Ask ExeTools: Best Antivirus & AntiMalware 2017

[foil]

I keep Malwarebytes around for browser exploits..

I highly recommend GlassWire as a firewall though! It's extremely light, and has really nice monitoring, graphs, and control.

[ArC]

Quote:

Originally Posted by Kerlingen

Since the Windows Firewall has a default "allow all outgoing traffic" rule which you cannot change I would say it's mandatory to use an "internet security" product, not only to block (non-malware) "call home" software, but also to block malware which is not yet detected from connecting to its control server.

Maybe I'm misunderstanding you but you can configure profiles to block outbound traffic by default. The problem is that it's oftentimes not that useful in practice as you need to manually define rules upfront for all apps that should be allowed to access the internet. This easily gets cumbersome if an application uses multiple processes/services of which some need network access (like in case of VMWare Workstation). What's not uncommon either is legitimate installers which launch sub-processes (which need network access) from previously extracted images with randomized filenames. If you've configured the Windows Firewall to block outgoing traffic by default, it will do so without giving the user any hints whatsoever which can make it difficult to figure out what rules to add to get a particular app to work properly.

There're third-party add-on tools to workaround that problem, though. They listen for certain ETW events if I remember correctly and display a message if an app tries to access the network, alongside with options to create (temporary) outbound rules.

Another thing to keep in mind is that rules can be added programmatically which is something some installers do. While this is generally convenient, it can be annoying in cases where one doesn't want (legitimate) software to phone home for example.

Quote:

Originally Posted by TechLord

Finally. most of the security professionals do not have any AV on their system at all

No wonder really as AV software has in the past turned out to be an attack vector (MsMpEng Type Confusion anyone?).

Quote:

Originally Posted by SKiLLa

use a restricted account

https://xkcd.com/1200/

[Fragrance]

kaspersky is the best it will also scan USB pin drive automatically when inserted also well work for malware and rootkit and have great firewall built in if you go for internet security,kaspersky also provide room for window defender to run by side usually other antivirus disable the window defender upon install nod32 is also good choise

[Kerlingen]

Quote:

Originally Posted by Fragrance

kaspersky is the best [...] and have great firewall built in

No. No. No. Just no.

I already explained here why it's the worst firewall implementation one can think of.