which product has the best zero-day protection after comodo?
you can list other products
you can list other products
Kaspersky or Emsisoft against Zero-day threats?
- Thread starter carl fish
- Start date
- Feb 13, 2017
- 737
HitmanPro.Alert is the best for sure. Zemana and malwarebytes are also good.
Tough one. Both products have pretty good zero-day protection. Emsisoft's behaviour blocker is top notch and I'd personally say that it beats out Kaspersky in that department. So if we're going purely off zero-day protection I'm gonna go with Emsisoft, but if you were to ask me about overall protection, I'd go with Kaspersky. Throw Norton in there too; their behaviour blocking's pretty damn good too.
Edit: For clarification: As @Wave said, Application Control is good too but I'd personally rather have malware quarantined or terminated than have it running at a restricted level on my system which is why I chose Emsisoft.
Edit: For clarification: As @Wave said, Application Control is good too but I'd personally rather have malware quarantined or terminated than have it running at a restricted level on my system which is why I chose Emsisoft.
Last edited:
Kaspersky because of how Application Control works. Make sure to use the Internet Security version only, otherwise Emsisoft would win over Kaspersky Anti-Virus IMO.
- Apr 28, 2015
- 8,664
Both have great protection, but to get the real power of Kaspersky, You should tweak some settings (never in Default settings) 
- Feb 13, 2017
- 1,486
Please take my comment so like it is because I don't have experience with Kaspersky, that I know as a excellent product.
I use Emsisoft, and in my opinion its BB is extremely reactive, it also may report anomalies during the uninstallation process of an app, but I appreciate this responsiveness.
I use Emsisoft, and in my opinion its BB is extremely reactive, it also may report anomalies during the uninstallation process of an app, but I appreciate this responsiveness.
- Jan 9, 2017
- 468
Both are heck of good products, but i am the dude with tweaked kaspersky and i am very happy for that sure, end of story. There are in forum jungle some recommended settings for KIS and those setting you could get some inspiration todo some other tweaks
- Jan 8, 2011
- 22,361
Why would you want second best, if Comodo is on the top of your list.
If it's not too much to ask;
If it's not too much to ask;
- Are you looking to switch to either Emsisoft or Kaspersky?
- What are your reasons?
- Why only these two software for comparison?
- Apr 28, 2015
- 8,664
@jackuars: I think there are many variations We can do in Kaspersky settings, Here You are a couple of links:
Kaspersky Internet Security 2017 Recommended Settings
How to setup Kaspersky Internet Security 2016 for Maximum Protection (Guide)
Also You can check my current settings for testing malware samples in Malware Hub, keeping auto mode but changing only 3 settings You can get a stronger prevention, just check any of my results posts (Spoiler of Settings). That set-up is very easy to change, keeping most of default settings but improving prevention taking unknown applications to High Restricted. Of course We can even have stronger/paranoid settings, but those are IMHO the most easy to change and keeping the main default settings idea.
For instance, in many of my working/productions systems I have a different and more paranoid settings, something similar to:
But as I said before, We can have different stronger settings approaches...
Kaspersky Internet Security 2017 Recommended Settings
How to setup Kaspersky Internet Security 2016 for Maximum Protection (Guide)
Also You can check my current settings for testing malware samples in Malware Hub, keeping auto mode but changing only 3 settings You can get a stronger prevention, just check any of my results posts (Spoiler of Settings). That set-up is very easy to change, keeping most of default settings but improving prevention taking unknown applications to High Restricted. Of course We can even have stronger/paranoid settings, but those are IMHO the most easy to change and keeping the main default settings idea.
For instance, in many of my working/productions systems I have a different and more paranoid settings, something similar to:
But as I said before, We can have different stronger settings approaches...
- Aug 17, 2013
- 1,905
@harlan4096 Has a guide up somewhere on here I think. And here's another.
How to setup Kaspersky Internet Security 2016 for Maximum Protection (Guide)
There's a lot of tweaks you can perform with Kaspersky.
- Jul 2, 2014
- 1,689
I dont want to tradeoff usability even when increasing the protection. Does the Kaspersky Internet Security 2017 Recommended Settings respect that feature?
- Jun 24, 2016
- 2,400
If you need to be protected, stop hesitating and pick the one that fits the best on your system. Both will give you an awsome experience, and if you're conscious on what you do, you'll have no problems regarding what you choose.
- Apr 28, 2015
- 8,664
Then You can keep default settings in general, enabling PUP/PUA/Adware setting, and moving unknown application to Low/High restricted in Application Control...
- Jan 26, 2016
- 150
I've been doing a lot of testing lately since my Emsisoft license is due to expire soon and I want to see if anything out there may offer better protection, and they both perform great against newer threats. Some days Emsisoft performs better, while other days Kaspersky does. But overall I would say it's very even, and at that point you need to take other factors into consideration like system impact, detection rate, and configuration options. I have only used Kaspersky in a VM, but I would say Emsisoft is lighter on resources. Scans and remediation take much longer with Kaspersky, but once again I'm not sure if this is because of the VM environment. I'm going to test it out on my main system soon to see if there is any improvement. But Emsisoft performs just as well as with my main PC. With the samples I have been using I find that Emsisoft's detection rate is slightly better than Kaspersky, but once again it varies from day to day. As for configuration settings, Kaspersky by far. You can adjust pretty much anything. One last thing I would like to mention is privacy which is very important to me, and I would go with Emsisoft.
- Dec 27, 2016
- 1,480
Kaspersky has an interesting approach to exploits and attacks, called ZETA (Zero-day, Exploit and Targeted attacks shield).
It works with data streams instead of individual files, analyses unusual code/data and interconnection, uses heuristics, consults KSN and thus protects against new exploits and targeted attacks. Find details in this white paper.
