Best Antivirus/EDR vs Unknown Ransomware

Поділитися
Вставка
  • Опубліковано 21 лис 2024

КОМЕНТАРІ • 1 тис.

  • @pcsecuritychannel
    @pcsecuritychannel  3 місяці тому +332

    FAQ:
    What about Kaspersky & other products? There are only so many products I can fit into one video, so tried to get the most popular ones, I'll try to do a part 2 with Kaspersky, ESET and others.
    Why is the file encryption slow, maybe it would be detected if it was fast? False. The encryption is fast, the version used in the test is slow cause of added delays b/w files, we tested all versions with these products and the ones that failed to detect also failed when run without the delay where the whole process happens in seconds.
    How is this a malware simulation, isn't it like 7zip encrypting files? No. This is custom code that is unsigned and obfuscated that encrypts files like ransomware without asking the user. 7zip is a trusted application, with a cli and nothing like the file we are running.
    If any vendors want help with improving their detections or get in touch with our community members who helped with the test, I'd be happy to facilitate. Our goal is to improve cybersecurity for everyone.

    • @vjay4297
      @vjay4297 3 місяці тому +11

      Hi, can you please include MS defender with One Drive in your next video. I'm curious to know if OneDrive's claim that it protects you from ransomware is valid. I've seen it asking for rollback if you change a lot of files. Does this behaviour of OneDrive enable MS defender to kick in and save the day??

    • @jairo8746
      @jairo8746 3 місяці тому +23

      It is time to completely ignore Kaspersky.

    • @MrComplainer
      @MrComplainer 3 місяці тому +11

      Don't forget Malwarebytes

    • @kingofstrike1234
      @kingofstrike1234 3 місяці тому +2

      I would like to see virus total and malwarebytes. Also, can you test the prevention rate in another video ( can it detect malware file before you run it / while downloading ), and can you add percentage scoring into the code ( % of corrupted files vs protected files )

    • @nathanyong8060
      @nathanyong8060 3 місяці тому +6

      Don't forget Norton

  • @EricParker
    @EricParker 3 місяці тому +553

    Great showing for Bitdefender! I like this as a realistic comparison, given a lot of malware attacks are able to get around signature detection, especially when the EDR is known to the attacker.

    • @pwhittak88
      @pwhittak88 3 місяці тому +39

      @EricParker so legends watch other legends. Nice to see you here. To anyone who does not know this guy check him out now. Excellent source of knowledge. Much respect.

    • @realsleepi
      @realsleepi 3 місяці тому

      ​@@pwhittak88agreed if you're on this channel you'll love Eric!!

    • @Krullfath
      @Krullfath 3 місяці тому +5

      Bitdefender didn't roll back the encrypted filesz did they?

    • @rootdevelopment
      @rootdevelopment 3 місяці тому +13

      @@Krullfath They did not; They deleted the files and just called it a day :)

    • @East13566
      @East13566 3 місяці тому +1

      Hey eric

  • @HCG
    @HCG 3 місяці тому +352

    For everyone asking for Kaspersky and other AVs, he commented under another comment that he will be doing a part 2 with Kaspersky, ESET and other AVs.

    • @onlywolf9981
      @onlywolf9981 3 місяці тому +22

      I hope, i'm excited to see the result but i don't think ESET and Kaspersky will have trouble to detect the ransomware.

    • @2235-n7x
      @2235-n7x 3 місяці тому

      @@onlywolf9981 hope not massive eset enjoyer.

    • @horizont6172
      @horizont6172 3 місяці тому +6

      Thank god, I’m using Kaspersky rn

    • @TiagrajI
      @TiagrajI 3 місяці тому +5

      Yes kaspersky!

    • @Chikowski101
      @Chikowski101 3 місяці тому +16

      kaspersky is the best competitor to bitdefender it's more light weight and less resource intensive and less expensive for a non-american it's a great relief

  • @stage6fan475
    @stage6fan475 3 місяці тому +84

    7:00 'There goes the library of Alexandria'

  • @jamesparker7939
    @jamesparker7939 3 місяці тому +55

    Love seeing Bitdefender do well. Been my go to for a long time.

    • @cokezero1
      @cokezero1 3 місяці тому +1

      🙌🙌

    • @rootdevelopment
      @rootdevelopment 3 місяці тому +9

      Bitdefender did stop it; but the files that were encrypted were just deleted. So hopefully if you encounter ransomware in the future with Bitdefender, pray that the first few files it deletes aren't crucial.

    • @dk-ib8ok
      @dk-ib8ok 3 місяці тому +7

      @@rootdevelopment Yes, damage was minimized but not fully prevented by Bitdefender. Still better showing than others.

    • @HAYWIRE2466
      @HAYWIRE2466 2 місяці тому

      Combo with Onedrive should be workable, right?

    • @ShantanuBaviskar
      @ShantanuBaviskar Місяць тому

      @@HAYWIRE2466 I think so, so long as the encrypted file was backed up by OneDrive

  • @tonyrivera7048
    @tonyrivera7048 3 місяці тому +32

    You are defintely my favorite cybersecurity content creator by far. No cringe weird marketing tactics that only work on 12 year olds or anything. Straight to the point, no bs, I love it

    • @Chucho992
      @Chucho992 2 місяці тому +2

      agreed, this channel is a gem for me.

  • @fhgnius
    @fhgnius 3 місяці тому +47

    That is really interesting information! Would absolutely love to see n episode directly comparing business products from SentinelOne, Crowdstrike, ESET, Bitdefender, and whichever other endpoint there is against a large malware collection. I think as far as a single new malware this video is basically that (minus ESET), because I doubt the detection engine in personal vs business products is any different, but they are set up quite differently so would be interesting to see - and probably an extremely valuable resource for small businesses.

    • @madness1931
      @madness1931 3 місяці тому +6

      I'd also add in Kaspersky. I know some folks in the community don't like them, due to Russia, but they've proven to be very effective in the past.

    • @fhgnius
      @fhgnius 3 місяці тому +3

      @@madness1931 I used them in the past, but as someone in the US, that's no longer an option, which is why I didn't mention it.

    • @logician44
      @logician44 3 місяці тому +2

      ​@@fhgniusus citizens aren't allowed to use products that detect the backdoor efforts of the alphabet crew. Safe and secure ...

