Bitdefender, ESET, Emsisoft for sure, not Kaspersky.
Now let me explain why Kaspersky should not be on this list.
What I have seen, Kaspersky often doesn't push all types of signatures via updates to the device. They keep a lot of it in the cloud only. They also constantly cleanup local signatures in favor of cloud-based detection to save disk space and improve performance I assume. I'm talking about Kaspersky AV, not their removal tools.
A few days ago I sent a sample to Kaspersky through
@harlan4096 because malware analysts always reply back to him. It was a malware that was in a Firefox cache file which contained an HTML page and that page contained a Hoax/Scam script. Kaspersky wasn't detecting it while I did a right-click scan but Virustotal shows detection and if I try to upload the file in a browser then Kaspersky was detecting it. Harlan told me that some files get detected by WebAV components instead of FileAV and that's why it wasn't getting detected probably. He still submitted to Kaspersky and got a similar reply. Later after knowing from Harlan that Kaspersky now replies to everyone if you're logged into their opentip submission portal, I submitted the file again to get even a more detailed answer and this is the reply I got.
So anything that Kaspersky thinks is not necessary to be detected by FileAV will be detected by WebAV only and static scans don't use WebAV components. It is fair and the reasoning is understandable from Kaspersky's point of view.
But since we're talking about offline detection through the static scan, Kaspersky's high reliance on the cloud and the separation from FileAV to WebAV makes it not the best one for this category. Bitdefender and ESET rarely rely on cloud for signature based detection, and don't have such FileAV vs WebAV separation for signatures.
BTW, Emsisoft has their Emsisoft Emergency Kit by which you can get the benefit of full Bitdefender's local signature + Emisoft's.
defendingdigital.com
