolve even after the automatic option selected in settings. Also, for very few threats, it takes 15-20 minutes to resolve the threat.
Last edited:
Similar threads