    • @Light-uw5es
      @Light-uw5es 3 місяці тому

      the government should use their own trusted companies, this isn't just related to Kaspersky but as a general rule. Now Kaspersky is fine for everyone else.​@@fhgnius

  • @HTW_1
    @HTW_1 2 місяці тому +4

    So thankful I have a 10 user ultimate security license for Bitdefender for myself, wife, my daughters and their boyfriends. This video was certainly very comforting that I made the right decision. Thanks Leo.

  • @BOOSTEDDUDE
    @BOOSTEDDUDE 3 місяці тому +7

    Wow, Bitdefender did really good! Sophos also but I like how Bitdefender has the graphical display of the files.

  • @TheawesomeMCB
    @TheawesomeMCB 3 місяці тому +15

    I’m an little surprised that bitdefender didn’t restore the files, I mean in the ransomware remediation section there is an option to have to checked to automatically restore files that were encrypted by ransomware, and an manual button to restore files that have been encrypted. Great video though Leo!

    • @youtuvi7452
      @youtuvi7452 2 місяці тому

      I may be wrong, but Leo used the free version, maybe that didn't apply the remediation?

    • @WantedForTwerking
      @WantedForTwerking Місяць тому

      @@youtuvi7452 yeah the free version needs you to click restore manually. in gravity zone there are options to do this automatically and I think the paid version of home as well. ( could be wrong with the consumer BD versions, don't deal with them much)

  • @Sunny-n7b
    @Sunny-n7b 3 місяці тому +11

    Excellent video @pcsecuritychannel ,It seems likely that behavior analytics aren't enabled for the CS product, as files are being encrypted and deleted immediately, which should be flagged by behavior monitoring. However, the key takeaway is spot on-it's crucial to pentest your high-cost solutions and regularly audit your prevention policy settings. Very informative.

    • @Light-uw5es
      @Light-uw5es 3 місяці тому +1

      ClownStrike 🤡 just sucks

  • @Ponyo3816
    @Ponyo3816 3 місяці тому +133

    Now do Malwarebytes EDR and Roll Back protection.

    • @kecourt
      @kecourt 3 місяці тому +6

      Yes please.

    • @cliffordjamesbloomfield4161
      @cliffordjamesbloomfield4161 3 місяці тому +2

      Agreed!

    • @Chikowski101
      @Chikowski101 3 місяці тому +5

      malwarebytes more like "malware-bites" , kaspersky is definitely a better substitute to all of them

    • @Ponyo3816
      @Ponyo3816 3 місяці тому +16

      @@Chikowski101 I would never buy that Russian backdoor software friend.

    • @Chikowski101
      @Chikowski101 3 місяці тому +4

      @@Ponyo3816 it's okay brother

  • @ek2719
    @ek2719 3 місяці тому +5

    Good video. Sophos will restore any files encrypted before the alert, I.e before the behaviour is recognised to be malicious.

  • @xpower7125
    @xpower7125 3 місяці тому +34

    crowdstrike is the best one, it won't make you run the file because it will make your pc bootloop

    • @_vindicator_
      @_vindicator_ 2 місяці тому +5

      360 degree protection, no way to boot, completely safe

  • @dennisdefotis3553
    @dennisdefotis3553 3 місяці тому +35

    I have heard that some cybersecurity insurers are requiring the insured company to use an EDR as part of their security solution. Which makes this report even more interesting.

    • @friendoflaphoroaig
      @friendoflaphoroaig 3 місяці тому +2

      Some insurers will give you a discount on your premium if you enroll in certain MDR providers. I have not heard of them making it mandatory - not that you are wrong, I just hadn't heard of it. Are you able to name the carriers that make EDR a requirement?

    • @dk-ib8ok
      @dk-ib8ok 3 місяці тому

      Looks like Sophos is the only solution to not just detect, but block and reverse the attack fully with restoring all files!
      Closely followed by Bitdefender that managed to stop the attack quickly but files got lost.
      S1, Crowdstrike and Microsoft Defender seem to have missed this.
      Insurance should definitely take that into account as this is where damage will occur.

  • @daemonspudguy
    @daemonspudguy 3 місяці тому +15

    New Danooct1 video and a new and unknown ransomware video from TPCSC. Today is good.

  • @velo1337
    @velo1337 3 місяці тому +307

    imagine paying big bucks for crowdstrike and still your data is gone

    • @ТоварищКамрадовСоциалистКоммун
      @ТоварищКамрадовСоциалистКоммун 3 місяці тому +14

      crowdstrike is meant to prevent from outer attacks. It has a better chance to stop downloading the malicious soft. I might be wrong but it probably has nothing or little to do with files already located at your PC

    • @vaidkun
      @vaidkun 3 місяці тому +51

      @@ТоварищКамрадовСоциалистКоммун outer attacks? the file somehow still got on the pc to execute or was it just born on the test VM?

    • @ТоварищКамрадовСоциалистКоммун
      @ТоварищКамрадовСоциалистКоммун 3 місяці тому +14

      the file doesn't just appear on a PC, right? it's either created by the user, and hence it's his/her responsibility,
      or downloaded from outside, normally internet. The traffic analysis is the main task for many corporate security suits. It totally makes sense for many realistic scenarios, including outer attacks, like DDOS etc

    • @Mario583a
      @Mario583a 3 місяці тому +1

      Oops!
      𝕄𝕪 𝕤𝕪𝕤𝕥𝕖𝕞 𝕔𝕣𝕒𝕤𝕙𝕖𝕕.
      𝔹𝕦𝕥 𝕀 𝕙𝕒𝕕 𝕒𝕟 𝕒𝕟𝕥𝕚𝕧𝕚𝕣𝕦𝕤.

    • @satorugojo9833
      @satorugojo9833 3 місяці тому +7

      imagine paying big bucks cybersecurity companies and your data is still sold by the big international companies 😂😂😂

  • @GodofLibra
    @GodofLibra 3 місяці тому +45

    Hey, I am Sophos Security engineer, I do see that you are using the home premium version here, but I would like to share that the enterprise solution which is sophos central endpoint has more behavioral based component which is HMPA along with the XDR data collection.
    My suggestion would be to test the sophos endpoint rather than the home version as the endpoint product is more targeted towards enterprise solutions.
    Otherwise love watching you videos and you are making a serious contribution to the cybersecurity fields. Keep up the good work. Cheers!

