- Apr 13, 2013
- 3,224
Second Opinion Scanners vs Worms
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Jun 9, 2013
- 6,720
- Sep 26, 2014
- 2,973
Maybe it's a good time to add NPE just to be sure if something is missed from ZAM.
Thanks for the video @cruelsister.
I didn't think Norton would do well against worms but it surprised me.
Thanks for the video @cruelsister.
I didn't think Norton would do well against worms but it surprised me.
- Jan 8, 2017
- 1,320
Not surprising for me the NPE, always found it powerful, is a tool that can not miss in the pc.
- Apr 28, 2015
- 8,913
I didn't expect such a bad result from HMP (even worse than MalwareBytes)... ZAM & NPE are good, We use (are a must) them as on demand scanners in every sample test in MWHub...
Last edited:
- Jan 25, 2018
- 300
- Feb 24, 2017
- 1,661
NPE is brilliant in finding not yet sigged anomalys since it detects unknown irregular things.
NPE is powerful, but also produces many FP's, so if you use it, be careful and watch.
As for Hitman Pro, it would be great to see someone utilize "Early Warning Scoring" from the advanced section, as it is designed to detect unknowns, again, watch for FP's.
As for Hitman Pro, it would be great to see someone utilize "Early Warning Scoring" from the advanced section, as it is designed to detect unknowns, again, watch for FP's.
- Apr 28, 2017
- 326
- Apr 13, 2013
- 3,224
When I did the initial test so long ago I sent the data (last time I'm doing that for Free) to the Developers (MB, HMP, Symantec). Symantec is the only one that responded and apparently took this issue seriously.
And just as an FYI, former colleagues of mine informed me of an increasing number of malware (especially RAT's) that come with build-in scriptor worms which are included for network spread and persistence. It's really a shame that both Developers and Professional testing organizations would rather not have the Public think about these things...
And just as an FYI, former colleagues of mine informed me of an increasing number of malware (especially RAT's) that come with build-in scriptor worms which are included for network spread and persistence. It's really a shame that both Developers and Professional testing organizations would rather not have the Public think about these things...
- Jul 6, 2017
- 2,392
I'm surprised with Hitman pro ... I expected more from him ..
Thanks for the video
Thanks for the video
This is exactly why i do not rely on just signatures. I use Hitman pro "Early Warning Score" enabled to detect unknowns "zero days", as well as using Eset's Sysinspector, then i have PeStudio for further file inspection, even though i have Eset's engine "EIS", BD & Kaspersky engines from HMP, 3 of the top engines, and yet, i still do not rely completely on them, as it has been shown time and again, that signatures just can not keep up.
For those product bashing, i really wish you would learn to use a product before you label it.
Oh my favorite two second opinion scanners - ZAM and NPE! Nice work @cruelsister ! Thanks for the great video review and demonstration!
I hope many others see your great video and truly understand the power of ZAM and NPE! I have been using NPE for years now as a check against my security config. and especially against my Norton subscription. ZAM is truly amazing, powerful, and fast. I'm happy I discovered ZAM a long time ago and I now use ZAM on all of my computers. I not only trust these two products I actively recommend the two products to all of the clients I work with.
@cruelsister Nice job!
I hope many others see your great video and truly understand the power of ZAM and NPE! I have been using NPE for years now as a check against my security config. and especially against my Norton subscription. ZAM is truly amazing, powerful, and fast. I'm happy I discovered ZAM a long time ago and I now use ZAM on all of my computers. I not only trust these two products I actively recommend the two products to all of the clients I work with.
@cruelsister Nice job!
You should try Trend Housecall. I'm surprised it wasn't tested. Trend Housecall is extremely effective as an on-demand second opinion scanner and has some healthy generic detection systems in it. We've had worms that weren't detected by any tool BUT THC.. Mind you, I am no fan of Trend, but THC is an effective tool.
I've been saying for weeks I won't be renewing my Hitmanpro licenses after they expire. Now everyone knows why.
My opinion only, but this advanced feature--too much information. Even on a scanned drive with only some fiddle-faddle on it, numerous "traces," many of which are mysterious and require research to investigate. Who needs that in an on-demand? I believe HitmanPro products took a little hit in the merger to Sophos and this video has me re-evaluating my on-demands. Norton Power Eraser, huh? Sounds good right about now.
Edited out "hmmm" smiley after NPE as it was not capturing what I intended.
Last edited by a moderator:
I fully agree most average users should not even venture into using the early warning score as they need to be able to differentiate between what is a FP and what is not.My opinion only, but this advanced feature--too much information. Even on a scanned drive with only some fiddle-faddle on it, numerous "traces," many of which are mysterious and require research to investigate. Who needs that in an on-demand? I believe HitmanPro products took a little hit in the merger to Sophos and this video has me re-evaluating my on-demands. Norton Power Eraser, huh?
To state though, that the product is crap, and not capable is not correct though, and it is statements made by those that have no idea how to use it properly. This is what im trying to point out. At the end of your post, you have NPE huh?, this is the same concept as HMP early warning score, it will scan and detect unknown files just as HMP EWS will, and you will still need to know what you are looking at. Are these powerful tools, you bet, once a users has enough knowledge to utilize them correctly.
- Oct 22, 2016
- 409
Hitman Pro at default settings, (which are the ones that average users use ...) a complete failure.
- Oct 22, 2016
- 409
You make me smile. I "suspect ..." that CS, or maybe even his cat, knows a lot, more than you, me and many others in here.
Last edited:
My removal techs have used NPE for over half a decade as part of the rotation. Also we keep Trend Housecall handy as well as HerdProtect. Even though HerdProtect has been officially retired it will still utilize VT for scanning and since it scans ALL files on a system, uses a custom heuristics engine and alerts to new, previously unseen 'potential' malware, it's effective at spotting things.
I use HMP with EWS enabled but wouldn't recommend that setting for regular Joes. I have 6 months left on my HMP/HMPA licenses and won't be renewing. I dislike Sophos and feel anytime they get involved they reduce a products quality and effectiveness. Take the Astaro->XG situation with them, they've nerfed the XG into a Candy Land UTM. 6 months from now I'll wave goodbye to HMP/HMPA, money NOT well spent.
I use HMP with EWS enabled but wouldn't recommend that setting for regular Joes. I have 6 months left on my HMP/HMPA licenses and won't be renewing. I dislike Sophos and feel anytime they get involved they reduce a products quality and effectiveness. Take the Astaro->XG situation with them, they've nerfed the XG into a Candy Land UTM. 6 months from now I'll wave goodbye to HMP/HMPA, money NOT well spent.
- Apr 13, 2013
- 3,224
Pathfinder- In pre-production I actually did the test both at Default setting seen in this video as well as with the EWS checked in Advanced settings (this done privately). As I'm sure you know, EWS will include just loads and loads of valid dll's, sys, and exe files that reside in System32 (on the system I used in the video the number was 34). However the actual malware detection is exactly the same as in the video (2).
Over the years I've seen a number of people who are NOT advanced users choose to decide to change the "Ignore" to "Delete". Needless to say this has always ended in Tears. As my audience includes Novices, I made a conscious decision NOT to even highlight EWS. I hope you understand.
I do thank you for pointing this out! I should have included a statement about this at least in the YouTube comments.
Over the years I've seen a number of people who are NOT advanced users choose to decide to change the "Ignore" to "Delete". Needless to say this has always ended in Tears. As my audience includes Novices, I made a conscious decision NOT to even highlight EWS. I hope you understand.
I do thank you for pointing this out! I should have included a statement about this at least in the YouTube comments.
Similar threads
