Known Problems with Most Common AV's

Status
Not open for further replies.

RoboMan

Level 34
Thread author
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
Another thread I thought about (wow Robbie you're on fire today!). Share a fact about the AV you use or about an AV you heard of that has specific problems or facts that need to be known before instaling. The purpose of this is to let users know what kind of issues or scenarios they will face when installing X antivirus.

Avast/AVG:
  • Telemetry/privacy issues
  • Hardware virtualization for DeepScreen and CyberCapture conflicts with VMware, VirtualBox and Windows Sandbox
  • Transient caching slows down the machine
Avira:
  • Webfilter is heavy
  • No offline BB. There is only online cloud+BB for uploaded files, which have to match certain criterias
  • Poor against scriptors
  • Luke Filewalker emergs after detecting malware and does a deep, slow full scan of the system, no option to stop it or disable
  • Not many options to improve its protection
  • Bloated with unnecessary modules
  • Updates can cause the PC to freeze if the update is big enough
  • Pro version has better behavior detection for cloud uploading (thanks to Webfilter). Free doesn't upload files as frequent
Bitdefender Paid/Free:
  • SSL scanning blocks legit websites without notice and no way to add exclusions or disable; cuts wi-fi connection intermittently
  • Inaccurate information aboout dealing with malware: says it's deleted but it's quarantined
  • Can be messy since it tends to dismantle a file to scan, therefore context-scanning one file may say it scanned 12 files
Comodo:
  • The antivirus module is heavy and weak (without AV, it's super light)
  • Some unexpected bugs
  • FPs for non-English or non-European programs
  • Learning curve. It's never easy for average users
Cylance:
  • FPs
  • No default UI for excluding quarantined files
  • Web dashboard mostly useful only for multiple device managment
Dr. Web:
  • Very high use of RAM
  • Very poor signature-based detection
Emsisoft:
  • Extreme memory usage
  • Conflicts with Chromium-based browsers' container
  • Signatures are borderline poor against new malwares (but great non-zeryday thanks to BD)
  • If we exit Emsisoft, re-opening it will make it crashed or unusable. Requires a reboot
  • Web filter is not good, requires installing browser extension for deep filtering
  • Not any options to improve the default protection
ESET:
  • The UI is very confusing with small text and grouped settings. Not easy for new users
  • Scan mode ("Scan On" option) in "Real-time file system protection" needs more detail explanation in app when clicking on the ! mark. Users have to visit help.eset.com to read more detail about it (and they do explain)
  • Poor zero-day protection = silent HIPS in default settings
  • Newly developed behavioral blocker is not yet competent
  • HIPS is HIPS. It can block everything including safe files. It's not easy and takes time to configure => not user-friendly (any HIPS in general)
  • "Enable detection of potentially unsafe applications" is a real FP machine (not to be confused with "Enable... unwanted applications" = detecting PUPs)
  • Admins usually find a lot of reasons to defend their products when there is a flaw or bypass discovered by an organization or an user
G Data:
  • Known conflicts with Shadow Defender (firewal becomes buggish, turns off automatically, requires reboot)
Kaspersky:
  • TAM module is known to significantly slow down the general daily operations.
  • Frequent problems with browsers on HTTPS and certificates, specially with Firefox.
  • Browser Script Injection causes slow downs on browser and PC
  • Compatibility issues with some APPS (NPE)
  • Scan mode: On execution => it still scans files on-access (slow icon appearance in folder, only 1, after 1 reboot)
  • Weak against adwares/PUPs
  • Rootkit scan scheduled scan causes high CPU usage and slows down PC -> false perception that Kaspersky is resource-hog
  • Kaspersky removal tool (kavremover) is known to break System Restore/system protection (still not fixed)
  • Tweaking KIS's firewall is a pain for new users due to child process rule inheritance from parent process
  • Firewall: unable to block the default Public network -> KIS will block the whole internet
K7:
  • Very bad protection against scripts and documents
  • Vulnerable to java-based exploits
  • Mediocre firewal
  • Childish GUI
  • Poor support
Norton:
  • Poor protection against USB-delivered viruses
  • Ineffective web filter (never seen it work. All the hard work is done by Download Insight). Require installation of browser extension for Browser filtering. Useless system-wise filter
  • Download insight is very prone to FPs
  • Problems with licensing, also trial
  • SONAR takes a lot of time and resources to analyze a malware, especially on Aggressive option
  • Uninstall tends to be buggy
  • Can cause problems with web install for some users with browsers yet not for others
  • After web install from main site download installs older version then updates in stages requiring several reboots & updates to get to final
  • It leaves old large installers that some users may not know are there & may not know if to OK remove.
Panda:
  • Buggish when needed to update to a new program version, doesn't update automatically
  • Uninstall causes high memory leak and eventually BSODs
  • High CPU usage during execution of scripts
  • Program update will need to reinstall the program and there's no option to backup settings.
Qihoo 360:
  • Free version with ads and nags
  • Paid version does not give any security related improvements at all
  • Promised early upgrade never noticed when using premium
  • Does not notify on new version unless manual update is triggered
  • HIPS are almost useless against common malware (does prevent AutoRun, but malware can still submit and steal data)
  • Good signatures, but without signatures, system is very likely to get infected
  • Weak against process hollowing
  • HIPS do not freeze malware, it can happily harm the system until user action / 30 seconds until autoblock
  • Pseudo-firewall does block almost nothing (seems to be a network monitor rather with the option to manually block)
QuickHeal:
  • Very poor signature detection
  • Apart from Antivirus Pro, the packages are to expensive for what they deliver
  • Only very few useful additions in Internet Security / Total Security packages (but steep price increase)
  • Installers for other than english releases are very old, cannot comfirm user gets latest release
  • Difference between Total Security and Total Security Multi Device not clearly visible (TS Multi Device did not arrive with latest Version 18 yet but stuck at v17, an issue because of many improvements in v18)
Sophos Home:
  • Can present gaming performance issues
  • The Hitman Pro included is not the same as the standalone Hitman Pro
  • Accessing log files can be difficult for novice users