    • @eabelcourt
      @eabelcourt 3 місяці тому +36

      As he said at 7:15 the home and enterprise product "behaved exactly the same" so only showed one. It's actually a major plus point that the home product beats out the enterprise products and was shown instead of IX EDR, that's the takeaway for your free marketing.

    • @mathiasdeweerdt1400
      @mathiasdeweerdt1400 3 місяці тому +7

      He did mention, if he showed the free or home versions, that the enterprise variant performed exactly the same

    • @presjar4016
      @presjar4016 3 місяці тому +25

      Why don't Sophos provide the same protection to home users? Seems scummy.

    • @compmanio36
      @compmanio36 3 місяці тому +8

      @@presjar4016 Every AV provider does this. Why have a paid expensive version if the home or free version does exactly the same?

    • @xszl
      @xszl 3 місяці тому

      @@compmanio36 Why have a free version if it just gives a bad experience and is pretty useless?
      It wont get people to pay for it.

  • @BLIZZnBLASTER
    @BLIZZnBLASTER 3 місяці тому +7

    glad to see sophos still perfomes well in you tests since i've been using ever since you first showcased it in you channel and back then it was the best in you tests, because of the build in hitman pro

  • @SysTek2000
    @SysTek2000 2 місяці тому +6

    Great video! Would really like to see M365 Defender for Endpoint if you are able to. Would be neat to see how Microsoft's EDR solution fares.

  • @patrikondo7684
    @patrikondo7684 3 місяці тому +19

    I love how the program thread is called "Womp 1.0" 7:56

  • @Official_M000N
    @Official_M000N 3 місяці тому +1

    I've been watching your channel for awhile now. It has helped me in my career for Cyber-Security. I got accepted into a university for my bachelors degree. I'll let you know how I do in 4 years!!

  • @BeesCantSwim
    @BeesCantSwim 3 місяці тому +18

    I'd like to see MalwareBytes with this test.

  • @andrewortiz8044
    @andrewortiz8044 3 місяці тому +66

    Crazy how the 2 companies that brag about being ‘next-gen AVs’ lose to a ‘legacy AV’

    • @DamirUlovec
      @DamirUlovec 3 місяці тому +3

      Well, not the first time that marketing team must do something to get the product on the market. That's why we never should trust marketing claims.

    • @runge340
      @runge340 3 місяці тому +16

      That’s just one case, one malware. That does not cover the whole landscape.
      Also, these products need to be configured correctly. He didn’t show his setting which is not professional behavior.

    • @A42yearoldARAB
      @A42yearoldARAB 3 місяці тому +5

      @@runge340 They lost, no excuses he mentioned that he turned everything on.

    • @runge340
      @runge340 3 місяці тому +19

      @@A42yearoldARAB no, he specifically mentioned that he had the malware detection on moderate. Those are enterprise solutions requiring enterprise configuration. This guy is kind of clueless when it comes to enterprise solutions.

    • @Trustmebro091
      @Trustmebro091 3 місяці тому +1

      @@runge340 that’s the impression I’ve got too. Have had SentinelOne configured correctly with Huntress on thousands of endpoints. Many ransomware attack attempts and not a single one got through. I’ve also managed CrowdStrike. Same thing. He even put EDR solutions and used the built in Defender instead of Defender 365. There’s a difference. Video is very misleading and leaves out details. Not a video that I would base my own XDR research on.

  • @DudditsJoeFinemusic
    @DudditsJoeFinemusic 3 місяці тому +12

    I don't want to brag, but being a Romanian, i have to give to the rest of the world(those that still have no clue what Bitdefender is) this piece of information here:
    Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East. The company was founded in 2001 by the current CEO and main shareholder, Florin Talpeș. Wikipedia

    • @ahmed92
      @ahmed92 3 місяці тому

      Everyone knows that, and greetings to you from Egypt

  • @dk-ib8ok
    @dk-ib8ok 3 місяці тому +12

    Looks like Sophos is the only solution to not just detect, but block and reverse the attack fully with restoring all files!
    Closely followed by Bitdefender that managed to stop the attack quickly but files got lost.
    S1, Crowdstrike and Microsoft Defender seem to have missed this.
    Can you run this same attack but this time doing a remote execution? Meaning the ransomware is run remotely which is a popular approach in ransomware right now?

  • @Turco949
    @Turco949 3 місяці тому +4

    Leo, it would be really interesting if you could include two other components to a test like this: 1) A synch tool like OneDrive or Dropbox 2) An external drive that has a copy of a few of each typical file types. This would allow people to see what would happen if they have their backup drive connected or a file sync app running when such a threat hits.

    • @SmilerRyanYT
      @SmilerRyanYT 3 місяці тому

      In terms for cloud syncing (google drive, dropbox and onedrive) you can undelete the original files and then delete the encrypted ones. As for external drives in theory it should just act the same and encrypt those too.

  • @n3sc4ubr94
    @n3sc4ubr94 3 місяці тому +2

    Awesome video! Waiting for the part 2 with Kaspersky, Eset and others.

  • @pwhittak88
    @pwhittak88 3 місяці тому +54

    I'm a CrowdStrike engineer (and a fan boy) and would love to review what settings you have opted for in your prevention policy. I don't expect a reply but I had to offer.
    Edit - excellent video that is really valuable. Many of these enterprise solutions are not easily accessible for the general public to test without jumping through hoops.

    • @rikachiu
      @rikachiu 3 місяці тому +8

      Hello, we currently have crowdstrike falcon on all our endpoints and this video has me concerned. Can you provide some documentation to ensure that our CS agents running on our devices are correctly configured to protect against what is shown in this video? Greatly appreciate your help and time. I am looking at bit defender lustfully currently -_-.

    • @pwhittak88
      @pwhittak88 3 місяці тому +17

      @rikachiu unfortunately I can not and as you are aware documentation can be found when logged into the management console. Look up prevention policies and stay up-to-date with news as new features will be added and will need updating.
      Remember you will never be contacted through comments. Do not take advice from comments, they pose a huge risk.

    • @rikachiu
      @rikachiu 3 місяці тому

      @@pwhittak88 ty, appreciate the feed back. When we purchased crowdstrike, we were under the impression it would be completely managed for us, so it is definitely concerning how easily this ransomeware encrypted everything without the CS sensor even doing anything about it

    • @counterdefense
      @counterdefense 3 місяці тому +2

      ​@@pwhittak88isnt it obvious he doesn't have the product and only wants the documentations?

