How effective is Signatureless AVs like Panda Dome?

Suspected as much: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/elam-driver-submission

Also since at least Cylance Home AV does not integrate with Win 10 1809 Security Center, suspect this also applies:

 

I configured ESET tightly and I understand, from you all, another AV would be a conflict. I was a bit confused with that Cylance video and later with Panda Dome.

ESET has, as far as I know, the most advanced and configuration Setup. However, the company itself is not much open to Suggestions and Resolutions on their forums. They don't even provide an e-mail address where you could send any query.

Kaspersky forums are more active and they have lot of expert volunteers who can assist. Even Panda Dome system tray menu has the option of Idea Submission.

 

i'm sure they have a support email address where you can send suggestions, but the things with companies, if you are alone to ask something (especially not critical aka new features), you won't be heard.

 

How about Metadefender Client and Herd Protect ?

 

I tweeted them and got reply that they don't have specific email ID for idea submission or suggestions.

 

What does it look like when something does integrate? Mine says CylanceProtect is turned on, but I cant see current threats or settings from within the security settings interface.

 

those are not real-time scanners, they are more "2nd opinion" ones, using cloud version of other vendors engines. I wont use them as main protection at all.

Cylance (as many corporate solutions) uses a web console that only the registered owner of the soft can access. If you are not and so don't have access to it, i would suggest you to uninstall Cylance right away.

 

It's my own licence. I'm just curious what an av that integrates properly looks like in the 1809 security center because I can see Cylance in there. I haven't really used a real time AV other than Cylance on the newer Windows versions.

 

WDSC will just show a sentence saying the security is provided by [vendor name] you don't have real integration of the 3rd party software (by this i meant visible settings tabs like for Windows Defender).

 

I see something similar to that with Cylance.

 

Same for every 3rd party AVs.

 

If you are interested in a strong and configurable AV with an active forum, Kaspersky is indeed a serious contender.
Even their free version is very strong, although less configurable. The full version, Kaspersky Internet Security, is extremely configurable and can achieve a high level of protection.

On the Malwaretips forum there is a lot of discussion on Kaspersky features and configuration, and there are some expert forum members over there who field questions.

The downside of Kaspersky Internet Security is:
1 price
2 much more likely than ESET to cause software conflicts
3 ESET is lighter
4 in an advanced configuration, you might run into bugs

 

personally if i was a ESET user, i won't exchange it for Kaspersky... no way.

 

@rpk2006

how about giving wsa a try?

 

IMO, not a good idea ^^

 

@guest

why not?

 

When AVs are tested against each other, Webroot is usually not a winner in the protection category. But it is very light.

 

https://www.wilderssecurity.com/thr...s-webroot-purchase.413138/page-2#post-2811149

Not saying, when you are an AV with a decade of existence, owning a significant part of the market share and you are bought for peanuts by a backup software company; it look like you are trying to flush the baby in the toilet asap...

 

i can't remember the last time wsa was tested. but then again, i don't believe the av tests have any sort of accuracy for the real-world scenario.

 

can't say that i don't agree with those pros & cons. and that acquisition doesn't sound promising. i got you.

 

Refer to the below screen shot. If Cylance is shown there, it has integrated with WCS:



Next, click on "Manage providers" which will display the following screen:



If Windows Defender is also loaded and running, it will indicate this status on the Security Providers screen. You can also verify if this is case using Task Manger or Process Explorer and verifying that the WD engine, MsMpEng.exe, is running. BTW - it shouldn't be running unless you have selected the Periodic Scanning option.

Finally, you can only manage Windows Defender protection settings via WSC. You have to use the third party AV's GUI to manage its settings and display its status data such as log files and the like.

 

As far as Kasperky vs. Eset is the following.

Kaspersky has System Watcher which is behavioral based. At its default setting, it is equivalent to Eset's advanced memory scanning feature. However and unlike Eset's AMS, System Watcher can be "tweaked" to aggressive mode which will generate many more alerts about suspicious activities. Eset will be introducing like capability in the soon to be released 12.1 versions.

The "nature of the ransomware beast" behavior detection methods with most of the major AV products against non-signature detected ransomware is you're going to end up with a few files encrypted prior to their ransomware detection kicking in. Kaspersky also has system snapshot capability. This allows Kaspersky to "rollback" those few encrypted files to their prior unencrypted state. Likewise, it can also do the same for any malware system modifications prior to System Watcher detection. Note that AMS, System Watcher, and like protections are post-execution detections so there is always a risk of system modification occurring prior to detection. Does Kaspersky's rollback feature always work as it should without adverse effects? That's another discussion.

 

Cylance is registered there.

 

Even though I never felt a need to switch from ESET to any other AV. However, from the last few days I am evaluating this combination: ESET Internet Security 12 and Panda Dome Essential. Both installed on my old laptop running Windows 10 and having 4 GB RAM.

Neither I see any performance lag nor any conflicts. This is only for testing purpose. I will however remove Panda Dome as ESET security configuration is vast and comprehensive. Rather, plan to install HerdProtect or any such second opinion tool to be used occasionally.

 

On the "Security providers screen," does the wording associated with WD state "you're using other anti-virus providers?" Also did you verify that MsMpEng.exe is not running? Again, if Cylance kernel process is not running as PPL - Anti-virus, ver. 1809 will auto enable WD to run in parallel with the AV solution.