struppigel

Moderator
Verified
Staff member
Hello,
i was wondering, why there is not many multi-engine antivirus solutions. Better multiple than one right ? I didn't see many antivirus programs like that. Thing with 1 antivirus engine, it is hard to decide to trust a file. With multiple engines, if file is detected by 1 from 12, than it is probably false positive.

That's certainly not what you are getting at, but there are lots of multi-engine AVs. Probably more than single-engine AVs.
The engines of Bitdefender, Kaspersky and Avira are used by many other products, which also have their own scanning engine on top. Especially for smaller companies who don't have the number of employees to maintain a full scanning engine that covers everything, it makes much more sense to license another engine and then use their own technology to cover the leftovers. The drawback is that they cannot control the detections of that engine. So if, e.g., Bitdefender's scanner has false positives, at least 6 other AV products have the very same false positive as well.

But I think your question was actually a different one, probably more like: Why not have a multi-engine product that uses all engines?
The main answer to that is: It's a question of performance vs actual benefit. Why would you deploy the very same detection method more than 10 times in different variations?
This would slow down the system considerably, whereas you could use the same resources to deploy entirely different detection technologies to make things safer. That's exactly what AV products are doing. They have not only the file scanning engine but also, e.g., behaviour monitor and blocker with heuristic rules, exploit protection modules, in-memory scanning, automatic analysis and signature creation combined with cloud blacklisting and whitelisting, ...

Let me create an analogy with safer sex: It makes sense to use a condom and birth control pill at the same time because they work differently, work in different areas and protect from different things. However it doesn't improve things if you use two condoms.
 

sepik

Level 10
Hello,
Can someone explain, for example in VT, there's Sophos AV and Sophos ML(machine learning). Why there's two "Sophos" ? The same goes for Trend Micro, Bitdefender Theta etc. As far i know for Trend Micro, their endpoint products will get the "fresh signatures/components" first.

Kind regards,
-sepik
 

Spawn

Administrator
Verified
Staff member
Hello,
Can someone explain, for example in VT, there's Sophos AV and Sophos ML(machine learning). Why there's two "Sophos" ? The same goes for Trend Micro, Bitdefender Theta etc. As far i know for Trend Micro, their endpoint products will get the "fresh signatures/components" first.

Kind regards,
-sepik
My guess is because they are using different technologies.

Example: VirusTotal (.doc sample)
1591449517188.png

1591449532755.png
 

Arequire

Level 26
Verified
Content Creator
Can someone explain, for example in VT, there's Sophos AV and Sophos ML(machine learning). Why there's two "Sophos" ?
Sophos AV refers to their signature-based solutions (Home/Mobile Security/Antivirus for Linux, etc.) and Sophos ML refers to Intercept X, which uses AI and is signatureless.
 

sepik

Level 10
@Spawn
Sophos ML or others AI/ML products does not, like in the screenshot, cannot process office etc files. So what i'm interested, like i said before, why there's Sophos ML and Sophos AV and Bitdefender and its Theta version on the VT? Sophos Home Premium uses AI, but it is the same than Sophos ML?

Kind regards,
-sepik

Sophos AV refers to their signature-based solutions (Home/Mobile Security/Antivirus for Linux, etc.) and Sophos ML refers to Intercept X, which uses AI and is signatureless.
Arequire, But Sophos Home includes AI, so why....Does Bitdefender Theta, Mcafee-gw etc shares the same new signatures with home consumer versions? Trend Micro does that, tho, its only a less than a day when they release signature/component versions to consumers...

Kind regards,
-sepik
 

fabiobr

Level 10
Verified
@Spawn
Sophos ML or others AI/ML products does not, like in the screenshot, cannot process office etc files. So what i'm interested, like i said before, why there's Sophos ML and Sophos AV and Bitdefender and its Theta version on the VT? Sophos Home Premium uses AI, but it is the same than Sophos ML?

Kind regards,
-sepik


Arequire, But Sophos Home includes AI, so why....Does Bitdefender Theta, Mcafee-gw etc shares the same new signatures with home consumer versions? Trend Micro does that, tho, its only a less than a day when they release signature/component versions to consumers...

Kind regards,
-sepik
Yes, Bitdefender ML is included in home products too (with ATD - which include all proactive modules), but ML methods can sometimes create FPs or be ineffective as it needs learning, that's why it's important feed it with data and other modules to check and reduce FPs. I guess that's why they are in VT.


----

For Mcafee, as far as I know, McAfee GW is specific to the enterprise network or something like that.