    • @aussiegruber86
      @aussiegruber86 3 місяці тому +9

      I just get Bluescreens 😂

  • @Pyrelil
    @Pyrelil 3 місяці тому +2

    I would like to see more consistent tests with the same actions for every single run, if you check something on one edr, you should do the exact check (if possible) on the rest. I think it would be super helpful for you to go through all the settings of each one. While you said these were from all different tests when doing a lot of tests, but without that consistency the video is, just trust us.

  • @darthbubba866
    @darthbubba866 3 місяці тому +6

    I don't use any of the tested security programs, except the USB stick bootable Bitdefender utility, but I appreciate your efforts.

  • @anonymous6666
    @anonymous6666 Місяць тому +1

    "just to make this video more exciting" actually got me on the edge of my seat

  • @InaMopar
    @InaMopar 3 місяці тому +3

    Let’s go I just bought Bitdefender 2 days ago

  • @HAYWIRE2466
    @HAYWIRE2466 2 місяці тому +2

    Good to see Bitdefender working as expected.

  • @JaneWayne-u1m
    @JaneWayne-u1m 3 місяці тому +7

    Any Chance to get this test with a remote ransomware attack?
    would be fascinating to see, how the respective solutions act, when the ransomware is not running on the target system, but accessing the fileshare of a system running the endpoint protection.

    • @dk-ib8ok
      @dk-ib8ok 3 місяці тому +3

      That's super relevant to current threat landscape - we need to see this in a test!

  • @the_2663
    @the_2663 3 місяці тому +1

    Thank you for doing independent testing.

  • @cleverman234
    @cleverman234 3 місяці тому +34

    any chance to include ESET , Kaspersky and Malwarebytes?

    • @pcsecuritychannel
      @pcsecuritychannel  3 місяці тому +19

      Yup, thinking of doing a part II with those.

    • @Thiccum069
      @Thiccum069 3 місяці тому

      Only sponsored one's allowed

    • @shabsZA
      @shabsZA 3 місяці тому

      As well as f secure

    • @nelsone.hernandez6654
      @nelsone.hernandez6654 3 місяці тому +1

      Trend Micro would be nice too

    • @blk-00000
      @blk-00000 2 місяці тому

      ​@@pcsecuritychannel see how Symantec endpoint protection holds up nowadays that its transferred to Broadcom

  • @JosephHardy-hx5od
    @JosephHardy-hx5od 2 місяці тому

    If you are expecting the separation of Admins and Users to be your primary safety net nowadays, then you are in for trouble. Having safeguards even on admin executed tasks can be annoying, but it can also be life saving. This video is a good example of why heuristic detection exists, thanks for posting this.

  • @ChairmanMeow1
    @ChairmanMeow1 3 місяці тому +9

    I honestly expected Microsoft AV to catch it.

    • @arsh6212
      @arsh6212 3 місяці тому +4

      Thats why im honestly skeptical of this video. I have had programs (crackmes) quarantined for just using XORs and simple obfuscation, txt documents blocked for having php shell scripts that have literally nothing to do with the OS and others, from Windows Defender alone (non enterprise of course).
      Something isn't adding up here hopefully he releases the mock malware code that was used so there can be some more context.

    • @cristiannunez372
      @cristiannunez372 2 місяці тому

      @@arsh6212 "Unknown Ransomware" Says it all...

  • @Rue21341
    @Rue21341 3 місяці тому +33

    i miss Kaspersky

    • @arvydasurbonavicius5170
      @arvydasurbonavicius5170 3 місяці тому +4

      Kaspersky is malware in the next level

    • @Wahinies
      @Wahinies 3 місяці тому

      ​@@arvydasurbonavicius5170proof?

    • @MrDomingo55
      @MrDomingo55 3 місяці тому

      @@arvydasurbonavicius5170 If I was living in Russia maybe I would use Bitdefender. If I was living in USA, I would Definitley use Kaspersky. There is a reason Kaspersky is a target of US authorities; Kaspersky likely would not ignore NSA / FBI /MI6 malware and Kaspersky likely rejected any such request. All other AV software is likely designed to ignore such 3LA generated malware.

    • @danielivo5313
      @danielivo5313 3 місяці тому

      @@arvydasurbonavicius5170 Bias much? By that logic you have malware in your PC too. Even Windows is spyware.

    • @azeQify
      @azeQify 3 місяці тому

      ​@@arvydasurbonavicius5170but that applies only to the few believing in it.

  • @JohnDontFollowMe
    @JohnDontFollowMe 3 місяці тому +1

    I love these tests.

  • @ROREAX
    @ROREAX 3 місяці тому +5

    I recall making a recommendation to you a while back in one of your previous videos to test enterprise EDR solutions, so It's nice to see you do this, however the main issue with this experiment is that you didn’t show how any of the prevention policies were configured. Crowdstrike Falcon, when properly configured with the prevention polices all enabled, specifically for ransomware, ML, and cloud based analysis, would have blocked this threat without issue. The long sleep is a dead giveaway for ML/Heuristics. Not trying to critique the video too harshly, just wanted to suggest that showing each product in its best possible configuration will give more accurate results.

    • @pcsecuritychannel
      @pcsecuritychannel  3 місяці тому +1

      The prevention policies were all enabled so that is just not true. I demonstrated that with a different ransomware sample. I don't show the policies on video for privacy reasons since many of these tests were configured by community members.

    • @enigma3474
      @enigma3474 3 місяці тому +7

      ​​​@@pcsecuritychannel then your test is invalid if you can't show us the settings . You need to be transparent. If not then there's no point in doing these tests and you're chasing clout.

    • @ROREAX
      @ROREAX 3 місяці тому +4

      @@pcsecuritychannel Thanks for the prompt reply. I'm not sure I completely understand your response as it relates to privacy concerns as nothing in the CS tenant prevention policy gives away any sort of identifying or sensitive information however, with that said, would you be willing to share the sample of the example ransomware you ran on the CS box? I'll gladly run this in my own Crowdstrike tenant, record a video, and show you it mitigating this threat with the proper prevention policy configured.

    • @enigma3474
      @enigma3474 3 місяці тому +1

      ​​@pcsecuritychannel either have better transparency and stop making excuses or don't make these videos. Share the hash of the file used. Or else this is chasing clout

    • @lightningrodofh8509
      @lightningrodofh8509 3 місяці тому

      @@enigma3474 Are you paid by Crowdstrike or something? Clearly the software sucks in you need to make a bunch of changes from the default settings to make work as good as Bitdefender out of the box.

