Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Battlefield
Software Comparison
Planned: Real-world Test of Trend Micro, ZoneAlarm, Eset and Webroot
Message
<blockquote data-quote="Trident" data-source="post: 1097393" data-attributes="member: 99014"><p>Webroot does use folder priority. That's how the product has been designed, I am not designing it. Other products of this sort are McAfee, Eset that uses emulation on downloaded files, Avast with their cyber capture that needs the MOTW. These products have additional systems that kick in only when the file is downloaded. The design decision of the vendor should be respected. Malware doesn't just come from the sky, It needs to be downloaded or saved from email (same thing). You cannot always place all products under one umbrella and test them the same way.</p><p>It is not even folder priority, it monitors the chain of events. Files created by browser are examined with a more aggressive rule set. AVs like Norton also take into account the website file came from.</p><p></p><p>To this point, I agree with Lynx. But I don't agree that users will start playing hide-and-seek or whack-a-mole, creating HIPS rules, tweaking heuristics. This is something that very small minority will do. Vast majority of users use Defender with no tweaks whatsoever.</p><p></p><p>But whatever, let's tweak them. They will still fail.</p><p></p><p></p><p>This in the Webroot world is impossible, as it automatically whitelists and excludes absolutely all trusted binaries, which LOLBins are... it does not monitor them at all or scan them. This is why everyone would cast a doubt over the Webroot effectivness, which I did and then I was attacked.</p></blockquote><p></p>
[QUOTE="Trident, post: 1097393, member: 99014"] Webroot does use folder priority. That's how the product has been designed, I am not designing it. Other products of this sort are McAfee, Eset that uses emulation on downloaded files, Avast with their cyber capture that needs the MOTW. These products have additional systems that kick in only when the file is downloaded. The design decision of the vendor should be respected. Malware doesn't just come from the sky, It needs to be downloaded or saved from email (same thing). You cannot always place all products under one umbrella and test them the same way. It is not even folder priority, it monitors the chain of events. Files created by browser are examined with a more aggressive rule set. AVs like Norton also take into account the website file came from. To this point, I agree with Lynx. But I don't agree that users will start playing hide-and-seek or whack-a-mole, creating HIPS rules, tweaking heuristics. This is something that very small minority will do. Vast majority of users use Defender with no tweaks whatsoever. But whatever, let's tweak them. They will still fail. This in the Webroot world is impossible, as it automatically whitelists and excludes absolutely all trusted binaries, which LOLBins are... it does not monitor them at all or scan them. This is why everyone would cast a doubt over the Webroot effectivness, which I did and then I was attacked. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
