Advice Request Is Emsisoft really so impressive?

Please provide comments and solutions that are helpful to the author of this topic.

Bumblebee Uncle

Level 3
Well-known
Mar 15, 2022
108
Interesting thread on Emsisoft security. I can only say as a CISO and a person who tests such solutions.

Well, Emsisoft has been in our tests for a long time - the business version, which is similar to the home version. We will soon publish results from red-teaming attacks and telemetry visibility for EDR-XDR in the admin console. I can't add anything before the PDF report is published. Personally, I find the Emsisoft console very clean and readable, easy to search quickly for threat information and security of the entire network. Unfortunately, not all EDR-XDR-class products are as administrator-friendly. Emsisoft may not be as good at the complex security environment: backup, office 365, agentless protection for VM etc.

I think BB protection is very good. For a 1-2 week we'll publish the results from the Advanced In The Wild Malware Test's year-long summary. Emsisoft blocked in total and without error more than 10,000 known malware samples and quite a few unknown 0-day files.
I am definitely intrigued with the results regarding telemetry visibility. I will be eagerly waiting for the results! Thank you for your work Adrian.
 

Andrezj

Level 6
Nov 21, 2022
248
I was surfing Reddit and found this post.



Since Emsisoft has not been tested and compared in recent AV Comparatives report, what do you think - is Emsisoft really that good as a standalone internet security for PC protection, better than Kaspersky, Eset, etc.?
there is only so many things that a malicious process can perform, and that has not changed over the years
the emsisoft behavior blocker (mamutu) was tuned all those years ago and still gets it right
there have been refinements to it over the years to be sure

how many people set the behavior blocker to "notify always"?
it is never tested by any lab in that configuration
the test outcomes will be much different on the side of emsisoft

Emsisoft may not be as good at the complex security environment: backup, office 365, agentless protection for VM etc.
do you mean the monitoring\reporting\edr-xdr or the protection capabilities?
 

zkSnark

Level 5
Thread author
Verified
Well-known
Jan 13, 2019
204
Interesting thread on Emsisoft security. I can only say as a CISO and a person who tests such solutions.

Well, Emsisoft has been in our tests for a long time - the business version, which is similar to the home version. We will soon publish results from red-teaming attacks and telemetry visibility for EDR-XDR in the admin console. I can't add anything before the PDF report is published. Personally, I find the Emsisoft console very clean and readable, easy to search quickly for threat information and security of the entire network. Unfortunately, not all EDR-XDR-class products are as administrator-friendly. Emsisoft may not be as good at the complex security environment: backup, office 365, agentless protection for VM etc.

I think BB protection is very good. For a 1-2 week we'll publish the results from the Advanced In The Wild Malware Test's year-long summary. Emsisoft blocked in total and without error more than 10,000 known malware samples and quite a few unknown 0-day files.
Waiting for the report to see how it performs against others :unsure:
 

Like a Western!

Level 9
Verified
Well-known
Apr 6, 2016
440
As I see on your computer configuration post, you are also using Emsisoft. So are you in plan to change it sooner to other AVs?
I have no other options beside Dr.Web and Emsisoft so i have to use it
i'd use Bitdefender/F-Secure over Emsisoft if i had the chance, they don't do business with my country due to US Sanctions
 

TheErzengel

Level 2
Verified
Dec 21, 2012
84
For my work I have a Norton license, months ago I won a Fsecure license for 3 years and I also have Emsisoft.

I at least chose Emsisoft in my work for the ease of managing computers and protection. I have Norton on my and my wife's mobile devices.

Fsecure is a license that I have forgotten. It is very good security software, of that I have no doubt.
 

SeriousHoax

Level 48
Verified
Top Poster
Well-known
Mar 16, 2019
3,719
The Emsisoft BB is still based on that old HIPS. The main thing that they have added later is the ability to look for reputation in the cloud and ignore items that are whitelisted. They surely have polished it, added more pre-defined rules, etc but the old HIPS is still there and it's very aggressive. This aggressiveness is the reason why I faced so many false positives with it.

Many AVs BB is like this but some of the top tier products like Bitdefender and Kaspersky have more to it than just ignoring what is trusted by their cloud.

For example one of the main elements of Bitdefender's BB is behavioral profiles. These are machine learning based and also fine-tuned by humans. They monitor the characteristics of everything that runs on the system. When a program does a certain task, they get a score/points. Every characteristic would add or remove points and when certain points are reached, the program will be deemed malicious. Let's assume if the score is 90/100 then it will be stopped and the system modifications done by it will be reversed. Avast also works similarly. When Bitdefender's BB detects something, you're likely to see it showing "SuspiciousBehavior.********". Those random words are one of many ML based behavioral profiles.