  • @ForzaE2
    @ForzaE2 3 місяці тому +1

    I can't wait for part2, thank you.

  • @dlt9621
    @dlt9621 3 місяці тому +6

    Prevention is key which is why ThreatLocker is needed over detection software.

    • @imKanda
      @imKanda 3 місяці тому +1

      Threatlocker can only be installed on Windows so how exactly does it cover the need for IDS?

    • @imKanda
      @imKanda 3 місяці тому +1

      @@dlt9621 the threatlocker koolaid going CRAZY

  • @noobnoob-c137
    @noobnoob-c137 3 місяці тому +1

    Love the channel and thanks for all of your extensive tests man!
    A few others have stated that you should show the EDR's settings and I agree. I mean even the bad guys can obtain a free trial if they really want to, so I don't see a reason why you can't show it. No need to show ALL the policy settings or anything, but the main detection setting is critical for managed EDR products like S1, CS, Webroot, Malwarebytes, etc. (Maybe do another more in depth video on your "TPSC Business" channel and link it here?)
    For SentinelOne, it did look as if you set it to "Detect" only, can you please confirm?
    I would have liked for you to have shown the endpoint in the dashboard under "Incidents" at the end showing in fact that nothing was detected. This is a business and managed product after all which REQUIRES a tech to confirm the detected results.
    If you had in fact set both settings to "Protect" and "Rollback" or at least Remediate, would this still have occurred (I have doubts). Otherwise this is a severe issue and S1 should see this video and take action with the highest priority.
    Please Look at Lawrence Systems's video from 2yrs ago showing that exact setting.
    ua-cam.com/video/SSDITOd56Os/v-deo.htmlsi=K-q-VFJIv3AgVyBz&t=725

  • @sandeeepkiran1130
    @sandeeepkiran1130 3 місяці тому +10

    Malwarebytes, Kaspersky & Huntress next please

    • @abrahamdeutsch3175
      @abrahamdeutsch3175 3 місяці тому

      “Huntress does not provide protection; it can isolate a computer, but it won’t completely prevent encryption on this computer

    • @dk-ib8ok
      @dk-ib8ok 3 місяці тому

      @@abrahamdeutsch3175 Huntress fully relies on Defender to prevent. It would be helpless here.

  • @a-ezzat5677
    @a-ezzat5677 2 місяці тому

    you are my best instructor ever , greetings from egypt

  • @jgaming2069
    @jgaming2069 3 місяці тому +15

    Holy shit dude please turn down the bell 🔔 sound effect

  • @vipinramesh6005
    @vipinramesh6005 3 місяці тому +1

    Awesome video! Surprised to see most of the major EDR didn’t detect weird behaviour on the machine as real time detection is one of the key components of EDR.
    One addition to running the EDR with real time, exploit detection etc. , do we need to implement much more tighter policies like quarantine any files that initiates certain child processes, renaming of a file to .exe? I’m certain Defender has attack surface reduction feature, not sure about other EDR

  • @DimitriRytsk
    @DimitriRytsk 3 місяці тому +3

    1.26 Why Windows Defender SmartScreen did not popup when you click on exe? It looks like ‘Check apps and files’ is Off in ‘App & browser control’ tab which you did not show at 0:50

  • @gr0wnup5
    @gr0wnup5 3 місяці тому +2

    Skipped directly to the Crowdstrike test, coz I was too curious 😅
    Very Expected I guess, Thank you PCSC for your work 👏

  • @knuthansen8524
    @knuthansen8524 3 місяці тому +55

    Will Kaspersky also be sanctioned here now?

    • @pcsecuritychannel
      @pcsecuritychannel  3 місяці тому +151

      Planning a part 2 with Kaspersky, ESET and others.

    • @Blackdeath939
      @Blackdeath939 3 місяці тому +27

      ​@@pcsecuritychannelyou should pin that before the dislikes run in

    • @Gateastrologykc
      @Gateastrologykc 3 місяці тому

      @@pcsecuritychannel include zonealarm as well, they use sophos and their own engine and xcitium

    • @josemmm11
      @josemmm11 3 місяці тому +3

      @@pcsecuritychannel I will love to see this. Kaspersky EDR or Kaspersky Antivirus?

    • @Capt-Intrepid
      @Capt-Intrepid 3 місяці тому +3

      Kaspersky will no longer be supported in the USA after September 30, 2024.

  • @real45x63
    @real45x63 2 місяці тому

    This was a *BIG* reason as to why I recently chose Bitdefender for my Mac (Yes, Macs get malware too 😅) Ransomware is causing a lot of havoc around the world, and Bitdefender's technology easily detects it!

  • @testaaa88
    @testaaa88 3 місяці тому +3

    Is this Windows Defender (free and embedded) or Defender for Business (commercial product like CrowdStrike) with all EDR and a
    attack surface reduction enabled?

  • @enkaskal
    @enkaskal 2 місяці тому

    interesting…was surprised to see bitdefender instead of eset so looking forward to part 2 😀👍

  • @z3row0rm
    @z3row0rm 3 місяці тому +5

    I really enjoy your humor @0:30, can't get enough of these videos!
    Edit: CrowdStrike LMAO

  • @justyouraveragelurker
    @justyouraveragelurker 3 місяці тому +2

    I think everyone can agree that for enterpise EDR like CS and S1 you should show us the configuration.

  • @shaffiq
    @shaffiq 3 місяці тому +20

    Are you currently using Windows Defender Antivirus, or do you have the full Microsoft Defender for Endpoint (MDE) solution implemented? This will help us determine the level of security you're working with.
    Windows Defender Antivirus and Microsoft Defender for Endpoint are distinct solutions. You can't compare a consumer antivirus like Windows Defender Antivirus with something like CrowdStrike, which is an EDR solution. A fair comparison would be between CrowdStrike and Microsoft Defender for Endpoint, as both are EDR solutions.

    • @Scio-to1ur
      @Scio-to1ur 3 місяці тому +7

      This isn’t Defender for Endpoint you can tell by the fact the security settings can be manipulated amongst other things. He claims Defender was configured with its full protection, but I guarantee its cloud protection level is on “default/normal” and cloud check timeout wasn’t at 60 seconds.

    • @IPendragonI
      @IPendragonI 3 місяці тому +1

      Yeah that's definitely not MDE.

