[split] Using Emsisoft as companion

[havok]

normally except if you use the version with Avira engine.

but Baidu is still in Beta. i will test its final version.

Using ESS with a companion AV doesn't make too much sense to me. Could be a lot better using EAV -NOD 32 - plus a 3d party firewall Online Armor or Comodo ( problem with ESS is firewall, not AV ) and something like Emsisoft as on demand scanner - second opinion -
At the moment I'm running Emsisoft IS - EAM + OAP - but it could be I'll switch to EAV +OAP (or Comodo) + EAM (second opinion) . Of course is required to disable EAV HIPS

 

[Deleted member 178]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

I dont see much problem yet with ESET firewall module, what are they?

 

[havok]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

I dont see much problem yet with ESET firewall module, what are they?

Well I'm not really talking about something specific. But ESET firewall has never been a top notch one. Same problem with Avira...though I guess ESET firewall is better than Avira. Both are focused on AV -excellent - then they added a firewall just to make "Suite"..
I guess you agree that Emsisoft or Comodo HIPS are better than Eset (or Avira) HIPS

 

[Deleted member 178]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

I guess you agree that Emsisoft or Comodo HIPS are better than Eset (or Avira) HIPS

yes sure, but an HIPS is not part of a firewall. i found ESET FW quite good for the moment.

 

[havok]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

I guess you agree that Emsisoft or Comodo HIPS are better than Eset (or Avira) HIPS

yes sure, but an HIPS is not part of a firewall.

i found ESET FW quite good for the moment.

Well that could be questionable. At the end it depends from company. For example if you want Emsisoft HIPS you must use their firewall, with ESET instead you get HIPS on EAV as well

Yes ESET FW is quite good to me too. I'm just saying is not a top notch one. And it's shareware . And is always a problem when you can get for free something better

 

[Deleted member 178]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

I meant an HIPS is not a specific firewall module, but a feature that some vendors find more suitable to put it in a FW.

 

[havok]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

I meant an HIPS is not a specific firewall module, but a feature that some vendors find more suitable to put it in a FW.

I guess we are just saying something similar in different ways...
BTW I'm running Hitman pro and MBAM as second opinion. What I really don't like about MBAM is option to re-scan quarantined items is missing. Once an item is quarantined there is no way to know if is a false positive or not unless submitting to lab...I wrote also in MBAM forum ages ago asking for this and a company manager replied " I'm interested too in this feature. I'll report this to developers...", but till now they didn't managed, I don't know why.
So I'm looking for a great on demand scanner (second opinion) with re-scan quarantined items option to replace MBAM. Any suggestion ?

 

[Deleted member 178]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

If you use Emsisoft AM, you don't need a 2nd opinion, when an item is quarantined, you can let it there for a while, then later, if it is considered as an FP by Emsisoft, you will have a popup that tell you it's an FP and if you allow EAM to restore it to its original location.

 

[havok]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

If you use Emsisoft AM, you don't need a 2nd opinion, when an item is quarantined, you can let it there for a while, then later, if it is considered as an FP by Emsisoft, you will have a popup that tell you it's an FP and if you allow EAM to restore it to its original location.

Ya I know that. Problem is MBAM sometimes find "threats" that are not detected by EAM. So in that case I don't know what to do - unless I know the file\s of course.
And that's why I'm thinking about make the switch to NOD 32 (HIPS disabled) + OAP and using EAM as second opinion

 

[Deleted member 178]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

anyway when you find an "unknown" supposed threat, just submit it

 

[havok]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

anyway when you find an "unknown" supposed threat, just submit it

Ya I could do that. But I'm also thinking about switch to NOD 32 (HIPS disabled) + OAP and using EAM as second opinion. In this way I could quarantine every unknown threats with no problem

 

[Deleted member 178]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

I used this kind of combo before with EAM set as companion RT AV, it works very well. Now i testing ESET SS fully (especially its HIPS); but later i will go back to OAP, i dont want waste my license of it ^^

 

[havok]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

I used this kind of combo before with EAM set as companion RT AV, it works very well. Now i testing ESET SS fully (especially its HIPS); but later i will go back to OAP, i dont want waste my license of it ^^

Ya you made some reviews on that...I think I'll definitely give a try to this combo. Just 1 question : EAV got his own antiphising and some kind of web protection, is it required to disable OAP web shield (I don't think so...) ?

 

[Deleted member 178]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

Just 1 question : EAV got his own antiphising and some kind of web protection, is it required to disable OAP web shield (I don't think so...) ?

No need, they work differently. At worst you may have a slight browsing slowdown.

 

[havok]

RE: ESS + Kingsoft Antivirus - What Exclusion i need to do

Just 1 question : EAV got his own antiphising and some kind of web protection, is it required to disable OAP web shield (I don't think so...) ?

No need, they work differently. At worst you may have a slight browsing slowdown.

Big problem...I installed EAV 6 and made settings for both EAV and EAM "max compatibility" and added exclusions for each other. At first restart I got only EAV and OAP icons in taskbar (No EAM) At second startup PC freezed at EAV loading..I had to restart in safe mode and disable EAV automatic startup. Right now I'm running just EAM + OAP both real time EAV is turned off- It looks there are conflict with EAV + OAP + EAM all real time. I think I'll disable EAM startup and real time and I'll use it as on demand scanner only. And keeping EAV + OAP both real time, though I guess EAM provides better real time protection than EAV..Any suggestion ?

 

[Deleted member 178]

did you set EAM file guard as "scan before they are executed"?

 

[havok]

did you set EAM file guard as "scan before they are executed"?

yes but always problem.I also tried with EAV startup disabled but always problem . Windows frezze during startup loading...I restarted in safe mode and removed (uninstall) EAV . Now everything is fine OAP +EAM real time. It looks there were conflict with some EAV drivers or services Or perhaps a wrong installation..not sure

 

[Deleted member 178]

I also get back to EAM + OAP and i added Webroot SA (my old combo before trying ESET)

 

[havok]

I also get back to EAM + OAP and i added Webroot SA (my old combo before trying ESET)

Not sure I understood.. You got EAM + OAP real time and added Webroot ( Complete? Antivirus?) as second opinion ( No real time) or Webroot as well is RT ?
For me EAM + OAP real time are enough. I'm just looking for a good prog as on demand scanner with re-scan quarantined items option to replace MBAM - Till now I don't understand why they don't add that feature in MBAM...unless they know the prog catches some false positive

 

[Deleted member 178]

Not sure I understood.. You got EAM + OAP real time and added Webroot ( Complete? Antivirus?) as second opinion ( No real time) or Webroot as well is RT ?

Yes, Webroot complete as companion. (it was made for that)
another reason is i am a closed-beta tester for Webroot ^^

For me EAM + OAP real time are enough.

Webroot has a unique feature:

Infection rollback:

WSA during installation take a snapshot of your system.

When WSA detect a suspicious item, WSA will "allow" it then monitor it (opposed to brutal deletion by other solutions); this item will be unable to connect internet and will have very limited access to important files/functions of your system.

Then later if this item is finally flagged as malicious; all action done by it is reversed by WSA, if the Item is clean then it will have normal access.

This feature is very different than other solutions, even some test labs (AV-Comparative) have said that their testing methodology can't be applied to WSA due to this feature and the way WSA works.

Mostly WSA is misunderstood by average user (who live by detection rate only) claiming that it is a weak solution.