- Sep 2, 2021
- 2,744
In this video, we compare 7 entreprise antivirus programs.
The aim is to see how effective they are, and rank them from worst to best.
Please note:
- the antiviruses are already ranked in the video, I've taken into account Web blocking, the reaction to an attack, my malware pack and how the antivirus will defend itself.
- Please be courteous and respect my ranking. Filming took over 9 hours and 2 hours of preparation.
- The final episode will pit 2 antiviruses against each other.
- personal information was hidden on the panel of these antivirus programs. some of them didn't belong to me. Many thanks to @kamiloxf , who supplied me with most of the antivirus software I tested!
- all antivirus are default, I've only activated IF NECESSARY some options that the editor hasn't activated (heuristics, PUP detection etc.)
- the protocol is the same.
See you on January 31st for the final!
The aim is to see how effective they are, and rank them from worst to best.
Please note:
- the antiviruses are already ranked in the video, I've taken into account Web blocking, the reaction to an attack, my malware pack and how the antivirus will defend itself.
- Please be courteous and respect my ranking. Filming took over 9 hours and 2 hours of preparation.
- The final episode will pit 2 antiviruses against each other.
- personal information was hidden on the panel of these antivirus programs. some of them didn't belong to me. Many thanks to @kamiloxf , who supplied me with most of the antivirus software I tested!
- all antivirus are default, I've only activated IF NECESSARY some options that the editor hasn't activated (heuristics, PUP detection etc.)
- the protocol is the same.
WithSecure is the Enterprise version of F-Secure.
The product is presented as an agent to be installed, and features a fairly simple panel.
It clearly follows the F-Secure nomenclature: it can be configured both online and locally!
URL: 10/10 - WithSecure blocks all links
Fake crack: 1/1 - Blocked directly by APC (Avira Protection Cloud)
Malware Pack: 45 out of 168.
Execution: Some good, some not so good. On attacks, WithSecure defends itself well with DeepGuard.
Things get more complicated later on, when AlertaAgent is allowed to pass through and install itself quite deeply on the machine.
Then the malware with the Tank icon destroys parts of the system, and a RAT (MSBuilder.exe) passes through without blocking (but disappears on reboot).
SOS: F-Secure failed to scan the machine, malware killed the scan...
NPE: 4
KVRT: 2
It ranks 7th because, although DeepGuard is excellent, it clearly lacks a few rules to protect effectively against large malware, especially signed malware.
It's a shame.
The product is presented as an agent to be installed, and features a fairly simple panel.
It clearly follows the F-Secure nomenclature: it can be configured both online and locally!
URL: 10/10 - WithSecure blocks all links
Fake crack: 1/1 - Blocked directly by APC (Avira Protection Cloud)
Malware Pack: 45 out of 168.
Execution: Some good, some not so good. On attacks, WithSecure defends itself well with DeepGuard.
Things get more complicated later on, when AlertaAgent is allowed to pass through and install itself quite deeply on the machine.
Then the malware with the Tank icon destroys parts of the system, and a RAT (MSBuilder.exe) passes through without blocking (but disappears on reboot).
SOS: F-Secure failed to scan the machine, malware killed the scan...
NPE: 4
KVRT: 2
It ranks 7th because, although DeepGuard is excellent, it clearly lacks a few rules to protect effectively against large malware, especially signed malware.
It's a shame.
DeepInstinct is a well-known and popular enterprise antivirus.
Its agent has no settings: everything is managed online!
I leave my settings.
Web: 8/10 - 2 infections passed
Fake crack: 0/1 - No files blocked!!!
Malware pack: Remains 42 out of 168.
Execution: DeepInstinct shines with its behavioral defenses and manages to avoid several attacks.
But this didn't last, as 2 malwares were installed, 1 of which clearly destroyed the system.
The system is dead...
It's in 6th place, a slackening at DeepInstinct? I'm disappointed!
Its agent has no settings: everything is managed online!
I leave my settings.
Web: 8/10 - 2 infections passed
Fake crack: 0/1 - No files blocked!!!
Malware pack: Remains 42 out of 168.
Execution: DeepInstinct shines with its behavioral defenses and manages to avoid several attacks.
But this didn't last, as 2 malwares were installed, 1 of which clearly destroyed the system.
The system is dead...
It's in 6th place, a slackening at DeepInstinct? I'm disappointed!
SentinelOne is DeepInstinct's direct competitor - same operation, same country of origin!
however, its Web interface is much more complete and rather complicated...
Web: 9/9 - a URL is dead
Fake crack: 1/1 - installation is blocked
Malware pack: Remains 45 out of 168
Execution: S1 does not show any analysis, I wait until there is no activity.
I start executing, S1 is reactive and protects me. But it's pretty weak on scripts. Although it blocks some, it lets a few through, which it will mitigate later.
But it will encounter the same malware as DeepInstinct, which will destroy the system.
It ranks 5th.
however, its Web interface is much more complete and rather complicated...
Web: 9/9 - a URL is dead
Fake crack: 1/1 - installation is blocked
Malware pack: Remains 45 out of 168
Execution: S1 does not show any analysis, I wait until there is no activity.