    • @stevevujnovich2990
      @stevevujnovich2990 3 місяці тому

      I wish that he would have shown if the "Controlled Folder Access" was enabled as well under the Ransomware protection for Windows Defender.

  • @Flames-nx2qq
    @Flames-nx2qq 3 місяці тому

    Wow u have improved X10000

  • @roelofdirkx1623
    @roelofdirkx1623 3 місяці тому +5

    Eset would have been a very good addition to the test!
    Eset gets to little tested.

  • @Treamsc
    @Treamsc 2 місяці тому

    Thanks for testing all of these programs

  • @alexramossr
    @alexramossr 3 місяці тому +9

    No Malwarebytes?

    • @videogamebot1211
      @videogamebot1211 3 місяці тому

      this videos for enterprise antiviruss only aka ones for critical company computers and servers. Next video will be regular anti viruses I believe.

  • @mellowtones1985
    @mellowtones1985 3 місяці тому +1

    Nice video, requesting Xcitium/Comodo in next test.

  • @ad5786
    @ad5786 3 місяці тому +3

    Would be intresting to do the same test with Microsoft Defender for Endpoint EDR.

    • @dk-ib8ok
      @dk-ib8ok 3 місяці тому

      no difference as the EDR tools comes with no additional ransomware protections

    • @ad5786
      @ad5786 3 місяці тому +1

      @@dk-ib8ok Not protection, but additional detetctions, MDE has some more capabilities then WDAV

  • @Jason-zh7wo
    @Jason-zh7wo 3 місяці тому

    Great demonstration! Thanks

  • @davidc5027
    @davidc5027 3 місяці тому +9

    Interesting results -- There is a lot of unknown details with the enterprise versions. For Crowdstrike, I see Leo said the Prevention settings were set to "moderate". Crowdstrike Prevention settings are "disabled", "cautious", "moderate", "aggressive" and "extra aggressive". I would NOT think "most" would use "moderate" settings (I know I don't). Having said that, I'm not sure "aggressive" would have behaved any differently in this test. Would have liked to see further testing. 6 figures? Ha! Enterprises are in 7 figures these days (Especially if leveraging MDR). False sense of security? Not I. That's why you carry insurance, do vulnerability testing, perform system hardening, do annual cyber assessments, do employee training, patch management, Disaster Recovery, not to mention all the other facets of Cyber that greatly increase costs in an effort to reduce risks. Even doing everything you can, it takes one sample, like Leo is demonstrating, to ruin a weekend or longer.

    • @nicolassama2740
      @nicolassama2740 3 місяці тому +1

      What CS would say is that the malware does not represent the attacks they see in the real world and thus, wasn't blocked, which is a fair thing to say, EDRs products you can't add overrides/exclusions without the security team reviewing the event and giving it a thumbs up or not. Our team did a similar test to this video and CS missed it, S1 blocked it but also had more false positives on other legitimate software.
      It's hard to imagine an actual ransomware would leave a window visible and output the files its encrypting. Some AV products keep track of the files accessed by processes and lock anything hat modifies/opens files in disk at a high frequency, whether it's ransomware or not doesn't matter, it will trigger the ransomware protection. Is it nice? Probably, in some cases, particularly in consumer-grade computers, but this kind of mitigation is prone to false positives and can be bypassed by higher-complexity attacks.
      A ransomware goes beyond encrypting files, it should delete shadow copies/backups, it should be fast and target other services that are typically non existent on customer-grade computers, I understand a file acting like a ransomware is something people want to see blocked but when you look at the whole picture, it's a different paradigm of malware, malware that targets ent setups is specialized on those.
      I still think EDRs/MDRs/XDRs have a ton of flaws but IMO this video doesn't do a good job at pointing them,. Regarding the configuration, IIRC medium is recommended for tier3 workloads where a compromise is like... whatever, aggro and very aggressive are the go-to, but I don't think it would have made any difference in this case.
      I believe the reason why settings aren't shown is because both EDRs have a clause that forbids public benchmarks without consent so. this makes it harder to track the accounts being used; if S1/CS want to track the original account they will have to do some digging.

    • @Scio-to1ur
      @Scio-to1ur 3 місяці тому +3

      Leo is also demonstrating why properly configuring your XDR solution is important. There are at least a dozen settings in CS and without seeing their configuration the results are something to take with a big grain of salt.

    • @davidc5027
      @davidc5027 3 місяці тому +1

      @@Scio-to1ur I agree with what you are saying, as well as some times I wonder if Leo doesn't have an axe to grind (I don't have to wonder). Also, you are absolutely right about the settings, because there's quite a few options. Having said that I've got this little guy on my shoulder telling me even with the most optimal settings, the test would not have ended any differently. Clearly this test shows Crowdstrike has work to do with their product. If I were Crowdstrike, I would get that sample from Leo, and learn from it.

    • @davidc5027
      @davidc5027 3 місяці тому

      I did more research -- It could be aggressive would have blocked this.. why? the detections between moderate and aggressive are pretty much the same. The difference is aggressive automatically blocks more. We never saw the Crowdstrike dashboard and what it detected due to it being in moderate mode. It could very well be aggressive would have blocked it.

  • @davidg3944
    @davidg3944 3 місяці тому

    Thanks. Even for this non-computer jock, this was eye-opening...

  • @zetectic7968
    @zetectic7968 3 місяці тому +16

    Bitdefender FTW! 😃

  • @kaikiefer2016
    @kaikiefer2016 7 днів тому +2

    You say "pretty much everything turned on"... would like to start seeing your policy settings

  • @snubbelbuff1471
    @snubbelbuff1471 3 місяці тому +10

    Ooooh! 'CrowdStrike:'! Spicy!

  • @tbard
    @tbard 3 місяці тому

    Pretty much the result I expected from everyone of them, except Bitdefender, that was a nice surprise. If you're going to do a part 2 as you wrote, mind adding some Open Source alternatives like Wazuh? I honestly I am not expecting much, but it would be nice to compare the few open source solutions around to commercial ones!

  • @AgentM124
    @AgentM124 3 місяці тому +4

    How would a system differentiate between a user deliberately encrypting some sensitive data, and some malware encrypting it?