Kaspersky's engine is apparently mainly math based without argument and Application Control aka Intrusion Prevention treats every item individually. Trust is assigned to each object, script, instead of the script interpreter. In theory and often in practice, their method is more failure-proof than some others.

Anyway, this is just one aspect. There are many other protection components. Most products have script emulators, in product sandboxing, local & cloud ML models etc. like BD, Avast, ESET, Kaspersky, MD, Norton have them. Don't know if Emsisoft has them. Let me know if anyone has the answer.

Do you know AVs like Norton even give your system a score? It's based on your behavior. If you almost never come in contact with malware you'll have a more favorable score and AVs may take certain actions and optimize itself accordingly. Norton's old blog post/changelog talked about it briefly.
Surely many other AVs also take this approach but they don't disclose it. Trend Micro for example would block anything unknown if it detects multiple malware on your system in a short period of time. Which is why it's not easy to test Trend Micro.
I believe Bitdefender's photon technology also has some similarities to Norton's scoring system. It's a patented tech that makes BD optimize itself differently on each system based on the user's behavior and usage pattern. Bitdefender has a hefty engine and quite a few BD-based products have/had more or less performance issues with it eg: formerly F-Secure and G-Data which uses it still now. Bitdefender has photon while others don't which could be one of the reasons. I'm just guessing here.

Emsisoft's Behavior Blocker's notifications are a giveaway that the base is still the old HIPS and might not be as advanced as many of its competitors. I'm sure you could find many samples that would not bypass even older Emsisoft because certain methods used by the malware were already a pre-defined HIPS rules back in the day.
But It's not a surprise because their user base is much lower, revenue is lower and probably don't have enough to invest like Bitdefender, Kaspersky, Avast, Trend Micro, Microsoft, etc.

So to answer your question, no Emsisoft is not too impressive or too strong. Any product can be too strong if they want but that would kill the user experience.
One more point that I would say is that IMO based on overall protection, user experience and performance impact, Bitdefender is the best AV using the Bitdefender engine.
 
Last edited:

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,713
Anyone know what happened to the BB revamp? Did it happened?

 

oldschool

Level 83
Verified
Top Poster
Well-known
Mar 29, 2018
7,283
Do you know AVs like Norton even give your system a score? It's based on your behavior. If you almost never come in contact with malware you'll have a more favorable score and AVs may take certain actions and optimize itself accordingly. Norton's old blog post/changelog talked about it briefly.
Does this sounds like something that Windows SAC may be doing? 🤔Just wondering out loud.

I might add that your post was quite detailed and informative. (y)(y)
 

Andrezj

Level 6
Nov 21, 2022
248
Anyone know what happened to the BB revamp? Did it happened?

the way emsisoft does things it was completed probably within months of that post by fabian wosar
not sure if it was documented though, perhaps in change log or somewhere within the old emsisoft support forum? (although there is no web archive of the old emsi support forum)
 

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
I don't understand too much the term "Impressive" here, no offense intended, but what is sure, is that EAM is a well matured product. It does what it was designed for, killing malware. Easy to use, efficient and really cheap, for such a good product.
Some people want something more...an antivirus or antimalware that talks to them, cook their food, smile to them, cry with them, drive their car, feed their dogs...this is the real problem.
 
Last edited:

ichito

Level 11
Verified
Top Poster
Content Creator
Well-known
Dec 12, 2013
541
The Emsisoft BB is still based on that old HIPS. The main thing that they have added later is the ability to look for reputation in the cloud and ignore items that are whitelisted. They surely have polished it, added more pre-defined rules, etc but the old HIPS is still there and it's very aggressive. This aggressiveness is the reason why I faced so many false positives with it.
Emsisoft's inbuilt BB is based on formerly well-known standalone Mamutu that has actually nothing to HIPS. It's behaviour was based on the predefined list of monitored action and nothing more. No possibility to make granular rules for single process comparing to earlier acquired and than abandoned Online Armor. As I remember Mamutu offered option of connecting to community to get rank of reputation of suspicious process and online database Emsisoft A-MN that was something like prototype of cloud.
Some parts of OA and Mamutu technologies been incorporated to EA-M but I don't know how they are currently working.
 

Jengo

Level 9
Well-known
Nov 9, 2022
436
The Emsisoft BB is still based on that old HIPS. The main thing that they have added later is the ability to look for reputation in the cloud and ignore items that are whitelisted. They surely have polished it, added more pre-defined rules, etc but the old HIPS is still there and it's very aggressive. This aggressiveness is the reason why I faced so many false positives with it.

