Anyone know a great AV that blocks PUPs well?

is it?did you test it?

 

Eset and Kaspersky to a lesser extent if we don't count MBAM as an AV.

 

if you download some known PUP samples and then check the hash at Virus Total, usually ESET NOD is the only one detecting.

 

is it right?wooo that is terrible for the antivirus vendors cause they advertise adware removal

 

As I said, ESET is easily the best PUP detection AV.

However, Avira seems to be boosting pup detection, adding 450,000 PUP's in a recent change to their database. I tend to rely on Chicalogic/MBAM to detect and clean up PUPS as a general rule though, as I find most AV's aren't effective at it. I didn't find Webroot good for PUPS personally, as most PUPS seem to be signed, and fall under the allow rule.

 

That's not how WSA determine if or not to allow a PUP (signed). You keep posting questionable conclusions without knowing how WSA works. Wonder why...

 

and how does it detect then?by signature or behabiour or heuristic or what?

 

I am afraid you would need to ask them to know exactly, likely a mix of what you posted but certainly not only checking if a file is signed or not.. Lol

 

fax thanks

 

I agree Eset is the best in PUP detection.

And Avira, if you enable all the additional threats in settings then Avira too detects PUP very good.

 

here some PUP samples i had - sent the hashes to VT:


a little better than i remembered but still ESET is the only one doing the job and iirc there were many other files i checked against VT where ESET and occasionally a Chinese AV would return a positive but i didnt save too many for samples.


InternationalPrimoPDF.exe (OpenCandy) 3 of 49: ESET, MBAM, Microsoft
CuteWriter.exe (ASK Toolbar) 2 of 50: ESET and Antiy AVL
AxCrypt-1.7.2976.0-Setup.exe (OpenCandy) 5 of 50: ESET, MBAM, DRWeb, Agnitum, Rising
PuranDefragFreeSetup.exe (Babylon) 2 of 50: ESET and NANO
cnet_Browser Cleaner_zip.exe 5 of 43: ESET, ByteHero, Jiangmin, PCTools, Rising
MediaInfo_GUI_0.7.64_Windows.exe (OpenCandy) 3 of 48: ESET, MBAM, Rising


the actual adware exe files themselves aren't even detected much if you can separate them out with uniextractor:

MyBabylonTB.exe only detected by 4 of 49 : ESET, DrWeb, Vipre, NANO
BetterInstaller.exe only detected by 9 of 48

 

Unchecky. Gotta love this little app...

 

That's been my experience too. I recently scanned 100 installers at VirusTotal, and ESET had by far the best detection of PUPs.

 

make sense pete novirusthanks will pop up alert very well in this area
so it will be a good idea to combine appguard with novirus thanks

 

Well you can test it yourself. Just try to install the software from the widely know Cnet hxxp://download.cnet.com/mHotspot/3000-18508_4-75452123.html?part=dl-&subj=dl&tag=button. As soon as you try to open the installer, WSA blocks and warns you addressing the installer as a PUA. The installer is wrapped with Cnet craps adware. Even the software itself has crap adware during installing. Although they can be opted out, in total there are total 5 PUA.

 

ah I see thanks

 

It definitely looks interesting. I will have to test it out. Thanks for posting about it.

 

I think the answer why several AVs don't detect some of these files lies in the descriptor: potentially unwanted programs. Some may not see them as potentially unwanted, and they certainly don't see them as malware.

Of course, some AVs will detect if the PUP/Riskware setting is enabled, but often it's disabled by default. Virustotal doesn't take this into account hence the low detection returns for PUPs. You have to test with the AV program directly, and with PUP detection enabled.

 

Actually it is the exact opposite for VT checking service support.
They are all set to show "all" detections even if they are not enabled by default when installed onto someones computer.

 

Anytime J.

 

I have webroot at high and you?i mean it will alert for pups more agresivebly don't you think?

 

I have WSA at normal heuristics.

No need. Just check the setting and WSA will do the rest.

 

Never found WR to catch much in the area of PUPS.

Malwarebytes/Chicalogic or ESET if you want pups.. Combine them both, and Pups are gone. I tend to run something other than ESET, so I feel I need MBAM/Chica installed as a pup-blocker more than anything.

 

Obviously on Windows antivirus is important and a must for most users, but what everyone should do before thinking about antivirus is making sure their operating system is fully updated at all times, make sure java and flash is fully updated at all times, use Firefox with https everywhere, NoScript, Request policy, adblockplus, and ghostery, and make sure they are always fully updated, and don't go browsing shady websites on the internet, and installing a bunch of **** downloaded from torrents, or installing a bunch of dumb random ******** like optimizers and cleansers and cleaners and speeder uppers and **** like that.

If you have to use Adobe reader, make sure it is fully updated as well, but use an open source alternative whenever possible, and this goes for all software, especially the operating system. microsoft windows should only be used for very few purposes, in which it is necessary: gaming, work or school/education/development requirements, and maybe audio and video production. People really should be moving over to Linux in droves, and that's starting to happen. Gaming and production is starting to happen on Linux, but it's not quite there yet. In no way should anyone browse the internet or use their computer for any sort of personal or private matters with microsoft windows.

Corporations cannot be trusted. All they are interested in is making as much money from you as possible, and having the government enable that in any way possible. As such, they will bend to the will of the fascist government with little hesitation.

Only a community effort can ensure software can be reliable and trustworthy. This can only be possible with open source software, but people should get involved and get educated, and really try to contribute to the community effort in any way they can. The only way to have individual rights on the internet is to be very knowledgable and competent when it comes to computers. Only people that understand the implications of what's happening behind the scenes when they use computers can protect their rights.