    • @ТоварищКамрадовСоциалистКоммун
      @ТоварищКамрадовСоциалистКоммун 3 місяці тому +3

      normally it should be based on a program signature. No valid digital sign, no data access without clear administrator permission. Tht's the reason why I'm usually very skeptical about tests like this )

    • @TungstenViper
      @TungstenViper 3 місяці тому +1

      Maybe because the encryption is done systematically and in 1 go. Also usually the user needs to specify the files that he wants to encrypt

    • @bobcrusader
      @bobcrusader 3 місяці тому +2

      Exactly - this test could simply have run 7Zip with a command line, and zipped all the documents with a password and it would look exactly the same. No ransom notes? No extension changes?

    • @ТоварищКамрадовСоциалистКоммун
      @ТоварищКамрадовСоциалистКоммун 3 місяці тому

      7Zip if I remember has no digital signature recognized by Certificate Authorities. It could certainly be a bad encryption program )
      I guess 7Zip is somehow put into a white list, to avoid false positive detections

    • @incandescentwithrage
      @incandescentwithrage 3 місяці тому +1

      ​@@bobcrusaderYeah if I was performing an operation like that on a batch of files *with script console output* , I'd be annoyed if the AV kept getting involved

  • @lukes4720
    @lukes4720 2 місяці тому

    Great demo thanks well done.

  • @eek0212
    @eek0212 3 місяці тому +9

    this is why organization should get the backup sollution too not just EDR or Anti Vrisus. these days backup sollution have feauture alarm the administrator when they notice massive amount of file change during backup procedures and this can be very useful for the organizations to detect ransome ware situation much earlier and also you could restore with backed data.

    • @IPendragonI
      @IPendragonI 3 місяці тому

      SentinelOne comes with VSS snapshot capability for ransomware rollback

    • @imKanda
      @imKanda 3 місяці тому

      "detect ransome ware situation much earlier and also you could restore with backed data"
      you wouldn't know the data is encrypted until the next backup job, which normally runs once every 24 hours. backups are not a useful tool to detect ransomware. security in layers has been the approach for any competent IT , utilizing EDR + immutable backups + zero-trust to thwart phishing, malware, ransomware, and loads more.

    • @Scottdvz
      @Scottdvz 3 місяці тому

      Rubrik has that capability.

    • @Light-uw5es
      @Light-uw5es 3 місяці тому

      ​​@@IPendragonIworks well for common malware but it sucks against ransomware. Only Kaspersky has true rollback action.

    • @IPendragonI
      @IPendragonI 3 місяці тому

      @@Light-uw5es What are you talking about. Rollback is literally meant for ransomware. I wouldn't trust Kaspersky if it was the only AV on the market.

  • @DevilbyMoonlight
    @DevilbyMoonlight Місяць тому

    Top work!

  • @Chikowski101
    @Chikowski101 3 місяці тому +10

    kaspersky will out-smoke all of them , kaspersky is the snoop dogg of AVs

    • @od1sseas663
      @od1sseas663 3 місяці тому +2

      True.

    • @nelsone.hernandez6654
      @nelsone.hernandez6654 3 місяці тому

      Can’t wait to see that

    • @lightningrodofh8509
      @lightningrodofh8509 3 місяці тому +2

      LOL Who in their right mind would be installing software from Russia on their computers on purpose?
      I guess some people just want to skip the middleman and go right for the malware.

    • @nelsone.hernandez6654
      @nelsone.hernandez6654 3 місяці тому

      @@lightningrodofh8509 Kaspersky is still popular outside the US and many people use it, so a lot of people is interested to see how it goes in Leo’s test

    • @Light-uw5es
      @Light-uw5es 3 місяці тому +1

      ​@@lightningrodofh8509provide proof of it being malware, the US COULDN'T and I doubt that you will.

  • @lupoal4113
    @lupoal4113 25 днів тому

    Bitdefender... my antivirus since years, I can't be more happy then so

  • @Baulder13
    @Baulder13 3 місяці тому +3

    goddamnit SentinelOne

    • @Deus_Juvat
      @Deus_Juvat 3 місяці тому

      He never showed the policies settings. I call bullshit.

    • @tg9754
      @tg9754 Місяць тому

      @@Deus_Juvat Hi Desues_Juvat, I'm new to S1 (Control version) and I've installed it on 75 endpoints. I'm still learning the product but it sounds like you are very experienced with it. If so, can you list the proper settings required to make sure ransomware is detected and stopped immediately along with making sure the rollback process is enabled? Thanks in advance.

  • @303topgun
    @303topgun 3 місяці тому +2

    A good security product should have enough default configuration from factory to provide protection from zero day attacks. Then sysadmin can further customise the product to liking. If these expensive products fail in behaviours attacks then we already lost the battle.

  • @SchiKrom
    @SchiKrom 3 місяці тому +3

    you used some non enterprise versions, right?
    like for bitdefender we use bitdefender gravityzone and i have no clue if that would protect me as well. we are about to buy crowdstrike, what exact version of crowdstrike did you test?

    • @pcsecuritychannel
      @pcsecuritychannel  3 місяці тому +3

      We use free versions for BD/Sophos simply cause it is easier to deploy. The enterprise versions block it as well.

  • @keypresspunisher
    @keypresspunisher 3 місяці тому

    super great video, please keep up the good work

  • @bumblebunny2
    @bumblebunny2 3 місяці тому +5

    other people mention run it against Acronis or F-Secure or Malwarebytes. maybe what I think would fail is Norton or McAfee! OH nearly forgot it how about Avast too?

    • @runge340
      @runge340 3 місяці тому +1

      Acronis is just Bitdefenser whitelabel lol

    • @bumblebunny2
      @bumblebunny2 3 місяці тому

      have no idea if that is so but will say even if Acronis has Bitdefender app coding inside it Acronis might act differently due to software is very different to Bitdefender? this is assuming Bitdefender is inside Acronis.

  • @andreylucass
    @andreylucass 3 місяці тому +9

    Looks like we won't be seeing Kaspersky here from now on...

    • @andrewortiz8044
      @andrewortiz8044 3 місяці тому +7

      He making a part 2 with ESET and Kaspersky and something else

  • @spierd
    @spierd 3 місяці тому +1

    Interesting video but more should be disclosed about the Malware being deployed, as was promised in the video.

