Battle SONAR vs CyberCapture vs KSN

Compare list
AVAST CyberCapture
Norton/Symantec SONAR
Kasperksy KSN


Staff Member
Malware Hunter
Apr 28, 2015
Well, Sonar blocks or consider as "malware" almost any file that is unknown or with bad reputation (not being actually malware), I can see this behavior when I run NPE in my tests... this way it is very easy to block 0 day, but also to get fps...

KSN + K with Application Control (in defaults), if unknown -> the file executes in Low Restricted, but still most of the cases the app will run...

It's impossible to compare those services, because are not the same! :)


Level 4
Oct 6, 2021
Sonar with GDATA's BB and Kaspersky are the best on the market, in my opinion. About the three protections above, I get Kaspersky in first place, Kaspersky is the father of security... sonar second, , Avast is weak, I don't like the ones from this company, their focus is not always on security but on profit with data from users sold to third parties, like Chinese antivirus


Level 35
Top Poster
Content Creator
Jun 24, 2016
I guess it depends in what you need.

Aforementioned, Norton's SONAR is very powerful, but very sensitive. With higher false positives, it offers higher protection rates. Any suspicious activity usually triggers it. As well, Norton Insight is very helpful in matters of helping you identify the origin and safety of a file.

Unlike SONAR, Kaspersky Security Network IS NOT a behaviour blocker. KSN is a cloud service which uses data and information retrieved from its users to build a complex threat database. The proper module to compare SONAR with is System Watcher. Both look after suspicious activity within files to classify them as either malicious or safe. This module is very efficient and smart, a bit more precise than Norton's, therefore with fewer false positives, which of course may lead to one or two misses. Anyways, Kaspersky's System Watcher ain't the strong point about the product, but the addition of it with KSN and Application Control.

Finally, Avast's CyberCapture is decent enough, but it's not as smart as it should be, considering their huge database. Avast's biggest strength are their signatures due to the amount of users they possess, and the amount of data they can gather. I'd say Avast's strong point is Hardened Mode and Sandbox (paid only).

I hope this helps.

Evjl's Rain

Level 47
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
they are not the same so it's hard and unfair to compare
in my opinion, it's more fair to compare:
1/ Blocking unknown programs (most powerful components):
- Norton's download insight - Very strong
- Avast hardened mode aggressive and CyberCapture - Super strong but not blocking msi and scripts
- Kaspersky' application control, set to block unknown programs (data from KSN) -> most restricted, almost non-bypassable

2/ behavior blocker:
- SONAR (behavior part) - strong
- avast's behavior shield - average
- Kaspersky's system watcher - strong

3/ cloud database:
- SONAR (cloud part) - okay
- Avast's reputation services and maybe CyberCapture - average
- KSN - okay

in overall, in terms of effectiveness and consistency, I rate Kaspersky better than the others.
I saw some PCs protected by Norton infected by simple malwares, including my PC -> I don't rate Norton
I also saw several Kaspersky PCs got infected heavily by Chinese PUPs, adwares in default settings, before the time Kaspersky enabled PUP detection
I haven't seen many PCs with Avast, but at least none of them got infected

Default protection: Kaspersky > Norton > Avast
Unleash full potential with settings and support tools: Kaspersky > Avast > Norton
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.