By real time I mean behavior blocker not signatures, so if you try to run it, and it is not defined in signatures then at that time (real time) the behavior blocker will act and detect its malicious behavior and block it, maybe I did not describe it well in my previous post.
But detecting malware by signature at an earlier phase is more efficient than waiting until executed to be detected by behavioral analysis; the wider the user base, the more rich is the telemetry and consequently, the signatures.
You are right but in this sort of software everything nowadays is very convoluted and layered, so just having the users doesn’t mean you have the telemetry. Look at the old Norton that waited for your PC to be idle to send telemetry. And even with a sheer volume of telemetry, you would still need the brain to correlate, process and learn.
Which AVs are aggressive with sending suspicious files to their cloud for testing/telemetry?
Avast, Eset and Kaspersky would be the most efficient in telemetry. Avast doesn’t hide that they extract on average around 250 mb of telemetry from each user daily. In Avast, even though you’ve got many layers (which is the case with Eset as well) the layer that does most of the work is EvoGen. This is similar to Eset.
Well… in these already 8 pages it became evident that the OP didn’t have that. So you see, these tools still have application.
My real time protection of Kaspersky free not removed malware? Defender get some dll
Tools to tell a malware was missed, and it is time to re-install Windows.
Erm hello, I’m the dev of one such tool and you are telling me my project is useless
I did not mean it; you are a genius and I wish you all the best with your project.Erm hello, I’m the dev of one such tool and you are telling me my project is useless
I’ll go cry in a corner.
The engine of real-time protection AV such as Norton is better than Norton power eraser; I wonder why NPE is used as the "gold standard" to evaluate Norton; the same applies to K AV and KART.
And what about the tests performed by testers such as @Shadowra? Do they use one of the tools I mentioned in my post #136? All testers use these tools. How will they determine if the machines are clean at the end of the tests? A crystal ball to guess that they are clean? I don't think so. So, they need to perform an on-demand scan using NPE, HouseCall, KVRT, Orion Malware Cleaner, Malwarebytes, and many other malware scanning tools. These tools will give the final verdict on how an AV performed in the tests and whether it left any traces or if the machine was infected. These tools are useful; if they weren't useful, they wouldn't even exist. They may not be useful to you, but for many they are indispensable, especially for malware testers.
In order to get sound data, they should revise the results not by inferior on-demand scanners, but by running full AVs installed one by one.
One more VT report and I will come to re-install Windows for you as a gift
I only mentioned Malwarebytes, but nowadays many people no longer use it as a reference due to its decline in malware detection. You are either completely uninformed or out of touch with these tools, because Hitman Pro is just one example that uses several engines when scanning. If I am wrong in my information, @Trident or any malware tester who sees my post can correct me if I am wrong. I know because I have seen it in tests and have used many of these tools, although I have never found anything and have never had to remove anything because I have never had problems with malware.In order to get sound data, they should revise the results not by inferior on-demand scanners, but by running full AVs installed one by one.
But as this procedure takes more time and effort, they prefer the easier solution.
Malwarebytes to judge the results of Kaspersky or McAfee? come on!
NPE, for example, has no virus definitions or behavioral analysis (only reputation check), as I was informed by @Trident; how App like that is used to evaluate the efficacy of AV with signatures, reputation, behavioral analysis?
