Source
https://youtu.be/48OugqqCtSQ
Video created by
League of Antivirus

SeriousHoax

Level 32
Verified
There is no extra detail report, but they mention default configuration for consumers, so I image Edge + smartscreen.
I like MRG tests, the disable smartscreen except for WD, but when they did WD test without it, it performed horribly.
It makes sense to keep SmartScreen enabled for WD but not for other AV. So AVC probably disable that too for other products. Maybe Panda blocks everything unknown that's downloaded over internet which results in more blocks but high false positives.
 

McMcbrad

Level 10
It makes sense to keep SmartScreen enabled for WD but not for other AV. So AVC probably disable that too for other products. Maybe Panda blocks everything unknown that's downloaded over internet which results in more blocks but high false positives.
It has a component in the paid version that works same like Avast hardened mode. If you try to run something unknown to Panda, it will ask you whether you allow that and will recommend that you click on “don’t run”. The issue when I tried this was that almost everything is unknown 😅
It also doesn’t give you an explanation why you shouldn’t run it.
 

SeriousHoax

Level 32
Verified
It has a component in the paid version that works same like Avast hardened mode. If you try to run something unknown to Panda, it will ask you whether you allow that and will recommend that you click on “don’t run”. The issue when I tried this was that almost everything is unknown 😅
It also doesn’t give you an explanation why you shouldn’t run it.
Maybe not enough user use it to have better reputational data. Do they publish any number about the number of users they have? They are from Spain so I guess they have quite a few there but what's the overall number?
Here's Panda boasting about the AVC result on their blog. Though there's no mention of false positives number:
 

AYIZEB

Level 2
Here in Spain, when you went to have your pc repaired, the computer offered you to install panda, but beyond that panda, right now it is a low product, having, kaspersky, bitdefender etc ...
 

McMcbrad

Level 10
Maybe not enough user use it to have better reputational data. Do they publish any number about the number of users they have? They are from Spain so I guess they have quite a few there but what's the overall number?
Here's Panda boasting about the AVC result on their blog. Though there's no mention of false positives number:
They claim they have about 40 or 50 millions of users, on their website. They have some huge customers, such as Telefonica (Spanish Telecom, present in the UK as well, under O2 name). They are not extremely popular, but outdated mechanisms for data collection and processing might actually be the reason behind their low success.
 

roger_m

Level 31
Verified
Content Creator
Maybe Panda blocks everything unknown that's downloaded over internet which results in more blocks but high false positives.
I used Panda for some time a few years ago and only had minor issue with false positives, even though I was regularly downloading PUPs and lesser known software. Its behaviour blocker, never blocked anything either.
 

SeriousHoax

Level 32
Verified
I used Panda for some time a few years ago and only had minor issue with false positives, even though I was regularly downloading PUPs and lesser known software. Its behaviour blocker, never blocked anything either.
Does it require MOTM for blocking unknown exe files? Were you downloading via browser or other download managers?
I mean I'm just trying to understand how come they achieve that 100% detection while literally no one says that it's a good AV.
 

McMcbrad

Level 10
Does it require MOTM for blocking unknown exe files? Were you downloading via browser or other download managers?
I mean I'm just trying to understand how come they achieve that 100% detection while literally no one says that it's a good AV.
It uses similar approach to Norton, that's why they had a product called "Panda Cloud Antivirus". In fact, Panda was the first one to start using "Collective Intelligence" back in 2006.
It doesn't require MOTW, but it doesn't have definitions either, just some hashes of prevalent malware (locally). Upon scanning it will calculate hash, send it to their server and get a result whether the file is safe or not. The server probably doesn't deem brand new files safe and this is where their detection rate comes from. In addition, they partner with Cyren (you can find info on that if you Google them). They get threat intelligence from them and that's why they still manage to achieve good results.
I never managed to see their behavioural blocker in action though. More can be seen here: Cyber-Security and Technology - Panda Security
Their core technologies are not the worst, but it needs more users/telemetry and the whole software needs a serious redesign.
 

SeriousHoax

Level 32
Verified
It uses similar approach to Norton, that's why they had a product called "Panda Cloud Antivirus". In fact, Panda was the first one to start using "Collective Intelligence" back in 2006.
It doesn't require MOTW, but it doesn't have definitions either, just some hashes of prevalent malware (locally). Upon scanning it will calculate hash, send it to their server and get a result whether the file is safe or not. The server probably doesn't deem brand new files safe and this is where their detection rate comes from. In addition, they partner with Cyren (you can find info on that if you Google them). They get threat intelligence from them and that's why they still manage to achieve good results.
I never managed to see their behavioural blocker in action though. More can be seen here: Cyber-Security and Technology - Panda Security
Their core technologies are not the worst, but it needs more users/telemetry and the whole software needs a serious redesign.
Hmm right. Basing detection based on hash only is a recipe for disaster. No wonder why it has such a high false positives. Every AV has some kind of hash based blocking system but that's for new threats which is known to them but they haven't pushed a signatures online/offline update yet. Panda also sucks at signatures. You'll almost never see it VT except for popular/older threats.
 

McMcbrad

Level 10
Hmm right. Basing detection based on hash only is a recipe for disaster. No wonder why it has such a high false positives. Every AV has some kind of hash based blocking system but that's for new threats which is known to them but they haven't pushed a signatures online/offline update yet. Panda also sucks at signatures. You'll almost never see it VT except for popular/older threats.
No, with the Panda Cloud Antivirus they stopped using signatures. They only use something like a local cache with prevalent malware hashes, for when you are offline. Other than that, it relies on the cloud. Trend Micro is more or less the same.
 

SeriousHoax

Level 32
Verified
No, with the Panda Cloud Antivirus they stopped using signatures. They only use something like a local cache with prevalent malware hashes, for when you are offline. Other than that, it relies on the cloud. Trend Micro is more or less the same.
I see. Almost fully cloud dependent. Yes, Trend Micro also seem to detect a lot with hash which most of the time looks like a behavior blocking protection. Though it actually has a behavior blocker and it's pretty good unlike Panda which is non-existent.
 

McMcbrad

Level 10
I see. Almost fully cloud dependent. Yes, Trend Micro also seem to detect a lot with hash which most of the time looks like a behavior blocking protection. Though it actually has a behavior blocker and it's pretty good unlike Panda which is non-existent.
It's like comparing the sun and the moon :D
Panda was amongst the first to add "proactive" approaches. TruPrevent was released quite early, on par with F-Secure DeepGuard in 2006. But nowadays I don't believe it's receiving the updates and attention it needs.