App Review Kaspersky Antivirus 2017 System Watcher Test (Impressive results!)

[RejZoR]

I'm on a testing spree today. After huge disappointment from Comodo, I've remembered Kaspersky which had amazing results with their PDM (Proactive Defense Module) years ago. And let me just say Kaspersky hasn't disappointed this time around either. It just shows Kaspersky employs one of the top software and security engineers in this field, scoring 100% protection from malware using nothing but behavior blocker. Granted, it missed few adware samples, but you can't really detect rather harmless adware based on behavior if it's not behaving like a bad program. Program has to actually try to delete your files, encrypt them or try to modify them in order to trigger behavior blockers. This was expected outcome which doesn't really tarnish Kaspersky's final score. It's safe to say Kaspersky just set a new standard for the rest. The new AVG/avast! BETA following second best so far. Really impressive results from Kaspersky!

 

[razorfancy]

Can please you test Eset Hips?

 

[RejZoR]

Can please you test Eset Hips?

If their HIPS can be used independently of the regular real-time file protection, I most certainly can and will. If this is possible, I might even test it tomorrow already. I was a huge fan of NOD32 back in the v2.0 days, but after release of 3.0 I never actually paid much attention to it. Might be a good time to revisit it again

 

[Evjl's Rain]

great result from kaspersky
I think KAV did extra well in this test probably because KSN was still enabled, sorry I didn't see it in the video
with KSN on, some signature signatures are applied and it's for determination of the file reputation. It's a big plus
great test. thank you for this

 

[TheMalwareMaster]

Great result and great test! Yeah, KSN was on. I saw a notification from that

 

[RejZoR]

Yes, I left KSN enabled. I don't think it skewed the results too much if at all. During test, it behaved very similar to PDM from years ago when they had no KSN network. If they can utilize KSN on the fly to aid behavior detection, then even better. That means they have a very flexible behavior blocker which would kinda go in line with how effective SystemWatcher is.

 

[giulia]

hi really impressive
sadly is one of the most slow antivirus according to Independent Tests of Anti-Virus Software - AV-Comparatives

thanks

 

[RejZoR]

hi really impressive
sadly is one of the most slow antivirus according to Independent Tests of Anti-Virus Software - AV-Comparatives

thanks

I disagree. If you look at the report, performance figures are in line with everyone else. Only time it has a performance hit is during installation/uninstallation of apps and launching of apps. My guess would be, the reason for this is System Watcher. Those are the scenarios when System Watcher has to monitor a lot of things for their potentially malicious behavior, creating performance hit. Considering the efficiency of it, I'd say it's a performance hit I'd be willing to forgive any time. These two scenarios also usually mean recognition of yet unknown new files before caching mechanisms kick in. Meaning, you won't even see this performance hit once file has been considered as clean and cached by those mechanisms. It's how avast! always scored rather poorly in performance tests for new files and yet on my system it has been one of the lightest AV's of all times.

 

[giulia]

I disagree. If you look at the report, performance figures are in line with everyone else. Only time it has a performance hit is during installation/uninstallation of apps and launching of apps. My guess would be, the reason for this is System Watcher. Those are the scenarios when System Watcher has to monitor a lot of things for their potentially malicious behavior, creating performance hit. Considering the efficiency of it, I'd say it's a performance hit I'd be willing to forgive any time. These two scenarios also usually mean recognition of yet unknown new files before caching mechanisms kick in. Meaning, you won't even see this performance hit once file has been considered as clean and cached by those mechanisms. It's how avast! always scored rather poorly in performance tests for new files and yet on my system it has been one of the lightest AV's of all times.

hi
in the past i have used kaspersky and it was slow
i have found even 1.29 to run it under w98se , it was slow too
i mean kaspersky was always slow ,but the king or one of them in the malware/virus detection

 

[shmu26]

a lot of these slowness issues are because of other security software that is present on the system. So it is an unpredictable thing. It depends on your OS and your other security software and on other factors as well. You can only know by trying.