Tencent PC Manager:
  • BB does not work offline
  • Cloud very unstable (BB & cloud signatures broken)
  • Apart from BitDefender 3rd party engine, no offline signatures
  • Does scan with Bitdefender Engine only, own signatures only triggered only on access & via download shield
  • Download shield and web shield (phishing/malware URL blocker) incompatible with many browsers (MS Edge, Brave, Vivaldi, maybe Chrome)
  • Nearly non-existent support (difficult registration on their forum, accessible without VPN only)
  • Weak against signed malware
  • Mediocre own detection on malware <24h
Trend Micro:
  • Merged labs with NSA
  • Quarantine does not allow manual deleting
  • Data harvester
Windows Defender:
  • Tends to freeze/slow down the system with a folder filed with executables is opened
  • Strictly dependent on Windows updates and windows versions. If We use older windows versions, we lose some protection. If Windows updates somehow is damaged, WD will not update properly (WPD can cause it)
  • Poor caching mechanisms, almost none. Slows down copying speed and folder opening
  • Strictly dependent on cloud and internet connection. Really poor offline protection
  • Unstable after detecting some malwares. It may revert user's tweaks and sometimes makes itself problematic (it's fine if you never face any malware)
  • Tweaking requires a lot of efforts or external apps
  • Slows down PC while removing malwares (despite choosing "Remove", it should take 1sec max to remove)
  • Only works with maximum capability when a file is downloaded from a browser or script. Some modules are bypassed when the file is originated from an USB, password-protected archive or downloaded by a download accelerator/manager
  • Can be disabled easily by third-party apps. Malwares can also do that and disable WD forever

Share as much facts as you want about the antiviruses you want!

PS: if you don't participe and still saw this thread, you'll have 7 years of bad luck and you will be destined to use Panda Antivirus forever.

I'll update this post with all your comments! Please be sure that what you post is indeed a known problem and not an isolated issue on your PC. Avoid comments like "Kaspersky is heavy on my machine", that's not a general issue, it just means your hardware sucks.
 
Last edited:

Bill K

Level 5
Verified
Jul 25, 2018
221
Panda Dome Advanced (paid, not free version) fails to update to newer versions of the program. Of course it updates its definitions regularly, but when an updated version of the software is released not only does it not get installed automatically but it doesn't even alert you or allow you to request the updated installation. I contacted Panda support to inquire about this and they said to get the new version of the program you must uninstall and reinstall the software, which means losing any customized settings you've made. I find this completely unacceptable for any security related software which should automatically provide updates to the latest stable release. (n)
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Kaspersky:
- frequent problems with browsers on https and certificates. Mostly with firefox
- browser script injection causes massive slow down of PC and browsers
- the current kaspersky 2019 patch f is having a problem with browser performance. Frequent freezes and lags, high CPU usage during opening a web site on new tab
- compatibility issues with some apps (NPE)

