Q&A Suites with Proven Behavior Blockers that you Trust and Recommend

Nevi

Level 9
Verified
Well-known
Apr 7, 2016
423
I'm thinking Emsisoft, Kaspersky and Norton when I think good BB. Webroot actually have a great BB too, but should probably be used with a more solid antivirus. But WSA's BB is buildt on Prev X, and that was a great product. So an effective combo would probably be best.
Regarding Esets new BB, I think it's too early to tell how effective it is. But if it's good, we ought to see it soon in the different tests.
 
Last edited:

Andrew3000

Level 10
Verified
Malware Tester
Well-known
Feb 8, 2016
460
For Eset BB:

Link: ESET Internet Security | ESET Internet Security | ESET Online Help
Got to: Working with Eset internet security > Host-based Intrusion Prevention System (HIPS)
216361
 

RoboMan

Level 34
Verified
Top poster
Content Creator
Well-known
Jun 24, 2016
2,338
Goodmorning, did you get a chance to test ?
I couldn't, and I don't know why. I can't get VirtualBox to work, the very first moment I try to boot the VM (the one I have or a new one) it crashed And Windows Sandbox won't work either, super weird.
 

Wraith

Level 13
Verified
Top poster
Well-known
Aug 15, 2018
634
Kaspersky Internet Security has the BEST BB till date. Other suites with good BB include Emsisoft, BitDefender and AVG/Avast. BitDefender, depending on your luck, can be buggy for you or may run as smooth as butter. Emsisoft BB fails when ransomware use LoLBins to encrypt files(specially cmd). AVG/Avast Identity Protection offers good protection. Kaspersky System Watcher is the best one I have found. But honestly, all those behaviour blockers will eventually fail at some point or other just like signature based AV's. Still then an AV with a good BB can stop a large number of threats. No matter what suite you use, always keep an up-to-date BACKUP(offline-disconnected from PC). This is the only thing that can save you in case of a catastrophe.
SIDE NOTE: ESET has made an improvement to their BB. It can now block ransom like behaviour with its BB.
216389
 

blackice

Level 36
Verified
Top poster
Well-known
Apr 1, 2019
2,523
Kaspersky Internet Security has the BEST BB till date. Other suites with good BB include Emsisoft, BitDefender and AVG/Avast. BitDefender, depending on your luck, can be buggy for you or may run as smooth as butter. Emsisoft BB fails when ransomware use LoLBins to encrypt files(specially cmd). AVG/Avast Identity Protection offers good protection. Kaspersky System Watcher is the best one I have found. But honestly, all those behaviour blockers will eventually fail at some point or other just like signature based AV's. Still then an AV with a good BB can stop a large number of threats. No matter what suite you use, always keep an up-to-date BACKUP(offline-disconnected from PC). This is the only thing that can save you in case of a catastrophe.
SIDE NOTE: ESET has made an improvement to their BB. It can now block ransom like behaviour with its BB.
View attachment 216389
Is that warning different than when an advanced HIPS rule stops something?
 

Wraith

Level 13
Verified
Top poster
Well-known
Aug 15, 2018
634
I just got home so I tested attempting to open powershell since I have it blocked with HIPS. It is different in fact.View attachment 216410
Oh by advanced HIPS you meant the custom HIPS rules. Yes the custom HIPS alerts are different from the alert by the BB I posted.

Is HIPS part of EIS+, incorporated into firewall? Or is it also part of NOD 32?
HIPS is different from the firewall. NOD32 has the HIPS component but misses out on the firewall.
 

Mahesh Sudula

Level 17
Verified
Top poster
Well-known
Sep 3, 2017
821
Does Eset uses cloud while performing on demand scan too? Or only while executing?
Have not seen Eset cloud look up either real time or unknown samples / or dynamic test!
Might be just for reputation based info!.
Live grid as per eset, is a look up and threat real time service for Analysis, not a zero day mechanism!
 

Andrew3000

Level 10
Verified
Malware Tester
Well-known
Feb 8, 2016
460
Does Eset uses cloud while performing on demand scan too? Or only while executing?


I don't think it's "true cloud". It's an automatic reputation system where unknown files are scanned and sent to their cloud-sandbox and analyzed.

See the spoiler.

Legend:
  • Livello di rischio: Risk level
  • Processo: Process
  • Numero di utenti: Number of users
  • Ora del rilevamento: Time of detection
  • Nome applicazione: Application name
Example:
Safe and legit app:
216415


Safe application compiled by me yesterday. After opening the application, it was automatically sent to Eset for analysis.
216416


Not safe application but don't cause any damage (The app eats computer resources to slow it down) I don’t know why it wasn’t marked as unsafe.
216417

EDIT: (14:16 UTC+1) After sending the sample via email, they reported it as a Trojan (badjoke), the malware was quarantined by Eset Live Grid.
216438


Not safe application that cause damage to the computer.
216418


P.S. (CloudCar test) When an application is blocked by eset live grid it is marked as suspicious.
216419


You can check if your cloud is working by using CloudCar: Feature Settings Check - Cloud Lookups | AMTSO
 
Last edited:

SeriousHoax

Level 41
Verified
Top poster
Well-known
Mar 16, 2019
3,092
Have not seen Eset cloud look up either real time or unknown samples / or dynamic test!
Might be just for reputation based info!.
Live grid as per eset, is a look up and threat real time service for Analysis, not a zero day mechanism!
I don't think it's "true cloud". It's an automatic reputation system where unknown files are scanned and sent to their cloud-sandbox and analyzed.
I see, thanks for explaining. Anyway, whatever their method is, it seems it gets the job done. I'm following recent tests result on the hub and in almost every case, Kaspersky & Eset coming with most detection on new malwares followed by Microsoft.