I start executing, S1 is reactive and protects me. But it's pretty weak on scripts. Although it blocks some, it lets a few through, which it will mitigate later.
But it will encounter the same malware as DeepInstinct, which will destroy the system.
It ranks 5th.
CylancePROTECT is BlackBerry's antivirus software, completely designed for the enterprise.
In this test, I install CylanceOptics, its EDR.
The settings are already predefined, on level 2.
Web: 8/9 - one malware missed.
Crack: 1/1 - Blocked
Malware Pack : Cylance doesn't scan, I'm forced to run.
During execution, Cylance scores very well, which I appreciate (even though it let Alerta through).
Unfortunately, a FileCoder ransomware will get through without any reaction from Cylance and encrypt the data.
If it had been blocked, I think Cylance would have won points.
It's ranked 4th, a fine improvement on my last test, but it still has some way to go!
In this test, I install CylanceOptics, its EDR.
The settings are already predefined, on level 2.
Web: 8/9 - one malware missed.
Crack: 1/1 - Blocked
Malware Pack : Cylance doesn't scan, I'm forced to run.
During execution, Cylance scores very well, which I appreciate (even though it let Alerta through).
Unfortunately, a FileCoder ransomware will get through without any reaction from Cylance and encrypt the data.
If it had been blocked, I think Cylance would have won points.
It's ranked 4th, a fine improvement on my last test, but it still has some way to go!
CrowndStrike Falcon is an enterprise-class antivirus program with an excellent reputation, but also a reputation for producing major bugs (BSODs in the enterprise).
No agent interface here! Everything is controlled online!
Default setting.
Web: 9/9 - a URL was dead
Crack: 1/1 - directly forbidden
Malware Pack: 39 out of 168
Execution: Falcon does very well and is very sharp on blocking!
It blocks the installation of Alerta, but will only be tricked by the malware into killing DeepInstinct and SentinelOne.
CrowndStrike attempts to repair the system, but is unable to restore it.
Pity.
He's 3rd
No agent interface here! Everything is controlled online!
Default setting.
Web: 9/9 - a URL was dead
Crack: 1/1 - directly forbidden
Malware Pack: 39 out of 168
Execution: Falcon does very well and is very sharp on blocking!
It blocks the installation of Alerta, but will only be tricked by the malware into killing DeepInstinct and SentinelOne.
CrowndStrike attempts to repair the system, but is unable to restore it.
Pity.
He's 3rd
Harmony is the enterprise antivirus from CheckPoint, publisher of ZoneAlarm.
It's also the antivirus I've had the most trouble with: it took me 3 attempts to get it to work, as well as a lengthy installation despite the fiber...
The settings have been customized, but are fairly close to the manufacturer's settings.
Web: 10/10 - everything was blocked
Crack: 1/1 - Dropped files were blocked.
Malware Pack: 19 out of 168
Execution: Harmony comes close to excellence in malware blocking!
2 files passed, including the malware that had made WithSecure suffer, although the attack was partially mitigated by the antivirus.
SOS :
Harmony: Unable to scan
NPE: 3
Although it did block, it will be 2nd. The malware prevents antivirus functions from working properly (scanning) and a script is passed through, although it is blocked by the Harmony firewall.
It's also the antivirus I've had the most trouble with: it took me 3 attempts to get it to work, as well as a lengthy installation despite the fiber...
The settings have been customized, but are fairly close to the manufacturer's settings.
Web: 10/10 - everything was blocked
Crack: 1/1 - Dropped files were blocked.
Malware Pack: 19 out of 168
Execution: Harmony comes close to excellence in malware blocking!
2 files passed, including the malware that had made WithSecure suffer, although the attack was partially mitigated by the antivirus.
SOS :
Harmony: Unable to scan
NPE: 3
Although it did block, it will be 2nd. The malware prevents antivirus functions from working properly (scanning) and a script is passed through, although it is blocked by the Harmony firewall.
Microsoft Defender does have a version for business! It already uses the architecture already present but offers a script so that we can benefit from it. He added several rules but also an EDR, which I will test.
Web : 9/9 - a URL is dead
Crack : 1/1 - the installation is blocked
Malware Pack: Remains 17 out of 168 Execution: Microsoft Defender clearly has the best engine in this test! It avoids all the traps that I set for it, the PUBLISHER and the Cloud also block me from malware during execution! Only Alerta passes.
SOS: Microsoft Defender does not detect anything.
NPE detects 4 files that are not active, easily deletable.
He more than deserves his 1st place!
Web : 9/9 - a URL is dead
Crack : 1/1 - the installation is blocked
Malware Pack: Remains 17 out of 168 Execution: Microsoft Defender clearly has the best engine in this test! It avoids all the traps that I set for it, the PUBLISHER and the Cloud also block me from malware during execution! Only Alerta passes.
SOS: Microsoft Defender does not detect anything.
NPE detects 4 files that are not active, easily deletable.
He more than deserves his 1st place!
All the tests are over.
The final will oppose Microsoft Defender against ESET Smart Security
The final will oppose Microsoft Defender against ESET Smart Security
See you on January 31st for the final!
Can't see why ordinary users would bother.
