App Review Shadowra's Big Comparative : Episode 2 - Paid Antivirus

[Vitali Ortzi]

It uses a lot more than just honeypots, the CP Harmony one is always newer. Anti-ransomware can be configured in detail in Harmony, you can increase the size of the database and change the backup interval and file formats.

The ZoneAlarm Anti-Ransomware is designed to be ran alongside an antivirus product — it is not an antivirus on its own. It also doesn’t detect anything else apart from ransomware and generic malicious activity. There is no file system emulation either.

The ZoneAlarm Extreme Security product is better suited for a test.

If you have access to highly detailed slides about checkpoint tech I would appreciate it could be uploaded to your site as I have to dig in blog posts , different webinars and still only get small snippets of some of the technologies anyway it's really interesting as in recent years they got ai catagoriztion wich they didn't have before for example in 2022 Gartner one of the shortcoming was the lack of they tech they now have and they are even recently improving a lot of tech from zero pishing to emulation



Thankfully on the emulation part they have very well detailed blog posts but the ransomware , threatcloud, antibot , ips (exploit mitigations part ) needs more in depth information about how the tech works easily accessible

 

[Trident]

Thankfully on the emulation part they have very well detailed blog posts but the ransomware , threatcloud, antibot , ips (exploit mitigations part ) needs more in depth information about how the tech works easily accessible

ThreatCloud is well documented with all the videos and posts, ThreatCloud is mainly the engines that they blog about and the feeds.
IPS is not available in Harmony Endpoint, it is only on the gateways.

The anti-ransomware and anti-bot are all based on the Endpoint Forensics Recorder. This engine is everything and anything in CP products, capturing all new objects and events, and passing them to the relevant engines. From there, Anti-Ransomware (just a branding really) takes events only and runs them through over 50 local decision trees responsible for ransomware identification. In addition, it backs up and restores files after encryption (which is how it differs from EFR/Behavioural Guard).

Anti-Bot takes both events/behaviours and objects. It contains network signatures that include port and protocol, bot-related behaviours and the ThreatCloud repository with bot servers. When bot is detected, Anti-Bot returns this information to the EFR, EFR pulls the activity logs and starts undoing whatever it can undo.

 

[TuxTalk]

I just keep using TM since i have license until 2030, i hardly use the laptop anymore, surf mostly on the iPad.
I am really bored and done installing all different AV over and over.

 

[annaegorov]

If he/she became paranoid what to do?

Set up an appointment for him or her with the bot.

 

[mlnevese]

We have our share of paranoids in this forum. Some clearly need medical attention and I'm not kidding.

 

[annaegorov]

So, my preference is Kaspersky, BUT.... Thanks, USGOV....

So even though they are not in 1st or 2nd place I chose Emsisoft for the Kaspersky inclusion.

 

[Sorrento]

I just keep using TM since i have license until 2030, i hardly use the laptop anymore, surf mostly on the iPad.
I am really bored and done installing all different AV over and over.

I've just set a couple of laptops up for friends / neighbors they are new but not overly fast & put Trend on both of them, neither are happy clickers & would probably be OK with no AV at all - Trend is very lite & have multiple licenses until 2028.

 

[cartaphilus]

@Shadowra THANK YOU SOO MUCH FOR YOUR TIME!!! That is a freaking amazing dedication to the art! To spend basically few days just doing this BS just to for testing sake is amazing! Looking at your work ethic is making me feel guilty. Here I am watching SQUID Games when I could be doing something useful!

Glad to see that ESET is doing Great! KAV is basically being KAV. McAFFEE GREAT performance after Trellix acquisition, McAffee is not your grandfather's McAffee! It became lightweight and capable of holding it's own! In the end the more engines that are being developed the better. You want to keep the malware developers on their toes. Who cares if there is 50 different name brands if all of them share the same engine?!!! (Looking at you Norton, AVAST, AVIRA, AVG etc).