Combining AV's not done, but very effective!

Let him DENY all!

Oh.... there is no DENY oftion in TF( unlike CH). That,s a pitty.

 

Not really, since fortunately there's the Quarantine option, which is a safer and more effective option than Deny.

 

May be more effective but not safer regarding false positives IMO!

 

If it's a false positive, what you need isn't a Deny option either, it's the Allow option.

 

If ever you know!

 

Now you're contradicting yourself.

According to you, a Deny option is needed because of FPs. This implies you already know they are FPs. I say that you don't need the Deny option for FPs, you need the Allow button - to which you reply IF one knows they're FPs.

The only logical deduction I can make from your statements is that you're trying to say that having a Deny button will automagically let users distinguish between FPs and real malware, while a Quarantine button blinds them to the difference.

 

Let me clear this. For an ordinary user, Quarantine when u think that pop up is about suspect malware, click only DENY if u suspect that it,s a false positive and then investigate the issue). Allow when u are sure that it,s a falso positive.

Suspect alert: Quaratine
Sure False positiev: Allow
Unsure: Deny only

Actually I will love to have an option to Deny all popups silently without user ineteraction( for dummies).

 

aigle, it's called Quarantine, not "Permanently and Irreversibly Remove From Computer", for a reason.

So why not use the type of products that do offer that option, and excel at it, instead of trying to bend a product that wasn't meant to do that from the very start into how you think it should be?

In all seriousness, aigle, SSM (Free) with Disconnected UI could probably do that far better than ThreatFire could ever hope or want to.

Still, I think the problem Kees' friend had with TF was not the lack of a Deny button, but rather, the presence of an Allow button...

 

I have posted it before that quaratine can be troublesome at times as i have experienced it( unable to restore back).

After all there was only a DENY button in CH. SSM is a total different category!

 

If that one software somehow doesn't work after restoring, I believe it's more worth investigating it than TF.

PS: CH had an Allow button as well.

 

I did not say it doesn,t work. It was not restored fully.

 

I still stand by my previous opinion; adding a Deny button is a counter-intuitive solution to take when, of the hundreds of thousands of programs out there, one fails to be completely restored.

If this continues I think we'd better take it via PM.

 

Ok, let us stop here!

 

Hi,

Trustport AV currently contains following engines:

AVG
VBA (VirusBlokAda)
Dr.Web
Norman
Ewido

Combining AV software is tricky because of collisions of on-access scanners. On-access scanners intercepts file-system activity using file system filter drivers. These filters hooks operations like file opening. Using this hooks file is scanned before calling application get handle for opened file. If there are two such filters present on single computer, they can easily collide. Same applies to other filter SW (firewalls).

Lubos Hnanicek
AEC

 

so, you got rid of bitdefender and brought in drweb and VBA?

 

Yes, BitDefender is not available anymore. It was cut down because of business reasons. Of course updates for Bitdefender engine will be provided for users, who bought TPAV it in past.

 

cool,

so people have the choice to use the old / new version and still recieve all updates?

i wonder what the majority of users will choose to use, which engines they will prefer

 

Old version cannot be dowloaded from AEC site anymore, only the new version is available.

 

but if people can use the old version, they will still recieve full updates for those engines used?

 

C.S.J :

Yes, until the license year has expired.

Although running multiple AV's together seems to work fine,
it is often difficult to disable the On-access part needed for this.

But even if you manage to succeed in disableing this completely,
On-demand must still be able to work, that often is a problem as well.

And even if you manage to get this working, what do you think will happen,
if you find a virus? Because one of the first things that a AV must do when that happens, is to isolate the file from infecting the system.
This most certainly will give you the problems as Hnanicek described.

If you want to run multiple engines, there are two ways.
1) use multiple OS-es (like VMware or multiple hw)
2) use a AV with multiple engines where these problems mentioned above are already solved for you by the developers.

I am very curious to see what will happen with the next on-demand with
TrustPort and the new engines on the next AV-Comparatives.

Btw, i don't understand the fuzz about the False Positives,
In TrustPort you can set move to quaratine (and you can do this on other AV's as well).

After testing for a long time, it never gave me any problems to restore file from quarantine.

So if a FP occurs, you just restore the file, exclude it for On-Access and On-Demand scanning, send the file to your AV company and a few hours laters the problem is solved. So what is the problem?

Further more it would be very interresting if AVcomparatives would run a test once a year on 'malware' .

It is just a suggestion, because i think he is doing a great job,
but why not add some spyware,adware,dailers etc.?
For the end-user it doesn't make any difference which malware he gets on his system, only how he can prevent it, and how he can clean it.

I think that TrustPort with Ewido would perform even better that it already did, finishing with the best results on the last real test.

 

Ok tested Kees, your setup worked here, i have download 6 real virus from internet, 5 was stoped by Avast, before they get into my system. one passes Avast was removed by Avira. both worked great and no conflictions.

 

That kind of common sense makes me happy, good for you

 

after play around a bit more, i had say, avast need improve it's detections rate... today it stoped 5 virus from some website, but in the Avira's quarantine, there was 17...so if i rely on Avast alone, it won't protect me good from malware today.

 

It appears that you're visiting dark corners of the web, doing p2p, or possibly other shady stuff. You may want to consider a limited user account with a software restriction policy, hips, etc.

 

yep, and also running avast with avira.