mekelek

Level 28
You just did in your previous post. You said it's a 'huge downgrade from Trend Micro'. It's the Advanced version that's has the free offer now. The Essential version free offer finished weeks ago.
having a ransomware module won't solve the issues i listed above, sure it helps when you got fed up with FPs and you allow a ransomware, but it won't help with actual malware.
Trend Micro has a similar approach to Panda, where unknown samples get blocked from execution, but 90% of the times Trend Micro has a reason to block/delete the sample(most of the times sigs)
 
  • Like
Reactions: ZeroDay

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
"unknown application, allow or deny" makes Panda work like another Windows smartscreen :D
same for avast's hardened mode and KIS's TAM

so it will probably allow a previously blocked file to run after a few days when they complete the analysis of that file on their server
the problem is Panda may not have a large number of users so it would take longer and sometimes forever

it's good as a default-deny protection when we obey the recommended option but if we click allow, we may be in trouble because panda isn't the best at signatures and BB

the web filter and that "unknown application, allow or deny" make panda always scoring 100% but in exchange of FPs of new files

same problem with windows smartscreen but with less FPs
 
Last edited:

mekelek

Level 28
"unknown application, allow or deny" makes Panda work like another Windows smartscreen :D
same for avast's hardened mode and KIS's TAM

so it will probably allow a previously blocked file to run after a few days when they complete the analysis of that file on their server
the problem is Panda may not have a large number of users so it would take longer and sometimes forever

it's good as a default-deny protection when we obey the recommended option but if we click allow, we may be in trouble because panda isn't the best at signatures and BB

the web filter and that "unknown application, allow or deny" make panda always scoring 100% but in exchange of FPs of new files

same problem with windows smartscreen but with less FPs
recommended option? Panda gives you none.
 
  • Like
Reactions: Evjl's Rain

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
recommended option? Panda gives you none.
I think when they show that message, it means the file is not seen in their database so it's better to click deny "temporarily"
comeback 2 days after and run it again, still blocked ->> hmm.. -> ok, 2 more days -> blocked -> forget it

Panda should make the Deny option as default

average users are usually scared of those messages so they may click Deny but some reckless users will click Allow :)

my dad got a blocked message from avast's hardened mode and he was scared to allow it
 

mekelek

Level 28
I think when they show that message, it means the file is not seen in their database so it's better to click deny "temporarily"
comeback after 2 days and run it again

Panda should make the Deny option as default
it's a blue window, with no explanation other than "this is unknown"
no signs of it being dangerous or making sure the user clicks deny.

TAM has a huge userbase and KSN to back it
Smartscreen same

a default deny option like this makes sense if you have a big userbase but looking at the signatures, Panda doesn't seem to have a big one.
 
  • Like
Reactions: Evjl's Rain

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
it's a blue window, with no explanation other than "this is unknown"
no signs of it being dangerous or making sure the user clicks deny.

TAM has a huge userbase and KSN to back it
Smartscreen same

a default deny option like this makes sense if you have a big userbase but looking at the signatures, Panda doesn't seem to have a big one.
I agree
but if the users have some experience with computer, it might be beneficial for them like uninfected1. He can handle it. He doesn't have to install a separate anti-exe
However, definitely not recommend it to average users

Antivirus Maker Forced to Pay Damages to Infected User
 
D

Deleted Member 3a5v73x

The problem is.. Some people always think their opinions overrule the opinions and experiences of others beyond levels of acceptable discourse which leads to an argumentative and disruptive atmosphere on forums. Intelligent, mature people always paraphrase with 'In my opinion' or 'in my experience' to avoid projecting the false conception they are working on a framework based on absolutes.
I believe healthy and constructive criticism is always good when comparing different AV suites, just have to provide true facts so new users don't get misinformed, because reviews and opinions differ, but tech info about particular modules/protection mechanisms don't. The never ending question "which is the best av?" will still remain, until users will start to realise that 30day trials are there for a reason, for a user to chose in that period if particular AV fits hes needs or not.
 
D

Deleted member 178

Just out of interest Umbra, what would your recommendation be for the OP then? Would it by any chance begin with 'E' and end in 'T' (and I don't mean Eset)? :D
it could ^^
More seriously, most "classic" members here will never encounter serious malware nor they will get attacked by Neo or some NSA, CIA, FSB, SHIELD, Hydra and other alphabetized agencies.
However they may encounter PUPs, adware downloaders, weak trojans/loggers, basic ransomware, etc...