Avast/AVG:
- telemetry issues
- overseer.exe
- Hardware-virtualization for DeepScreen and CyberCapture conflicts with VMware, VirtualBox and Windows Sandbox (well-known for years)
- currently having a few issues with Firefox, might be fixed already?
- transient caching usually the root of slowdown


... will add new vendors when I have time
 

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
G data (2019 Version) :.
Firewall turns off automatically (Limited connectivity occurs- (INTERNET STOPS WORKING) , Firewall still shows (ON) in U.I under settings it is (Stuck as Enable) ..doesn't respond until and unless a reboot is done
> After reverting from the Shadow mode only it occurs (Shadow defender)
 

Burrito

Level 24
Verified
Top Poster
Well-known
May 16, 2018
1,363
Kaspersky - Possible privacy issues
Norton - Uncertain (probably bad) future if purchased by Broadcom
Bitdefender - Buggy on some systems
Cylance - False Positives
Malwarebytes - Lacking full spectrum coverage, weak
Webroot - Extremely Weak
McAfee - Inconsistent, usually not very good..
CrowdStrike Falcon - False Positives
Zillya! - No advanced detection
Sure Sense - We shall see..
 

oldschool

Level 81
Verified
Top Poster
Well-known
Mar 29, 2018
7,044
Bitdefender Free - SSL scanning blocks legit websites without notice and no way to add exclusions or disable; cuts wi-fi connection intermittently.
Cylance - FPs, no default UI for excluding quarantined files. Web dashboard mostly useful only for multiple device managment.
 

Brahman

Level 16
Verified
Top Poster
Well-known
Aug 22, 2013
799
Even after so many years of evolution operating systems are getting more and more vulnerable to illegitimate applications...all hail anti virus industry.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Panda:
- uninstallation causes extreme memory leak and eventually BSODs
- almost no autoupdate
- high CPU usage during execution of scripts
- manual update requires uninstalling and reinstalling new version + there is no option to backup current settings. Uninstallation will delete all settings

Norton: (not symantec)
- Poor protection against USB-delivered viruses
- Ineffective web filter (never seen it work. All the hard work is done by Download Insight). Require installation of browser extension for Browser filtering. Useless system-wise filter
- Download insight is very prone to FPs
- Problems with licensing, also trial
- Confusing website. Don't know exactly what the current version is or how the 2019 products are called
- SONAR takes a lot of time and resources to analyze a malware, especially on Aggressive option

Comodo:
- The antivirus module is heavy and weak (without AV, it's super light)
- Some unexpected bugs
- FPs for non-English or non-European programs
- Learning curve. It's never easy for average users

Windows defender:
- strictly dependent on Windows updates and windows versions. If We use older windows versions, we lose some protection. If Windows updates somehow is damaged, WD will not update properly (WPD can cause it)
- Poor caching mechanisms, almost none. Slows down copying speed and folder opening
- Strictly dependent on cloud and internet connection. Really poor offline protection
- Unstable after detecting some malwares. It may revert user's tweaks and sometimes makes itself problematic (it's fine if you never face any malware)
- Tweaking requires a lot of efforts or external apps
- Slows down PC while removing malwares (despite choosing "Remove", it should take 1sec max to remove)
- Only works with maximum capability when a file is downloaded from a browser or script. Some modules are bypassed when the file is originated from an USB, password-protected archive or downloaded by a download accelerator/manager
- Can be disabled easily by third-party apps. Malwares can also do that and disable WD forever
 
Last edited:

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
Bit defender (Slight Bugs) :

Though scan says file is deleted... but file would be disinfected and remain in folder. Neither logs/ nor quarantine are accurate !.
Some times resolved items/ scanned items number is confusing..if 10 items are scanned, it says some other !!
F Secure :
Struggle to delete (some) static right click scan items.
Wrong info is given even when delete is done and vice versa !
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Emsisoft:
- extreme memory usage. Totally not recommend if you don't have at least 6GB of RAM or you are a hardcore gamer. I had constant BSODs while gaming with Emsisoft
- Conflicts with Chromium-based browsers' container
- Signatures are borderline poor against new malwares. Great against non-zeroday (thanks to BD)
- If we exit Emsisoft, re-opening it will make it crashed or unusable. Requires a reboot (not sure if it's fixed. Last time I tried, they said it was fixed but it didn't)
- web filter is not good. Requires installing browser extension for better/deeper filtering
- not many options to improve its protection from default

Avira:
- Webfilter is heavy
- No offline BB. There is only online cloud+BB for uploaded files, which have to match certain criterias
- Poor against scriptors
- Luke Filewalker!!! after detecting a malware. No option to stop or disable it
- Not many options to improve its protection
- Bloated with unnecessary modules
- Buggy sometimes
- Updates can cause the PC to freeze if the update is big enough
- Pro version has better behavior detection for cloud uploading (thanks to Webfilter). Free doesn't upload files as frequent
 

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
K7:
Responsive BB (accurate), Better signatures compared to past, Thorough blocking and good removal against unknown, Anti ransom module is responsive !!
Cons:
Extreme poor against scripts,excels , java based exploits as well, So so firewall, Childish U.I, Poor support.
 

