What is your security setup these days?

My questions are based on the test charts given here:

https://www.av-comparatives.org/comparison/

That is, Microsoft has a higher compromised percentage compared to Avast, AVG, and Avira (free versions) for real-world and malware protection, and does poorly against Avast and AVG (free versions) for impact on system performance.

Would turning on at least features using DefenderUI lead to better results? If so, then is there a test that shows that?

In my case, I have everything on except for CFA because I read that they should be turned on in any case, but I'm trying Avast Premium on trial because of results given in another test:

https://malwaretips.com/threads/tes...ion-of-antiviruses-with-10-124-sample.137328/

where only that and Kaspersky Premium led to the system not being corrupted.

Again, AFAIK, the default settings for AVs were used, including Defender. What if non-default settings were used?

 

Easy there, don't take this personally. We're just trying to figure out if it's safe to have CFA on. AFAIK, the default non-default settings (!) in ConfigureDefender, DefenderUI, etc., don't usually turn it on.

 

What on earth are you talking about?

What I meant is that for example ''advanced ransomware protection'' is disabled. Perhaps because it might cause problems with certain apps? I had to disable it because otherwise the JStock app wouldn't work, and there is no option to whitelist it. I also doubt this feature is as advanced as HMPA's CryptoGuard.

Also, Smart App Control is in fact sort of like a whitelist, because Win Defender is already able to identify malware (blacklist). So what good is Smart App Control if it would work exactly the same? Plus, for some reason if you disable Smart App Control, you can only turn it back on when you reinstall Windows, this has to be the dumbest thing I have ever seen LOL.

 

It's indeed possible that turning on all features via DefenderUI and/or ConfigureDefender might improve results. I believe most test are done with default settings because that's how most people will use Win Defender.

But I agree with Bertazzoni, most of the big names AV's perform about the same in terms of protection, sometimes WD might fail to block some sample, and sometimes some other AV like Avast might fail, but it's not a big deal.

So it's more important to look at performance and GUI. WD's interface has to be one of the worst I have ever seen. And it keeps scanning the same files over and over again. That would be a reason for me to perhaps buy a third party AV, problem is that many of them are too bloated and might sell your data.

 

Windows Defender and its "firewall" is the most attacked, abused etc software ever. That is why i'm not using anythin based on WD or its "firewall". Now i'm using Avira, because of its very strong heuristic detection against .exe files. As for firewall, i'm using @tnodir Fort Firewall. What i really like about Fort Firewall, is to make a block rule and kill child processes. For example: c:\**\powershe*, which stops \system32\ and \syswow64 powershell to connectin outside. So powershell can run, but not allowed connect to the internet. Sure, powershell can be use to run a child process. Fort Firewall does have a feature, to kill powershell child process. Very, very good feature.

But...Fort Firewall, like Glasswire etc fails for its real purpose. To block outside connection. I installed Keyscrambler. Checked for updates. Fort Firewall allowed Keyscrambler to connect outside, after a second, Fort Firewall asked, do you want to block Keyscrambler to connect outside? But it already connected. Too late, RAT malwares etc can make a connection to C2. So, please, @tnodir implement a feature that does HALT/STOP, somethin like Netlimiter "blocker" firewall does.

 

I'm talking about statements like this:

Wrong on both counts. If you can't bother reading a bit of documentation, well then I don't know what to tell you ...

 

For breaking legitimate apps. I failed to install VisualC++ and DirectX made by MS till I disabled it! It is even worse junk than Defender, it is the first I disable after install, followed by the dumb Defender.

 

My current setup:

Windows 11 24H2

AM: McAfee Internet Security
Backup: Macrium Reflect Home
Content blocker: uBlock Origin

On demand scanners: Norton Power Eraser, Sophos Scan and Clean, Sirius LLM

 

Windows 11 24H2

Malwarebytes Premium 5.3.8.212 (lifetime subscription)
AppGuard Solo 6.7.129.2
Quad9 DNS

 

I'm a bit shocked, McAfee is always the first thing that I uninstall! Has it been improved or what?

I have always hated AppGuard, the whole concept is too complex for me. Never understood why people liked it so much.

 

I have read it, but it seems that you came to another conclusion than me. To me it seems to be sort of like a whitelist, which is a bit similar to Gatekeeper on macOS. So only files that are for example signed and have a certain reputation are deemed safe. Which is basically M$ admitting that they can't guarantee that Win Defender will get it right, every single time.