 

[giulia]

a lot of these slowness issues are because of other security software that is present on the system. So it is an unpredictable thing. It depends on your OS and your other security software and on other factors as well. You can only know by trying.

hi
i agree , i have tried on new powerfull machine ,new and very powerfull and there is a lag when i run a program like photoshop or other heavy program , eset for example it's so fast that even on a old machine you can't perceive the presence of the anti virus

obviously , the most important thing is the detection rate!

may i know what antivirus do you use? i read default - deny
thanks

 

[jamescv7]

Well nowadays many security companies like Kaspersky goes on efficiency, reliability and practicality.

Creating BB alone without reference will take very long time to perfect it. More on AI instead.

Nevertheless Kaspersky created a magnificent result.

 

[RejZoR]

I've been praising behavior blockers since I've first met CyberHawk. It was a standalone behavior blocker from several years ago which had absolutely amazing results without using any signatures. It was then acquired by PCTools and re-released as ThreatFire, showcasing similar amazing results. Then Symantec acquired PCTools and everything just disappeared and they kinda merged the tech with today's SONAR which is also based on some other 3rd party behavior blocker acquired by Symantec. And that's how my story started with admiration of behavior blockers. Heuristics were interesting, but they are too easy to bypass where behavior blocker can encounter heavily obfuscated binary and it wouldn't give two farts about it, because it only cares about what that program does to the system. Later, Kaspersky showcased their PDM or Proactive Defense Module which was super effective. And so was BitDefender's Active Virus Control which is now Active Threat Control. Really advanced stuff. The AVG's Identity Protection was also a stand alone 3rd party behavior blocker which got acquired by AVG years ago and incorporated in their antivirus. And over the years, they apparently evolved it very far because it's really effective.

Only Comodo really was a total disappointment. Not only their behavior blocker only works well inside their Auto-Sandbox (it has a quite significant performance hit when used globally) which kinda defeats its purpose and secondly, despite all the time they offer it, it's really not much effective, only blocking few ransomware programs, but allowing all the general malware even though competition detects it consistently.

DrWeb Katana was also a bit of disappointment. I haven't tested it myself, but I've watched videos and from the looks of it, it seems rather dumb behavior blocker, more in line of intelligent HIPS than a good behavior blocker. Which is not necessarily bad, it's just not as precise and convenient tot he user as behavior blockers which are quiet on legit apps, but they detect huge amount of malware. False positives are very rare with behavior blockers.

 

[509322]

DrWeb Katana was also a bit of disappointment. I haven't tested it myself, but I've watched videos and from the looks of it, it seems rather dumb behavior blocker, more in line of intelligent HIPS than a good behavior blocker. Which is not necessarily bad, it's just not as precise and convenient tot he user as behavior blockers which are quiet on legit apps, but they detect huge amount of malware. False positives are very rare with behavior blockers.

Katana just denies access or restricts process actions based upon user-defined settings.

 

[MalwareBlockerYT]

I expected good result from Kaspersky When I tested it, it also did well & the same goes for other Youtubers who have tested the product. I am using KIS 2017 on my host & yes it is one of the slowest AVs available sadly..

KIS has very very slow scan speeds - Custom & Full System scans take ages - their Full System Scan can take over 12 hours to complete... It also uses lots of RAM & CPU.

 

[harlan4096]

"Full scans" are overrated... ages I don't even try to run a "Full Scan" in my systems...

Personally what I usually do is to add to "Quick San" some very known system folders where malware usually attacks...

 

[MalwareBlockerYT]

"Full scans" are overrated... ages I don't even try to run a "Full Scan" in my systems...

Personally what I usually do is to add to "Quick San" some very known system folders where malware usually attacks...

Same but really you should do Full Scans every once in a while just to check.

 

[RejZoR]

I only run full scan when I install AV. Then I leave it to real-time scanner. It's why they exist in the first place.

 

[Evjl's Rain]

Same but really you should do Full Scans every once in a while just to check.

we have zemana or EEK so why do we have to use kaspersky to scan )
surely zemana has higher detection rate and much faster speed

 

[MalwareBlockerYT]

we have zemana or EEK so why do we have to use kaspersky to scan )
surely zemana has higher detection rate and much faster speed

True Zemana & EEK both have really fast scan speeds but I do have Kaspersky's Quick Scan as a scheduled scan on my PC. Zemana probably has a similar detection rate to KIS.