App Review Windows Defender vs Top 100 Infostealers

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
PC Sec Channel
simmerskool

simmerskool

Level 39
Verified
Top Poster
Well-known
Apr 16, 2017
2,852
oldschool said:
It's a test. One test. Machine gun approach. MS Defender didn't do too bad, all things considered. Encountering even one of these, let alone 100, would be highly dependent on user behavior. In the end, brain.exe is still the best 1st line of defense. Stay safe, not paranoid. Word. (y)(y)
Click to expand...
...also at the beginning of video he says "default" Defender. Later in the video he says you can add some additional Defender protections but he doubted they give more protection. IIRC this was recently discussed here with @danb (DefenderUI) and @Andy Ful (ConfigureDefender) and others.
 
  • Like
Reactions: Jonny Quest, Sorrento and Oldie1950
monkeylove

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
621
lokamoka820 said:
MS Defender doesn't have web protection, so it is not responsible for phishing and credentials hacking attack, the problem here is between the chair and the keyboard.
Click to expand...

I read that there are now more malware that can hide in legitimate software, that are part of legitimate websites, and that can run without user interaction.
 
  • Like
  • Sad
Reactions: Behold Eck, lokamoka820, simmerskool and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,716
Leo tested the detection of AV1 against 100 samples and 22 samples were undetected. Next, he used AV2, AV3, ... on undetected samples and we could see that those AVs detected a few samples from those undetected samples. He forgot that AV2, AV3, ... could also miss a few samples that were already detected by AV1. But, we did not have a chance to see if it could be true or not, due to an invalid procedure applied in the Leo test. The only useful information from the video is that the Norton Power Eraser tool (not an AV) is very efficient.

This is a good example of when the initial assumption about AV1 makes the test results irrelevant.
 
Last edited:
  • +Reputation
  • Like
  • Applause
Reactions: zidong, SeriousHoax, roger_m and 4 others
Vitali Ortzi

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,814
Andy Ful said:
Leo tested the detection of AV1 against 100 samples and 22 samples were undetected. Next, he used AV2, AV3, ... on undetected samples and we could see that those AVs detected a few samples from those undetected samples. He forgot that AV2, AV3, ... could also miss a few samples that were already detected by AV1. But, we did not have a chance to see if it could be true or not, due to an invalid procedure applied in the Leo test. The only useful information from the video is that the Norton Power Eraser tool (not an AV) is very efficient.

This is a good example of when the initial assumption about AV1 makes the test results irrelevant.
Click to expand...
The av used for detection are more aggressive
Norton power eraser uses more aggressive huristics then max settings on Symantec and uses some that are exclusive to the scanner (Symantec diagnostics , Norton power eraser is on purpose built to find as much malware as possible)
Hitman pro is far more aggressive then sophos too
Obviously they would detect more and have more false positives then defender
With 100 samples I'm sure the super aggressive scanners would get better results so what as they aren't a realtime av for obvious reasons and if he tested sophos , Norton consumer products on default settings they should miss some samples just like defender



"Power Eraser scans and virus and spyware scans both run an active scan and a full scan.
However, Power Eraser uses the more aggressive High Intensity Detection (HID) scans that employ advanced machine learning (AML) techniques. The AML engine determines if a file is good or bad through a learning process.
The AML engine recognizes malicious attributes and defines the rules that the AML engine uses to make detectio
ns."
Source

What you should know before you run Symantec Power Eraser from the Symantec Endpoint Protection Manager console

Symantec Power Eraser is a free virus removal tool to remove malware and threats from your computer. Power Eraser is provided with the product and does not need to be installed.
techdocs.broadcom.com techdocs.broadcom.com
 
Last edited:
  • Like
Reactions: SeriousHoax, roger_m, simmerskool and 2 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,716
It is probably true that Hitman Pro and EEK scanners are more aggressive and can detect more, but one cannot conclude this from Leo's video due to an invalid testing procedure.:confused:

Of course, we can also treat the video as a presentation (not a true test) of the author's beliefs based on his experience. It would be better if he would mention that generally, the detection of infostealers is a challenge for all AVs and about 20% of such malware can be undetected in the wild (by malware scanning).
 
