What AV's DO NOT 'prompt for action'?

BitDefender AV Plus 2012 is the first one that I have come across that will completly nuke everything it finds - including my folder of game trainers that I paid for and other stuff that was archived using archivers such as Molebox, etc.

In the past I have used Nod32, MSSE, Zone Alarm, Kaspersky, etc - but none of them, none of them, didn't have some sort of 'Prompt for Action' option to prevent exactly this type of thing from happening.

BitDefender may score well as an AV - BUT, it is the only one I would never recommend to anyone.

I'm dreading a false-positive with this pile of garbage. Yeh, you can set the thing to quarantine instead of auto-deleting - but you still can't get it to prompt before taking any action whatsoever.

On top of that, they emailed me with 5 free Licence Keys that I could give to friends and family so that they could have the thing for free.


So, be warned if ever you are tempted by all of the reviews and glowing accolades of BitDefender - it, by default, has the capability to destroy data because the developers thought it would be a great idea.


However, I'm intrigued as to whether any other AV software has the same nutjob same idea? Just so I know what else to avoid in the future.

 

Norton, Panda cloud.
Not sure, but McAfee could also suffer from that.

 

Thanks for replying.

What I don't understand is WHY? Why create an AV solution, that by default, will destroy the end-users data without allowing them the option to intervene?

It doesn't make sense to me - possibly because I have never come across this before. How could a developer think it a great idea to take a fail-safe away from the customer? It's not their data, or their computer. I seriously don't get it.

 

Probably because the amount of users leaving it on auto-mode anyway is high, and the amount of "trivial" FPs is comparatively low, thus they can use "restore from quarantine in case of FP" line when users complain.
The problem is all it takes is 1 major FP (critical OS file and registry entries associated with it) to debunk the idea behind this.
Conclusion, it's because they're lazy.

 

Wow...can i have a license for this...piece of junk?

 

Bitdefender has a great AV engine. Its just better used in a rebrand. Like immunet.

 

I dont trust any security program to make a Automatic decisions unless its default deny and not default delete.Appguard is doing everything I need it to do,keep the nasties off and not nuke my system or my files.Waiting for the post when someone's MBR gets nuked because of this auto delete.The auto Delete should never be a default out of the box IMO its just a accident waiting to happen.

 

That's the exact reason. But for most AV you can set it to ask mode. You just have to dig deeper into the settings.

 

I can't stand not having a choice. Its an instant uninstall. Why a program would just delete a file without asking is unimaginable?

 

I can agree on the Norton and McAfee. Norton from personal experience and McAfee from other people's experience. No clue on the Panda. They think they are "keeping it simple" for the novice users by not asking them to do anything. Unfortunately with that model it is not possible to avoid some false positives causing file loss. I prefer to be asked. I hope some of these vendors will make it an option at some point.

 

I know Kaspersky has an option to ask whenever it finds detection.
Others dont , which I dont get why ?

 

Actually during installation Kaspersky and some other AV (ESET ?) asks where it will decide everything or leave upon user something. Now at that point if user selects to leave upon the AV to decide everything then that should not be the fault of that AV. For Panda there is no prompt whatever.

 

I think the best option for all AV should be to show alert by default with a check-box saying " Don't ask again, decide automatically".

 

eset have that option

 

Yep, I know.

The way I wrote my sentence is probably grammatically wrong - but I do state "didn't have some sort of 'Prompt for Action' option" to mean that they all did - if you get what I mean.

 

I have told it in Norton forums but they think majority of people are not intelligent enough to understand what to do , hence Av decides itself ( which i fully agree)

Thats why kaspersky and other Av also followed same path. In fact now Reviewers in various magazines and website count it as pro and those AV who ask for action on what to do are not considered user friendly.


I feel that every AV should have this setting ( not enabled by default ) to "ask what to do " whenever if finds any detection.

