AV-Comparatives: Real-World Protection Test - November 2017

[peteyt 393]

34 minutes ago, itman said:

WD on Win 10 ver. 1709 does have a feature that I have commented on numerous times I would like to be added as an option to LiveGrid or real time scanning:

Obviously Eset would have to build in some limits on when blocking would be performed. Files created via Win Updating for example would be excluded. Ditto for apps using trusted installers and the like. Obviously any .exe or facsimile dropped in the User\Appdata\*, OS root, and program files and data directories would be scanned.

Also this Eset feature has to be more sophisticated that the current Application Modification Protection built-in to the firewall outbound processing that simply alerts that a previous process defined by an existing rule has changed. 

I think this would alleviate many people's concerns although it would I presume be disabled by default and only recommended for advanced users. But it would at least give those wanting tough protection with knowledge a good option

[MartinPe 10]

I am pretty sure that we all want ESET to be the best security software possible. The only thing that bothers me is the number of "Compromised" compared to Bitdefender, Panda and all. I hope ESET will find a way to get that number a lot lower in the future. I know that the detection rate was still over 99%. It's just for me 16 "Compromised" tells me that there are still holes in ESET that needs to be closed.

 

Martin

[TJP 143]

I'm happy with the results of Eset.; perhaps Eset should copy other AV organisations and create an team with the sole remit to pass AV tests with a 100% detection rate. As for MSE, 14 false positives and system drag (according to the same test organisation) means a 'no thanks' from me.

I've seen way too many test darlings come and go over the last decade not to be too fussed by the results; I prefer hands-on over bench tests.

[peteyt 393]

5 hours ago, TJP said:

I'm happy with the results of Eset.; perhaps Eset should copy other AV organisations and create an team with the sole remit to pass AV tests with a 100% detection rate. As for MSE, 14 false positives and system drag (according to the same test organisation) means a 'no thanks' from me.

I've seen way too many test darlings come and go over the last decade not to be too fussed by the results; I prefer hands-on over bench tests.

I don't know. When I see 100 percent it makes me question the product because as we know 100 percent is wrong. Nothing is safe. I know Eset protects me well, always has, that's enough for me. But then I do understand some will see 100 percent as great.

[itman 1,659]

Another thing that needs Esets' scrutiny is Win 10 1709 added to Windows Defender Exploit Guard(WDEG) kernel mode network filters as shown in the below Winobj screen:

For those not familiar with WDEG, it is Microsoft's prior EMET software that is now built into Win 10 1709 by default.

There is a WDEG Attack Surface Reduction(ASR) rule that can be enabled via Powershell command which will allow WD to monitor all outbound program connections; not just those applicable to Internet facing apps such as browsers, PDF readers, and e-mail clients as Eset's web filtering option does. Of course, this ASR feature is only applicable if WD real time scanning is enabled. Per Microsoft statements, it is monitoring for connections to known malicious C&C servers and the like. Eset IS/SS presently has a similar feature in its botnet protection. However, I believe this only applies to know botnet C&C servers? 

Referring back to the kernel mode network filter in place in ver. 1709, I suspect that Microsoft might be getting ready to "pull the plug" on the Windows Filtering Platform that vendors including Eset use for their web filtering capability. Also the WD kernel mode network filters can easily be expanded in scope to filter all network traffic including HTTPS as Eset currently does. Might be time Eset start exploring the reintroduction of its network adapter filters or the possibility of interfacing with the WD kernel mode network filters.

Edited December 19, 2017 by itman

[itman 1,659]

Getting back on topic, @John Alex I would strongly advise that you only use IE11 as your browser when using MSE on Win 7. As the link I posted to the MRG test done with SmartScreen enabled/disabled, MSE's protection capability w/SmartScreen disabled or not employed(Chrome or Firefox use) is significantly reduced. The same advice applies to anyone using WD on Win10, use IE11 or Edge exclusively.

However, Eset's web filtering capability additionally protects Firefox and Chrome allowing one to safely use those browsers.

[0xDEADBEEF 43]

On ‎12‎/‎18‎/‎2017 at 12:03 PM, Marcos said:

ESMC, EDTD, ECMP, EIS, ECA, EBA, etc. will become more than just letters in the next few months

What are these acronyms?