Holy crap, sounds more like ''Dumb App Control'' to me. That's why they also clearly state that it's not meant for people who install lots of apps, it's more meant to lockdown the system for noobs, who use the basic apps.

 

Yes, it was redesigned last few years and ATM runs great on my system.

 

I still miss McAfee Free Cloud, it was great, till it lasted.

 

Unfotunately I don't rememeber this product. It must have been some time ago when they offered it?

 

This is the context of my question:

I think it only takes that sample for the system to fall apart, and one recent test shows that only two passed: Kaspersky and Avast premium. I'm currently testing the latter, and I found it cheap in some stores.

Some argue that tests are flawed because they bombard AVs with one malware sample after another until the AVs fail. But what if the AVs are retested only with the malware sample that caused them to fail? Will they pass?

In relation to that, I asked if WD, which failed, would pass in non-default mode, but for now I've been told that non-default features don't help in detecting malware but might help in protecting the system. I'd like proof of that so that I can still to WD. That's all.

For bloated AVs, I just turn off those features I don't need or consider the cheaper version.

As for selling data, I assume that they won't do that for paid software.

 

Is CFA turned on by the company by default?

 

Code:

https://home.mcafee.com/Secure/CloudAV/CloudAVHome.aspx
https://home.mcafee.com/Secure/CloudAV/HowItWorks.html

 

Yes, I also don't know if this sometimes plays a role when AV's fail to detect samples. Normally speaking, a user obviously won't open 100 malware samples at once. But I do know that there are AV's capable of blocking 100% of all samples in these kind of tests.

I really wonder if this is good enough, because even when you turn these features off, you still get multiple of processes/system services running. And I doubt they will only try to monetize the free AV versions, I simply don't trust them after what Avast did.

You're misunderstanding, the discussion was about Smart App Control, not CFA. CFA is basically a second line of defense when WD fails to block ransomware.

 

I wonder if you did see the McAfee video on The PC Security Channel from about 2 months ago? It performed miserably against ransomware.

 

When you disable certain features, processes are no longer running. Surprisingly Panda Free always scores well, even though it sucks in user tests. I always say that I would pay for a free AV, like Forticlient was, rather than for a bloated AV.

 

One recent test shows only two that did: Kaspersky Premium and Avast Premium.

I will see if I can re-check Avast. AFAIK, the features for those have to be downloaded, and some with additional purchases. For Kaspersky Standard, from what I know, if they're off, then they don't run at all.

Finally, my question has to do with the point that there has to be a reason why several features aren't turned on by default.

 

Yes, it's possible for these AV's to block all malware samples, even when they are being bombarded.

And what type of features are you talking about? I believe most of the features found in ConfigureDefender are enabled in Win Defender. Like I said, CFA is an extra layer which also might cause usability features, so that's why they give an option to enable/disable it.

 

OK I see, didn't know about this. Most of the time when I look at these tests, I see a lot of Bitdefender and Avast processes running, not good for RAM usage. That's another reason I stuck to Win Defender.

I forgot to comment on this, I've seen you mentioning this before. How did you test this stuff, I mean how did you know that KeyScrambler was able to connect, I suppose you used a tool like TCPView? Can you also test TinyWall?

I have never seen any indication that apps were able to connect out, when they were being blocked by TinyWall. So I would be surprised if Fort Firewall had such a bug. And Glasswire is based on the Windows Firewall, I also doubt this would fail to block connections.

 

Hello,
normally it should block them but recently on official Glasswire forum a user reported that with latest Glasswire version 3.7.880 the Keepass password manager is able to make a successfully update check even if the user had blocked all Keepass connections (In and Out). The reason could be the VPN, as another user (ittroll) explains. Furthermore in that thread there is a post from tnodir, Fort Firewall developer, he also suspects the use of a VPN or local proxy. Here it is the thread https://forum.glasswire.com/t/blocking-keepass-not-working/21042

 

OK I see, I didn't know that VPNs could cause problems, quite interesting thanks. I normally don't use a VPN on my PCs, I only use it on my router which is connected to my smart TV.

Actually, I did read on the SpyShelter forum that a VPN blocked SpyShelter 15 from working correctly, which was quite odd. I also wonder if you can ask the person who had problems with GlassWire to test TinyWall to see how it acts with VPN enabled?