Windows built-in security (WD, WF, Smartscreen, UAC, etc..) on SUA is good enough for 95% of users but most importantly learning not to happy-click on every links they got.

Then if needed, they may add some default-deny/post-exploitation (anti-exe, etc...) softs or sandbox/light virtualization applications (shadow defender, sandboxie, etc...) to cover some attack vectors.
 
I always found ESET to be one of the lightest in terms of system responsiveness from my experience. Of course it will differ between environment and hardware resources though, and won't be the same necessarily for everyone else.
and the best when it come to false positives tests
 
Where's the dislike button when you need it LOL?

As I've said to you before, it wouldn't matter if it was the best security suite ever, you would still find fault with it. You call yourself a tester yet you freely admitted on a previous thread that you would be looking to find fault with it even before you'd tried it, hardly the open minded approach of any tester worth their salt. You also criticised Panda Dome Essential for not having ransomware protection.This advanced version has, but no doubt you will find other things to moan about, possibly the time it takes to decide whether or not something is malicious, or maybe the free trial conditions, as you have done in the past.

Just out of interest, what do you think of the Dome firewall? Those who have tested it here such as @Slyguy think it's outstanding and one of the best ever.
for me, I've always looked to the company's history breach and politics before considering buying their products, I think and its only a deduction that trend is good in web protection because they have a huge network of web threats analysis ,and dont forget that the web is n1 of threats source
 

mekelek

Level 28
Avira heuristique mode , trend micro has "hypersensitive" and max security and avast it has the hardned mode but in the first topic of MHB they ask testers to use default settings
View attachment 187472
View attachment 187473
I have tested with TM's hypersensitive mode, it didn't make much difference
same goes with Avira's AHeAD

tho yes, both are not used in the tests, they don't really mean that much like some modules in other AVs.
like in Avast hardened mode options can mean a lot
 
D

Deleted member 65228

and the best when it come to false positives tests
Source? Do you have any evidence to back this statement up?

From my experience, I've rarely experienced false positives with ESET. Primarily because I don't go around downloading and installing random software packages, but stick to a few reputable ones only.

To me, as long as the security solution is not consistently flagging clean and reputable software as malicious (and is handling false positive submissions in a timely fashion), and the false positive detection ratio is not MASSIVE, I simply will not care about the false detection ratio. I'd rather the security solution flags new binaries which appear suspicious and stand out compared to those from a majority of clean and reputable software packages than simply ignore it just because there was not a specific reason to flag it as definitively "malicious" . Why? In my opinion, it keeps you more alert and if the detection really is false positive then you'd be able to investigate it.

You need to remember that if there was never a false positive, the detection ratio for malicious binaries would also be decreased. In my opinion, for a novice user who is likely not going to be genuinely looking for lesser-known software, it will be in their best interest for unknown, non-reputable or "suspicious-looking" binaries to be flagged, regardless of whether the product knows it is "definitely malicious" or not.

We can agree to disagree, it doesn't matter.
 
  • Like
Reactions: mekelek and upnorth

mekelek

Level 28
Source? Do you have any evidence to back this statement up?

From my experience, I've rarely experienced false positives with ESET. Primarily because I don't go around downloading and installing random software packages, but stick to a few reputable ones only.

To me, as long as the security solution is not consistently flagging clean and reputable software as malicious (and is handling false positive submissions in a timely fashion), and the false positive detection ratio is not MASSIVE, I simply will not care about the false detection ratio. I'd rather the security solution flags new binaries which appear suspicious and stand out compared to those from a majority of clean and reputable software packages than simply ignore it just because there was not a specific reason to flag it as definitively "malicious" . Why? In my opinion, it keeps you more alert and if the detection really is false positive then you'd be able to investigate it.

You need to remember that if there was never a false positive, the detection ratio for malicious binaries would also be decreased. In my opinion, for a novice user who is likely not going to be genuinely looking for lesser-known software, it will be in their best interest for unknown, non-reputable or "suspicious-looking" binaries to be flagged, regardless of whether the product knows it is "definitely malicious" or not.

We can agree to disagree, it doesn't matter.
I agree, ESET has barely any FPs, their sigs are fast and accurate.
 
  • Like
Reactions: roger_m and upnorth