 

It's their loss (I hope), as I noted that Bitdefender has a 30 day refund policy - so I am hoping to get my money back and go back to using Microsoft Security Essentials which does prompt and I quite like it.

 

"Panda"
Will for sure delete without asking
I used it at one time, it may be different now
but it also messed up some other setting too

 

Seems most vendors feel that the public's knowledge of which files are safe/dangerous is less than their product development team and therefore feel it is better to leave decisions on what to delete/quarantine up to the program rather than the user,with most users this is probably the right way to go as I get far less machines brought in screwed up by false +ves(can't remember last one!) than I do where the user as allowed what they thought was a safe file/app to run,what you have to realise that the folk that visit/use sites like this are in general more computer savvy than those who don't,and the numbers who don't visit are far greater,they are the bulk of the market these products are aimed at

 

Still, if ESET and Kaspersky can both provide the option for automatically or manually deciding, there is no reason for companies like Norton and others not to offer the option. I wouldn't even mind if the default was to behave like it does now, and put in some advanced settings to let me decide, especially on unknown files which is where these automatic products fail. It just doesn't seem an unreasonable request to me.

 

If vendors want to make a auto pilot like BD it should be auto quarantine and it can be simply restored if its a FP and perhaps added to a trusted list.Just my two cents for what it's worth.

 

I have run AV's in the past that do not bother prompting the computer user for actions BEFORE deleting a file which might be LEGITIMATE.

That has happened to me with ESET, Symantec, McAfee, Avast! among others.

I remember some time ago plugging in a USB drive on my PC with the installation files for MS Office 2003 which was running ESET NOD32 v4 and, WITHOUT a prompt, NOD32 deleted a core file needed for the installation of Office, rendering the installer inoperable. [I left my subscription to NOD32 run out this month and did not renew it].

Same with Symantec, but this time was with Combofix, from Bleeping Computer. After plugging in the USB flash drive, WITHOUT any prompt, Symantec DELETED [did NOT quarantine] Combofix making impossible to recover it.

These things are SCARY becasue if the detection-delete of the files are False Positives [FP's], you are doomed.

The only AV that was not taking action without prompting the user was MSE, but the version 2.1; I think that from Beta version 4 onwards, MSE is no longer prompting the user and it's deciding by itself.

That's why I stated in a post at the Anti-Malware sub-forum that I was seriously thinking about no-longer running AVs on any of my PCs.



Carlos

 

sometimes auto quarantine restore does not work,
it may put the file back but it fails to register in windows
or just plain does not work correctly after restore

what I would like is a AV that does not even have the
ability to repair but is very good at letting me know if
I am infected then I could just do a image restore for the
repair

 

Hello,

I regret to inform you that Microsoft Security Essentials 4 (Beta) being released soon is taking an identical model to consumer PC security.

The "Default Actions" are gone. Furthermore, there will be absolutely no way whatsoever to change how MSE responds to threats. The default will be automatic malware remediation...it will auto quarantine most things, auto delete byte-for-byte matches, and prompt only for adware/grayware.

Long story short and many angry, maybe a bit over the top posts on Microsoft Answers aside...it sucks. I feel your pain. Security vendors are over-stepping their bounds.

I am and always will be a proponent of automatic quarantining, but there are people that just will not work for, and those people deserve to have an antivirus too.

Microsoft is trying to dumb MSE down to be so radically simple that it doesn't match the level of quality that the rest of Windows has.

I offered them lots of feedback, most of which their sacred MCCs, MVPs, and arrogant community stars just through in my face. They don't care. Shut up and let us "protect" you is the new attitude for Windows 8.

I even offered them a picture AND video feedback showing how by removing default actions and replacing it with a totally simple, one-option only setting page called "threat response", they could solve this issue...but I'm sure they laughed at that idea too and figured it would defeat the purpose of their changes.

My suggestion was to implement a simple "Let me choose" or "let Windows choose" option for threat response, much like Windows Backup setup works.

Oh well, just another reason life sucks. :/