Let me shed some light on exploit protection under zero-day.
Emsisoft has strengthened its protection against exploits recently in 2016, it didn't provide anti-exploit protection earlier.
Kaspersky's 'Automatic Exploit Prevention' that has been around since 2013 does the following acc. to their support
Kaspersky's AEP has performed well, competing with Symantec and is provided in home versions too.
A major challenge over detecting malicious payload drops is to cope with newer techniques of RCE (Remote Code Execution, one of the biggest vulnerabilities on Windows) and suites are still struggling, from what is apparent.
I'm not comparing the offerings with Emsisoft. This is for informational purpose. Emsisoft just got started with total protection after they changed their stance and strived to become a full protection suite. Not much of tests/results for the same are available.
For the above reason, please do not consider the result of Emsisoft shown in the below test result I'm sharing:
Coming back to overall Zero-day protection, Emsisoft and Kaspersky excel in different ways.
Emsisoft BB is fantastic and it may alert for quite some activities the user would have to decide over then. It's great for power users.
Its BB, depending on alert settings, may alert for trojan, backdoor, hijacking, process injection, hidden activities, debugger registration etc. that covers whole lot of malicious actions already.
Kaspersky has chosen to offer multitude of configuration in settings and activity control:
It has a nice vulnerability scanner and Software Updater (customizable to update vulnerable apps only).
In the end, over the excellent sig-heur protection both offer, you've to consider the Application control, Behavior blocking, System Watcher, defaults and offerings more importantly --> test the configurability, usability and effective coverage of both for the best judgement.
It works with data streams instead of individual files, analyses unusual code/data and interconnection, uses heuristics, consults KSN and thus protects against new exploits and targeted attacks. Find details in this white paper.
Let me shed some light on exploit protection under zero-day.
Emsisoft has strengthened its protection against exploits recently in 2016, it didn't provide anti-exploit protection earlier.
Kaspersky's 'Automatic Exploit Prevention' that has been around since 2013 does the following acc. to their support
- Controls executable files started from vulnerable applications and web browsers (for example, an attempt to run an executable file by a program designed for viewing documents).
- Controls suspicious actions of vulnerable applications (for example, if the rights of a running vulnerable application are exceeded and it writes itself into the other processes’ system memory).
- Monitors previous program starts (for example, whether the program was started by the user or by an exploit).
- Tracks a source of a malicious code (for example, a web browser that started download of an infected file; remote web address).
- Prevents using application vulnerabilities.
A major challenge over detecting malicious payload drops is to cope with newer techniques of RCE (Remote Code Execution, one of the biggest vulnerabilities on Windows) and suites are still struggling, from what is apparent.
I'm not comparing the offerings with Emsisoft. This is for informational purpose. Emsisoft just got started with total protection after they changed their stance and strived to become a full protection suite. Not much of tests/results for the same are available.
For the above reason, please do not consider the result of Emsisoft shown in the below test result I'm sharing:
Report link
(Note: ES had not implemented an ANTI-EXPLOIT during the test. It had even not submitted its product for the same. HMPA leads the competition).
(Note: ES had not implemented an ANTI-EXPLOIT during the test. It had even not submitted its product for the same. HMPA leads the competition).
Coming back to overall Zero-day protection, Emsisoft and Kaspersky excel in different ways.
Emsisoft BB is fantastic and it may alert for quite some activities the user would have to decide over then. It's great for power users.
Its BB, depending on alert settings, may alert for trojan, backdoor, hijacking, process injection, hidden activities, debugger registration etc. that covers whole lot of malicious actions already.
Emsisoft has its Anti-malware network with 273,890,717 files in its database, and counting based on realtime submissions by the products..
An exhaustive coverage by BB. Limit activities of apps individually.
BB
App control
(do not have more images to share currently)
An exhaustive coverage by BB. Limit activities of apps individually.
BB
App control
(do not have more images to share currently)
Kaspersky has chosen to offer multitude of configuration in settings and activity control:
Set auto rules for apps. System watcher for behavior and malicious activity monitoring.
Kaspersky Application Advisor and Security Network (KSN) is vast and helps make auto-decisions
You may control changes, restrict activities and access to different system folders etc.
Kaspersky Application Advisor and Security Network (KSN) is vast and helps make auto-decisions
You may control changes, restrict activities and access to different system folders etc.
In the end, over the excellent sig-heur protection both offer, you've to consider the Application control, Behavior blocking, System Watcher, defaults and offerings more importantly --> test the configurability, usability and effective coverage of both for the best judgement.
- Jan 14, 2016
- 601
Very simply put, this is the best setting for HIPS. I go one more step ahead & set-up it as move unknown to high restriction & all high restriction application prompt at startup. So you can guess this is the ultimate for interactive protection as only application in KSN trusted are allowed to run automatically.
BTW, As for your comparison, i am gonna suggest NONE in default settings. Even CFW in defaults is no good against zero-days. But in custom settings, this all changes. It all depends on how the settings are changes & how much change & usability you can tolerate regarding that change. So, for custom settings, i am gonna go with Kaspersky.
Regards.
- Dec 27, 2016
- 1,480
Perfect way to make Kaspersky even better. More you explore and set, less you need to use complementary apps.
Yet, one should occasionally check what apps are classified in which groups, maybe some necessary ones are restricted or some rules set by KSN itself get changed by KSN's updates.
- Jan 14, 2016
- 601
When KTS prompts me about a unknown process which is in high restricted, if i trust it, i set it to trusted, so it is launched as it should be. Otherwise all other prompts are met with 'allow now' so i can keep getting prompts & keeps tabs as to what is happening.
Yes, i monitor application list frequently for apps in trusted & restricted sections.
Similar threads
