Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Shadowra's Big Comparative - Episode 3 Entreprise Antivirus
Message
<blockquote data-quote="Shadowra" data-source="post: 1115882" data-attributes="member: 92939"><p>In this video, we compare 7 entreprise antivirus programs.</p><p>The aim is to see how effective they are, and rank them from worst to best.</p><p></p><p>Please note:</p><p></p><p>- the antiviruses are already ranked in the video, I've taken into account Web blocking, the reaction to an attack, my malware pack and how the antivirus will defend itself.</p><p>- Please be courteous and respect my ranking. Filming took over 9 hours and 2 hours of preparation.</p><p>- The final episode will pit 2 antiviruses against each other.</p><p>- personal information was hidden on the panel of these antivirus programs. some of them didn't belong to me. Many thanks to [USER=51448]@kamiloxf[/USER] , who supplied me with most of the antivirus software I tested!</p><p>- all antivirus are default, I've only activated IF NECESSARY some options that the editor hasn't activated (heuristics, PUP detection etc.)</p><p>- the protocol is the same.</p><p></p><p>[MEDIA=odysee]id=71d3d49150c5cf2643461e840270ec4e7e8a4ee7;name=Shadowra%2527s-Big-Comparative---Episode-3-Entreprise-Antivirus;path=%40Shadowra%3Af%2FShadowra%2527s-Big-Comparative---Episode-3-Entreprise-Antivirus%3A7[/MEDIA]</p><p></p><p>[SPOILER="WithSecure"]</p><p>WithSecure is the Enterprise version of F-Secure.</p><p>The product is presented as an agent to be installed, and features a fairly simple panel.</p><p>It clearly follows the F-Secure nomenclature: it can be configured both online and locally!</p><p></p><p>URL: 10/10 - WithSecure blocks all links</p><p>Fake crack: 1/1 - Blocked directly by APC (Avira Protection Cloud)</p><p>Malware Pack: 45 out of 168.</p><p></p><p>Execution: Some good, some not so good. On attacks, WithSecure defends itself well with DeepGuard.</p><p>Things get more complicated later on, when AlertaAgent is allowed to pass through and install itself quite deeply on the machine.</p><p>Then the malware with the Tank icon destroys parts of the system, and a RAT (MSBuilder.exe) passes through without blocking (but disappears on reboot).</p><p></p><p>SOS: F-Secure failed to scan the machine, malware killed the scan...</p><p>NPE: 4</p><p>KVRT: 2</p><p></p><p>It ranks 7th because, although DeepGuard is excellent, it clearly lacks a few rules to protect effectively against large malware, especially signed malware.</p><p>It's a shame.</p><p> [/SPOILER]</p><p></p><p>[SPOILER="DeepInstinct"] </p><p>DeepInstinct is a well-known and popular enterprise antivirus.</p><p>Its agent has no settings: everything is managed online!</p><p>I leave my settings.</p><p></p><p>Web: 8/10 - 2 infections passed</p><p>Fake crack: 0/1 - No files blocked!!!</p><p>Malware pack: Remains 42 out of 168.</p><p></p><p>Execution: DeepInstinct shines with its behavioral defenses and manages to avoid several attacks.</p><p>But this didn't last, as 2 malwares were installed, 1 of which clearly destroyed the system.</p><p>The system is dead...</p><p></p><p>It's in 6th place, a slackening at DeepInstinct? I'm disappointed!</p><p> [/SPOILER]</p><p></p><p>[SPOILER="SentinelOne"] </p><p>SentinelOne is DeepInstinct's direct competitor - same operation, same country of origin!</p><p>however, its Web interface is much more complete and rather complicated...</p><p></p><p>Web: 9/9 - a URL is dead</p><p>Fake crack: 1/1 - installation is blocked</p><p>Malware pack: Remains 45 out of 168</p><p></p><p>Execution: S1 does not show any analysis, I wait until there is no activity.</p><p>I start executing, S1 is reactive and protects me. But it's pretty weak on scripts. Although it blocks some, it lets a few through, which it will mitigate later.</p><p>But it will encounter the same malware as DeepInstinct, which will destroy the system.</p><p></p><p>It ranks 5th.</p><p> [/SPOILER]</p><p></p><p>[SPOILER="CylancePROTECT"] </p><p>CylancePROTECT is BlackBerry's antivirus software, completely designed for the enterprise.</p><p>In this test, I install CylanceOptics, its EDR.</p><p>The settings are already predefined, on level 2.</p><p></p><p>Web: 8/9 - one malware missed.</p><p>Crack: 1/1 - Blocked</p><p>Malware Pack : Cylance doesn't scan, I'm forced to run.</p><p>During execution, Cylance scores very well, which I appreciate (even though it let Alerta through).</p><p>Unfortunately, a FileCoder ransomware will get through without any reaction from Cylance and encrypt the data.</p><p>If it had been blocked, I think Cylance would have won points.</p><p></p><p>It's ranked 4th, a fine improvement on my last test, but it still has some way to go!