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
Kaspersky - Possible privacy issues
Norton - Uncertain (probably bad) future if purchased by Broadcom
Bitdefender - Buggy on some systems
Cylance - False Positives
Malwarebytes - Lacking full spectrum coverage, weak
Webroot - Extremely Weak
McAfee - Inconsistent, usually not very good..
CrowdStrike Falcon - False Positives
Zillya! - No advanced detection
Sure Sense - We shall see..
Sure Sense is a version of the deepinstinct software for computers HP .
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
...
Windows defender:
- strictly dependent on Windows updates and windows versions. If We use older windows versions, we lose some protection. If Windows updates somehow is damaged, WD will not update properly (WPD can cause it)
- Poor caching mechanisms, almost none. Slows down copying speed and folder opening
- Strictly dependent on cloud and internet connection. Really poor offline protection
- Unstable after detecting some malwares. It may revert user's tweaks and sometimes makes itself problematic (it's fine if you never face any malware)
- Tweaking requires a lot of efforts or external apps
- Slows down PC while removing malwares (despite choosing "Remove", it should take 1sec max to remove)
- Only works with maximum capability when a file is downloaded from a browser or script. Some modules are bypassed when the file is originated from an USB, password-protected archive or downloaded by a download accelerator/manager
(y)(y)

...
- Can be disabled easily by third-party apps. Malwares can also do that and disable WD forever
This was true one year ago. Now, such 3rd party apps or program are detected as trojans or hack-tools. This was the case of ConfigureDefender - I had to remove the option of disabling WD real-time protection.
In Windows ver. 1903 Microsoft introduced Tamper Protection to prevent disabling the crucial WD functions.
Anyway, if the malware would access Administrative Rights, then any AV protection (also WD) can be altered or disabled.
Generally, WD is a nightmare for people who want to test malware.:giggle:
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
This was true one year ago. Now, such 3rd party apps or program are detected as trojans or hack-tools. This was the case of ConfigureDefender - I had to remove the option of disabling WD real-time protection.
In Windows ver. 1903 Microsoft introduced Tamper Protection to prevent disabling the crucial WD functions.
Anyway, if the malware would access Administrative Rights, then any AV protection (also WD) can be altered or disabled.
Generally, WD is a nightmare for people who want to test malware.:giggle:
there are still some apps which can disable WD with 1 click on 1903 regardless of Tamper protection. I use 1 frequently to shutdown WD completely and install other AVs for testing
1 of them is Defender Control v1.5 (by Sordum)
tamper protection can't do anything to stop it. WD is off in 1 second

by the way, malware makers know that WD should be the first AV to bypass/neutralize when they create malwares => WD is the no.1 target -> poor the very first users to get the malwares
malware makers in other countries like Russia, China or India, they also have to bypass commonly used AVs in those countries (Kaspersky, Qihoo, Quickheal...)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
there are still some apps which can disable WD with 1 click on 1903 regardless of Tamper protection. I use 1 frequently to shutdown WD completely and install other AVs for testing
1 of them is Defender Control v1.5 (by Sordum)
tamper protection can't do anything to stop it. WD is off in 1 second
Interesting, it can also disable WD on Windows 1809. ConfigureDefender also could do it for many months. Anyway, it cannot be used by malware, because it does not allow command lines. It is probably whitelisted by MS by the author request (like ConfigureDefender), so the malware that would like to use the same method would be stopped anyway.

by the way, malware makers know that WD should be the first AV to bypass/neutralize when they create malwares => WD is the no.1 target -> poor the very first users to get the malwares
malware makers in other countries like Russia, China or India, they also have to bypass commonly used AVs in those countries (Kaspersky, Qihoo, Quickheal...)
If the malware can access Administrative Rights (like Defender Control), then any AV can be altered/disabled. But, such malware would be too valuable to use it in the widespread attacks.
So, the home users should not bother about it.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top