Nevi

Level 4
Verified
I'm thinking Emsisoft, Kaspersky and Norton when I think good BB. Webroot actually have a great BB too, but should probably be used with a more solid antivirus. But WSA's BB is buildt on Prev X, and that was a great product. So an effective combo would probably be best.
Regarding Esets new BB, I think it's too early to tell how effective it is. But if it's good, we ought to see it soon in the different tests.
 
Last edited:

Wraith

Level 13
Verified
Malware Tester
Kaspersky Internet Security has the BEST BB till date. Other suites with good BB include Emsisoft, BitDefender and AVG/Avast. BitDefender, depending on your luck, can be buggy for you or may run as smooth as butter. Emsisoft BB fails when ransomware use LoLBins to encrypt files(specially cmd). AVG/Avast Identity Protection offers good protection. Kaspersky System Watcher is the best one I have found. But honestly, all those behaviour blockers will eventually fail at some point or other just like signature based AV's. Still then an AV with a good BB can stop a large number of threats. No matter what suite you use, always keep an up-to-date BACKUP(offline-disconnected from PC). This is the only thing that can save you in case of a catastrophe.
SIDE NOTE: ESET has made an improvement to their BB. It can now block ransom like behaviour with its BB.
216389
 

blackice

Level 9
Verified
Kaspersky Internet Security has the BEST BB till date. Other suites with good BB include Emsisoft, BitDefender and AVG/Avast. BitDefender, depending on your luck, can be buggy for you or may run as smooth as butter. Emsisoft BB fails when ransomware use LoLBins to encrypt files(specially cmd). AVG/Avast Identity Protection offers good protection. Kaspersky System Watcher is the best one I have found. But honestly, all those behaviour blockers will eventually fail at some point or other just like signature based AV's. Still then an AV with a good BB can stop a large number of threats. No matter what suite you use, always keep an up-to-date BACKUP(offline-disconnected from PC). This is the only thing that can save you in case of a catastrophe.
SIDE NOTE: ESET has made an improvement to their BB. It can now block ransom like behaviour with its BB.
View attachment 216389
Is that warning different than when an advanced HIPS rule stops something?
 

Wraith

Level 13
Verified
Malware Tester
I just got home so I tested attempting to open powershell since I have it blocked with HIPS. It is different in fact.View attachment 216410
Oh by advanced HIPS you meant the custom HIPS rules. Yes the custom HIPS alerts are different from the alert by the BB I posted.

Is HIPS part of EIS+, incorporated into firewall? Or is it also part of NOD 32?
HIPS is different from the firewall. NOD32 has the HIPS component but misses out on the firewall.
 

Andrew3000

Level 5
Verified
Malware Tester
Does Eset uses cloud while performing on demand scan too? Or only while executing?

I don't think it's "true cloud". It's an automatic reputation system where unknown files are scanned and sent to their cloud-sandbox and analyzed.

See the spoiler.

Legend:
  • Livello di rischio: Risk level
  • Processo: Process
  • Numero di utenti: Number of users
  • Ora del rilevamento: Time of detection
  • Nome applicazione: Application name
Example:
Safe and legit app:
216415


Safe application compiled by me yesterday. After opening the application, it was automatically sent to Eset for analysis.
216416


Not safe application but don't cause any damage (The app eats computer resources to slow it down) I don’t know why it wasn’t marked as unsafe.
216417

EDIT: (14:16 UTC+1) After sending the sample via email, they reported it as a Trojan (badjoke), the malware was quarantined by Eset Live Grid.
216438


Not safe application that cause damage to the computer.
216418


P.S. (CloudCar test) When an application is blocked by eset live grid it is marked as suspicious.
216419


You can check if your cloud is working by using CloudCar: Feature Settings Check - Cloud Lookups | AMTSO
 
Last edited:

SeriousHoax

Level 8
Verified
Malware Tester
Have not seen Eset cloud look up either real time or unknown samples / or dynamic test!
Might be just for reputation based info!.
Live grid as per eset, is a look up and threat real time service for Analysis, not a zero day mechanism!
I don't think it's "true cloud". It's an automatic reputation system where unknown files are scanned and sent to their cloud-sandbox and analyzed.
I see, thanks for explaining. Anyway, whatever their method is, it seems it gets the job done. I'm following recent tests result on the hub and in almost every case, Kaspersky & Eset coming with most detection on new malwares followed by Microsoft.