Last edited:
  • Like
  • +Reputation
  • Hundred Points
Reactions: SeriousHoax, roger_m, Behold Eck and 6 others
simmerskool

simmerskool

Level 39
Verified
Top Poster
Well-known
Apr 16, 2017
2,852
Vitali Ortzi said:
The av used for detection are more aggressive
Norton power eraser
Source

What you should know before you run Symantec Power Eraser from the Symantec Endpoint Protection Manager console

Symantec Power Eraser is a free virus removal tool to remove malware and threats from your computer. Power Eraser is provided with the product and does not need to be installed.
techdocs.broadcom.com techdocs.broadcom.com
Click to expand...
Is Norton Power Eraser (NPE) the same as Symantec Power Eraser? My version of NPE has a version date of 2022. It used to update fairly often but it hasn't updated itself in quite awhile. If there is a Symantec PE, is free and where can it be downloaded, or is it only a component of Symantc endpoint av??
 
  • Like
Reactions: Jonny Quest
Vitali Ortzi

Vitali Ortzi

Level 29
Verified
Top Poster
Well-known
Dec 12, 2016
1,814
simmerskool said:
Is Norton Power Eraser (NPE) the same as Symantec Power Eraser? My version of NPE has a version date of 2022. It used to update fairly often but it hasn't updated itself in quite awhile. If there is a Symantec PE, is free and where can it be downloaded, or is it only a component of Symantc endpoint av??
Click to expand...
I always use Symantec diagnostic tool instead it's more advanced version of power eraser then the Norton one and is free as well

Download SymDiag to detect product issues

knowledge.broadcom.com knowledge.broadcom.com

"Symantec Endpoint Protection does not include an option to launch Power Eraser directly from the client. However, a user on the client computer can download the SymDiag tool and run Power Eraser from the tool."
 
  • Like
  • Thanks
Reactions: brambedkar59, roger_m and simmerskool
Szellem

Szellem

Level 9
Verified
Well-known
Apr 15, 2020
428
Andy Ful said:
It is probably true that Hitman Pro and EEK scanners are more aggressive and can detect more, but one cannot conclude this from Leo's video due to an invalid testing procedure.:confused:

Of course, we can also treat the video as a presentation (not a true test) of the author's beliefs based on his experience. It would be better if he would mention that generally, the detection of infostealers is a challenge for all AVs and about 20% of such malware can be undetected in the wild (by malware scanning).
Click to expand...
I always appreciate your answers. They are informative and open people's eyes. Thanks, and I look forward to reading more.
 
  • Like
  • Hundred Points
Reactions: outlawxtorn, roger_m, lokamoka820 and 5 others
tofargone

tofargone

Level 6
Thread author
Jun 24, 2024
264
simmerskool said:
Is Norton Power Eraser (NPE) the same as Symantec Power Eraser? My version of NPE has a version date of 2022. It used to update fairly often but it hasn't updated itself in quite awhile. If there is a Symantec PE, is free and where can it be downloaded, or is it only a component of Symantc endpoint av??
Click to expand...
ignore the version date, mine updates every time I run it, but that about / version date strays the same
 
  • Like
Reactions: simmerskool
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,716
Yes, phishing cannot be an excuse for not detecting infostealers. Simply, AVs on default settings did not develop efficient methods to fight infostealers.
 
  • Like
  • +Reputation
Reactions: mlnevese and simmerskool

Similar threads

Andy Ful
    • Like
    • +Reputation
App Review AV/EDR challenge
Replies
18
Views
916
Video Reviews - Security and Privacy
Andy Ful
Andy Ful
NB InfoTech
    • Like
App Review Is it worth to use G Data Antivirus? | G Data Antivirus Review | G Data Antivirus Test | 2024
Replies
4
Views
659
Video Reviews - Security and Privacy
mlnevese
mlnevese
NB InfoTech
    • Like
App Review Want to try? | Comodo Antivirus Test & Review | Comodo Internet Security vs Ransomware | 2024
Replies
4
Views
559
Video Reviews - Security and Privacy
bazang
bazang

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top