</p><p> [/SPOILER]</p><p></p><p>[SPOILER="CrowndStrike"] </p><p>CrowndStrike Falcon is an enterprise-class antivirus program with an excellent reputation, but also a reputation for producing major bugs (BSODs in the enterprise).</p><p>No agent interface here! Everything is controlled online!</p><p>Default setting.</p><p></p><p>Web: 9/9 - a URL was dead</p><p>Crack: 1/1 - directly forbidden</p><p>Malware Pack: 39 out of 168</p><p></p><p>Execution: Falcon does very well and is very sharp on blocking!</p><p>It blocks the installation of Alerta, but will only be tricked by the malware into killing DeepInstinct and SentinelOne.</p><p>CrowndStrike attempts to repair the system, but is unable to restore it.</p><p>Pity.</p><p></p><p>He's 3rd</p><p> [/SPOILER]</p><p></p><p>[SPOILER="CheckPoint - Harmony"] </p><p>Harmony is the enterprise antivirus from CheckPoint, publisher of ZoneAlarm.</p><p>It's also the antivirus I've had the most trouble with: it took me 3 attempts to get it to work, as well as a lengthy installation despite the fiber...</p><p></p><p>The settings have been customized, but are fairly close to the manufacturer's settings.</p><p></p><p>Web: 10/10 - everything was blocked</p><p>Crack: 1/1 - Dropped files were blocked.</p><p>Malware Pack: 19 out of 168</p><p></p><p>Execution: Harmony comes close to excellence in malware blocking!</p><p>2 files passed, including the malware that had made WithSecure suffer, although the attack was partially mitigated by the antivirus.</p><p></p><p>SOS :</p><p></p><p>Harmony: Unable to scan</p><p>NPE: 3</p><p></p><p>Although it did block, it will be 2nd. The malware prevents antivirus functions from working properly (scanning) and a script is passed through, although it is blocked by the Harmony firewall.</p><p>[/SPOILER]</p><p></p><p>[SPOILER="Microsoft Defender - Business"] Microsoft Defender does have a version for business! It already uses the architecture already present but offers a script so that we can benefit from it. He added several rules but also an EDR, which I will test. </p><p></p><p>Web : 9/9 - a URL is dead </p><p></p><p>Crack : 1/1 - the installation is blocked </p><p></p><p>Malware Pack: Remains 17 out of 168 Execution: Microsoft Defender clearly has the best engine in this test! It avoids all the traps that I set for it, the PUBLISHER and the Cloud also block me from malware during execution! Only Alerta passes.</p><p></p><p> SOS: Microsoft Defender does not detect anything. </p><p>NPE detects 4 files that are not active, easily deletable. </p><p></p><p>He more than deserves his 1st place! [/SPOILER]</p><p></p><p>[SPOILER="And Part 4 ?"] </p><p>All the tests are over.</p><p>The final will oppose Microsoft Defender against ESET Smart Security <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p> [/SPOILER]</p><p></p><p>See you on January 31st for the final! <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /></p></blockquote><p></p>
[QUOTE="Shadowra, post: 1115882, member: 92939"] In this video, we compare 7 entreprise antivirus programs. The aim is to see how effective they are, and rank them from worst to best. Please note: - the antiviruses are already ranked in the video, I've taken into account Web blocking, the reaction to an attack, my malware pack and how the antivirus will defend itself. - Please be courteous and respect my ranking. Filming took over 9 hours and 2 hours of preparation. - The final episode will pit 2 antiviruses against each other. - personal information was hidden on the panel of these antivirus programs. some of them didn't belong to me. Many thanks to [USER=51448]@kamiloxf[/USER] , who supplied me with most of the antivirus software I tested! - all antivirus are default, I've only activated IF NECESSARY some options that the editor hasn't activated (heuristics, PUP detection etc.) - the protocol is the same. [MEDIA=odysee]id=71d3d49150c5cf2643461e840270ec4e7e8a4ee7;name=Shadowra%2527s-Big-Comparative---Episode-3-Entreprise-Antivirus;path=%40Shadowra%3Af%2FShadowra%2527s-Big-Comparative---Episode-3-Entreprise-Antivirus%3A7[/MEDIA] [SPOILER="WithSecure"] WithSecure is the Enterprise version of F-Secure. The product is presented as an agent to be installed, and features a fairly simple panel. It clearly follows the F-Secure nomenclature: it can be configured both online and locally! URL: 10/10 - WithSecure blocks all links Fake crack: 1/1 - Blocked directly by APC (Avira Protection Cloud) Malware Pack: 45 out of 168. Execution: Some good, some not so good. On attacks, WithSecure defends itself well with DeepGuard. Things get more complicated later on, when AlertaAgent is allowed to pass through and install itself quite deeply on the machine. Then the malware with the Tank icon destroys