It is bloated in terms of having extra features, but is one of the lightest antiviruses when it comes to performance. The firewall is indeed very basic, and I would like it to have a better one. I've never used any sandbox software, so that is not of concern to me. I use it because it is very light and asks me before quarantining files. If the real-time protection detects something, I get an alert which gives me the option to whitelist the file. It does automatically quarantine suspicious downloads. But it gives an alert afterwards with the option to take me to quarantine, where I can restore and whitelist the quarantined file. I really dislike auto quarantine, which rules out just about all other antiviruses, although I have many antiviruses on my test computer.
Idk about u, but as far as I know, having an option to pick what decision the av makes when it detects a threat, is a rather basic thing aint it? Like Log and ignore / Auto decide / Ask user / Try to "disinfect" if not quarantine or delete etc. Are u really saying most avs dont have the option for that (a super basic option, and rather mandatory Id say)? Cuz I know kaspersky does
Just about all antiviruses - including Kaspersky, don't have that option. There are small number of antiviruses, that have partially implemented it. They will give you a prompt, with the option to ignore the detected files, for certain detections. For example, they may let you ignore a PUP, but won't let you ignore something detected as adware or malware, which is an issue for example if a harmless PUP is detected as adware, rather than a PUP. There are also a few which give you the option to block a file, but not ignore it. I suggested to both Avast and Avira, that they add the option to ignore files, but they don't want to add it.
Ok so, i just checked kaspersky. Each module has option to pick action. However, ask user is missing... BUT, there might be a workaround. Choose block. Then set quarantine max size to 1mb from settings. Then when a file gets blocked, it will either: 1) get deleted because there is no space in quarantine (but you picked block, not delete, so hopefully it does not default to deleting when not enough space in quarantine) or 2) nothing happens. the file gets blocked from execution, but does not get deleted or quarantined So then all u have to do is go to kaspersky and add exception for ur file or pause kaspersky protection. Which is still worse than being asked and allowing it immediately, but at least it's not quarantined I guess...
That sounds like a bit of a hassle. It's a real shame in my opinion, that so few antiviruses have the option to prompt you and let you ignore detected files.
Ok new plan Get a program that blocks writes execution. Make a download folder. Block write permissions of the AV process responsible for blocking files in that download folder. When the AV tries to block, you will get a prompt to allow or block write access from your write access blocking program. If you click allow, file gets blocked (as if clicking block on an av prompt). If you clock block, file does not get blocked (as if clicking allow on an av prompt). And when the file doesn't get blocked, it won't get quarantined either (unless the av uses a different process for quarantining than the one it uses for blocking). Boom easy.
My main virus has been 360 for some time now. I'm now also running WiseVector, which also prompts on detection.
OK I see, didn't even think about this auto quarantine stuff, I've read in the past it can indeed cause serious problems. It's because roger_m was affected by this ransomware and 360 couldn't protect them. And yes, AV's can't offer 100% protection, but it's still disappointing.
No, and that's why it's very important to regularly back up your system. More often than not, as is the case here, you can't recover your files unless you actually pay the ransom fee.
hope you learned your lessson. always keep offline backups. and consider using a reliable cloud service for alternative backups.
Or have a good firewall, the ransomware requires internet access to send the private key to the servers. If you have default-deny on connections, ransomware won't have access (although I could be wrong?) Or maybe just record all of your internet traffic and then you go back and bam, there's the private key
I see that IObit's forum is now back up. For a few days they had a test forum with no content, but now the original content has been restored. https://forums.iobit.com/