Many AVs BB is like this but some of the top tier products like Bitdefender and Kaspersky have more to it than just ignoring what is trusted by their cloud.

For example one of the main elements of Bitdefender's BB is behavioral profiles. These are machine learning based and also fine-tuned by humans. They monitor the characteristics of everything that runs on the system. When a program does a certain task, they get a score/points. Every characteristic would add or remove points and when certain points are reached, the program will be deemed malicious. Let's assume if the score is 90/100 then it will be stopped and the system modifications done by it will be reversed. Avast also works similarly. When Bitdefender's BB detects something, you're likely to see it showing "SuspiciousBehavior.********". Those random words are one of many ML based behavioral profiles.

Kaspersky's engine is apparently mainly math based without argument and Application Control aka Intrusion Prevention treats every item individually. Trust is assigned to each object, script, instead of the script interpreter. In theory and often in practice, their method is more failure-proof than some others.

Anyway, this is just one aspect. There are many other protection components. Most products have script emulators, in product sandboxing, local & cloud ML models etc. like BD, Avast, ESET, Kaspersky, MD, Norton have them. Don't know if Emsisoft has them. Let me know if anyone has the answer.

Do you know AVs like Norton even give your system a score? It's based on your behavior. If you almost never come in contact with malware you'll have a more favorable score and AVs may take certain actions and optimize itself accordingly. Norton's old blog post/changelog talked about it briefly.
Surely many other AVs also take this approach but they don't disclose it. Trend Micro for example would block anything unknown if it detects multiple malware on your system in a short period of time. Which is why it's not easy to test Trend Micro.
I believe Bitdefender's photon technology also has some similarities to Norton's scoring system. It's a patented tech that makes BD optimize itself differently on each system based on the user's behavior and usage pattern. Bitdefender has a hefty engine and quite a few BD-based products have/had more or less performance issues with it eg: formerly F-Secure and G-Data which uses it still now. Bitdefender has photon while others don't which could be one of the reasons. I'm just guessing here.

Emsisoft's Behavior Blocker's notifications are a giveaway that the base is still the old HIPS and might not be as advanced as many of its competitors. I'm sure you could find many samples that would not bypass even older Emsisoft because certain methods used by the malware were already a pre-defined HIPS rules back in the day.
But It's not a surprise because their user base is much lower, revenue is lower and probably don't have enough to invest like Bitdefender, Kaspersky, Avast, Trend Micro, Microsoft, etc.

So to answer your question, no Emsisoft is not too impressive or too strong. Any product can be too strong if they want but that would kill the user experience.
One more point that I would say is that IMO based on overall protection, user experience and performance impact, Bitdefender is the best AV using the Bitdefender engine.
Bitdefender is good, the support is the lacking part. They claim to have the " best " support, but as soon when a question or bug is too difficult they keep quiet.
For example, promoting Parental Control, there is a bug in it, the bug is the PC does not actively monitor the apps and hours the child uses on the phone.
So the PC app is useless imo. I brought this to their attention and the only one who replied me was a normal customer , telling me to go to the chat.
In the chat the very cool answer : Not on our priority list. Well if its not then remove the whole option and stop advertising.
 

zkSnark

Level 5
Thread author
Verified
Well-known
Jan 13, 2019
204


Wow. 👀

As mentioned below, "Since Bitdefender, ESET, F-Secure, Kaspersky and G-Data didn't participate in all test editions, so were ineligible for the award......".

Curious to know if they had participated in all test editions, maybe the result would have been different.
 

Jengo

Level 9
Well-known
Nov 9, 2022
436
Bitdefender is good, the support is the lacking part. They claim to have the " best " support, but as soon when a question or bug is too difficult they keep quiet.
For example, promoting Parental Control, there is a bug in it, the bug is the PC does not actively monitor the apps and hours the child uses on the phone.
So the PC app is useless imo. I brought this to their attention and the only one who replied me was a normal customer , telling me to go to the chat.
In the chat the very cool answer : Not on our priority list. Well if its not then remove the whole option and stop advertising.
And they fixed the bug..... so finally.
 

Dhruv2193

Level 10
Verified
Well-known
Nov 7, 2016
468
One thing i really like about Emsisoft when compared with KIS is its threat handling- it automatically quarantines the threat and does not ask for user action. KIS is also excellent but for veey few 1% threats, it does ask for user action like disninfection/resolve even after the automatic option selected in settings. Also, for very few threats, it takes 15-20 minutes to resolve the threat.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top