Author Topic: Now that Eset is gone from the UAV...  (Read 407 times)

Offline GrDukeMalden

  • Newbie
  • *
  • Posts: 19
  • Kudos +1/-0
Now that Eset is gone from the UAV...
« on: March 05, 2020, 12:21:33 PM »
...it's time to reach out to other antivirus companies.

If bitdefender won't come back...

reach out to panda. Great PUP detection, usually great malware detection rate too, panda by its self is worthless once it encounters an unknown file though. but that's why you would want to use it as one of the databases in SAP.

You could also reach out to immunet, which I found out a while ago is NOT the same database as Clam, even though they're both owned by the same company.

You also could reach out to Ad-aware, Vipre, Trend Micro or even reason security...which primarily focuses on PUPS and bloatware, but keeps actively distributed malware signatures in their database too.

Side note, you may want to label AVG as "AVG/Avast" the inner workings of those two programs are pretty much identical now and as far as I'm aware, they have the same database too.
VPN(Paid)|
VoodooSheild(Paid)|
SecureAPlus(Paid,Pro)|
Sandboxie Plus, by Xanasoft|
HitManPro.ALERT!(Paid)|
I fiddle with whitelisting software.

Offline Happy SAP user

  • Newbie
  • *
  • Posts: 2
  • Kudos +0/-0
Re: Now that Eset is gone from the UAV...
« Reply #1 on: May 21, 2020, 07:56:46 PM »
Think Immunet is similar to APEX / it is not a signature based scanner. So not sure it work in this context.

I don't think more Universal AV engines would make a whole lot of sense. It increases licensing costs, there is diminishing marginal returns and it increases false positives. Universal AV to me is just a back up to the existing whitelisting approach.

I have the following enabled:
1 - Avira - consistently good performance
2 - ClamWin - Cisco owned, hopefully that has given them more resourcing. Think it has always had bias against them because it is free but they must have a huge network for data collection because of its install base
3 - Emsisoft - I recollect they were quite good / were a bit more aggressive at picking up adware / PUPs
4 - F-Secure - not sure if this includes the KAV engine / definitions but I have this on regardless as I recall their in-house engines were quite good
5 - McAfee - Intel owned and hopefully they have been improving
6 - Sophos - Quite strong in their own right

I have disabled the following:
1 - AVG - whole host of false positives based on their Win32/Heri generic definition. Given they own Avira now, I would just have 1 or the other running
2 - F-Prof - not sure Cyren has done a whole heap since they bought it. Its main advantage was that it was light and cheap esp for Linux servers. I suspect its included because they do provide their SDK / push on the OEM side but also its quite cheap to license. On balance, don't think its needed
3 - IKARUS - I never had a good impression of them. Really just a personal view and actually quite baseless. I have noticed that I get some false positives when I had it on
4 - Microsoft Security Essentials - based on the old engine and I have Windows Defender running anyway
« Last Edit: May 21, 2020, 07:58:20 PM by Happy SAP user »