parts of the system, and a RAT (MSBuilder.exe) passes through without blocking (but disappears on reboot). SOS: F-Secure failed to scan the machine, malware killed the scan... NPE: 4 KVRT: 2 It ranks 7th because, although DeepGuard is excellent, it clearly lacks a few rules to protect effectively against large malware, especially signed malware. It's a shame. [/SPOILER] [SPOILER="DeepInstinct"] DeepInstinct is a well-known and popular enterprise antivirus. Its agent has no settings: everything is managed online! I leave my settings. Web: 8/10 - 2 infections passed Fake crack: 0/1 - No files blocked!!! Malware pack: Remains 42 out of 168. Execution: DeepInstinct shines with its behavioral defenses and manages to avoid several attacks. But this didn't last, as 2 malwares were installed, 1 of which clearly destroyed the system. The system is dead... It's in 6th place, a slackening at DeepInstinct? I'm disappointed! [/SPOILER] [SPOILER="SentinelOne"] SentinelOne is DeepInstinct's direct competitor - same operation, same country of origin! however, its Web interface is much more complete and rather complicated... Web: 9/9 - a URL is dead Fake crack: 1/1 - installation is blocked Malware pack: Remains 45 out of 168 Execution: S1 does not show any analysis, I wait until there is no activity. I start executing, S1 is reactive and protects me. But it's pretty weak on scripts. Although it blocks some, it lets a few through, which it will mitigate later. But it will encounter the same malware as DeepInstinct, which will destroy the system. It ranks 5th. [/SPOILER] [SPOILER="CylancePROTECT"] CylancePROTECT is BlackBerry's antivirus software, completely designed for the enterprise. In this test, I install CylanceOptics, its EDR. The settings are already predefined, on level 2. Web: 8/9 - one malware missed. Crack: 1/1 - Blocked Malware Pack : Cylance doesn't scan, I'm forced to run. During execution, Cylance scores very well, which I appreciate (even though it let Alerta through). Unfortunately, a FileCoder ransomware will get through without any reaction from Cylance and encrypt the data. If it had been blocked, I think Cylance would have won points. It's ranked 4th, a fine improvement on my last test, but it still has some way to go! [/SPOILER] [SPOILER="CrowndStrike"] CrowndStrike Falcon is an enterprise-class antivirus program with an excellent reputation, but also a reputation for producing major bugs (BSODs in the enterprise). No agent interface here! Everything is controlled online! Default setting. Web: 9/9 - a URL was dead Crack: 1/1 - directly forbidden Malware Pack: 39 out of 168 Execution: Falcon does very well and is very sharp on blocking! It blocks the installation of Alerta, but will only be tricked by the malware into killing DeepInstinct and SentinelOne. CrowndStrike attempts to repair the system, but is unable to restore it. Pity. He's 3rd [/SPOILER] [SPOILER="CheckPoint - Harmony"] Harmony is the enterprise antivirus from CheckPoint, publisher of ZoneAlarm. It's also the antivirus I've had the most trouble with: it took me 3 attempts to get it to work, as well as a lengthy installation despite the fiber... The settings have been customized, but are fairly close to the manufacturer's settings. Web: 10/10 - everything was blocked Crack: 1/1 - Dropped files were blocked. Malware Pack: 19 out of 168 Execution: Harmony comes close to excellence in malware blocking! 2 files passed, including the malware that had made WithSecure suffer, although the attack was partially mitigated by the antivirus. SOS : Harmony: Unable to scan NPE: 3 Although it did block, it will be 2nd. The malware prevents antivirus functions from working properly (scanning) and a script is passed through, although it is blocked by the Harmony firewall. [/SPOILER] [SPOILER="Microsoft Defender - Business"] Microsoft Defender does have a version for business! It already uses the architecture already present but offers a script so that we can benefit from it. He added several rules but also an EDR, which I will test. Web : 9/9 - a URL is dead Crack : 1/1 - the installation is blocked Malware Pack: Remains 17 out of 168 Execution: Microsoft Defender clearly has the best engine in this test! It avoids all the traps that I set for it, the PUBLISHER and the Cloud also block me from malware during execution! Only Alerta passes. SOS: Microsoft Defender does not detect anything. NPE detects 4 files that are not active, easily deletable. He more than deserves his 1st place! [/SPOILER] [SPOILER="And Part 4 ?"] All the tests are over. The final will oppose Microsoft Defender against ESET Smart Security :) [/SPOILER] See you on January 31st for the final! :D [/QUOTE]
Insert quotes…
Verification
Post reply
Top