  • @asinthaprabhashwara7352
    @asinthaprabhashwara7352 3 місяці тому +7

    Dear Leo, I miss Kaspersky In this test badly 😔😔😔😔😔

  • @chrisjinks5414
    @chrisjinks5414 2 місяці тому

    it would have been interesting to see what would have happened if you had enabled the Defender ASR rules. Still a great video thank you

  • @koliore
    @koliore 3 місяці тому +4

    I'm eager to see how Kaspersky will perform against this ransomware

    • @arvydasurbonavicius5170
      @arvydasurbonavicius5170 3 місяці тому

      Kaspersky is the next generation of ransomware.

    • @od1sseas663
      @od1sseas663 3 місяці тому

      @@arvydasurbonavicius5170 Nice joke.

    • @arvydasurbonavicius5170
      @arvydasurbonavicius5170 3 місяці тому

      @@od1sseas663 next generation ransomware - when you don't even suspect that your data is stolen and encrypted somewhere

    • @Light-uw5es
      @Light-uw5es 3 місяці тому

      ​@@arvydasurbonavicius5170no proof provided by the US and Germany so keep talking...

    • @arvydasurbonavicius5170
      @arvydasurbonavicius5170 3 місяці тому

      @@Light-uw5es and you don't know who they are? Insufficient argument KGB mafia? 🙂

  • @LT53
    @LT53 3 місяці тому

    Cannot wait for the second part of this.

  • @petersimmons7833
    @petersimmons7833 3 місяці тому +7

    Even with SentinelOne, you could tag any of those behaviors as a Storyline and then issue the Rollback command. It would have reversed all the encryption. Thats why it is different. Even if it “misses” it can reverse it.

    • @ТоварищКамрадовСоциалистКоммун
      @ТоварищКамрадовСоциалистКоммун 3 місяці тому +2

      people who cannot afford paid software can use free backup utilities. It's a good protection against non-legit data encryption, as well as data loss, corruption, accidental removal etc

    • @logician44
      @logician44 3 місяці тому +2

      Still way late to the party and increases the cost and man-hours of remedy.Coulda-woulda-shoulda does not hold much favour.

    • @doleph1
      @doleph1 3 місяці тому +5

      @@logician44 Spoken like someone that's not familiar with S1. It really can roll back file changes once the malicious activity is tagged, and it pushes that policy to all affected endpoints in real-time. Just showing that it didn't catch it preemptively isn't enough to showcase all the platform can do, and that's a misrepresentation of the product as a whole.

    • @petersimmons7833
      @petersimmons7833 3 місяці тому +4

      @@logician44 reversing encryption and file damage is a key differentiator that other tools don’t have. Being able to turn back time in damaged files is a key difference. All the repair bits were there in the scenario; it just wasn’t used.

    • @Scio-to1ur
      @Scio-to1ur 3 місяці тому +1

      @@logician44not having rollback enabled actually makes a gigantic difference…. Same goes with detect interactive threat. If the latter setting was enabled, that script would have been terminated.

  • @timk8869
    @timk8869 3 місяці тому +2

    I know u will be doing a part 2, but I feel like kaspersky and eset should have been in this test vs some lesser know alternatives

  • @LordMacGyver13
    @LordMacGyver13 3 місяці тому +3

    KASPERSKY?

  • @RL.777
    @RL.777 2 місяці тому +1

    Great video! Only 1question was the Bitdefender the free version or the paid?

    • @Budicles
      @Budicles Місяць тому +1

      as would I

  • @tahirahmed3747
    @tahirahmed3747 3 місяці тому +3

    What about huntress

    • @dk-ib8ok
      @dk-ib8ok 3 місяці тому

      It relies on Defender and therefore would be equally helpless as seen here in the example.

  • @Ferdinand-m7d
    @Ferdinand-m7d 3 місяці тому +1

    After the Crowdstrike issue..i'd trust Kaspersky more than ever.

  • @RickOShay
    @RickOShay 3 місяці тому +4

    Great review and test. There is absolutely no excuse. If a comparatively small company like Bitdefender can offer effective heuristic protection free of charge (albeit no product is 100% reliable and this was just one test) then these lumbering multi-billion corporate security giants can do much better.
    The fact that the majority of security products have such poor heuristics (based on other tests) - especially given how advanced AI is these days - highlights just how appalling the security industry really is. You have to wonder just how committed they really are - after all threats and risk drive sales.
    Particularly products from huge companies like Crowdstrike and Sentinel One and other enterprise solutions.
    You have to wonder how these products pass security vetting, selection and wide-scale deployment.
    It illustrates that at an enterprise level security decisions are often made in the boardroom and not in a tech lab.
    To highlight just how bad this is - bad actors are already using sophisticated AI tools to attack corporate and government enterprises - the probability of unknown malicious attacks is rapidly escalating.

  • @jacquesbrits6946
    @jacquesbrits6946 3 місяці тому +1

    Thank you for the test. Would you mind testing Acronis as well.

  • @TheShugoBR
    @TheShugoBR 3 місяці тому +8

    question, how Kaspersky goes against this same test? i have Kaspersky on my computer and on my family

    • @chadmielke1963
      @chadmielke1963 3 місяці тому

      A few months ago Kaspersky was doing a great job of blocking this behavior vs even Bitdefender so I would estimate it would fair well.

    • @TheShugoBR
      @TheShugoBR 3 місяці тому +3

      @@Vurenvoz im not in USA, and i dont think Leo is also in USA, from what i remember in one of his videos, he is from Europe

    • @TheShugoBR
      @TheShugoBR 3 місяці тому

      @@Vurenvoz their website says
      Suite 5, 5 Greenwich View Place, London, UK | Contact for Business
      © 2021 - The PC Security Channel LTD

    • @samuelmartinez6344
      @samuelmartinez6344 3 місяці тому +5

      PC Security Channel said: Planning a part 2 with Kaspersky, ESET, and others.

    • @santiniperico8627
      @santiniperico8627 3 місяці тому +2

      your family is in grave danger, get rid of that spyware if u care about security

  • @elexbeats
    @elexbeats 2 місяці тому

    Crowdstrike offers you a SOC team for your company. Yes it’s a complete shame to them that it didn’t find that behavior as ransomware, but still their SOC is another level.

  • @Emansky84
    @Emansky84 3 місяці тому +7

    sorry but instead of Windows Defender I suggest using Defender for Endpoint which is the enterprise grade endpoint security from Microsoft since this is not Apples to Apples.

    • @dk-ib8ok
      @dk-ib8ok 3 місяці тому

      Yes, only Crowdstrike, and SentinelOne solutions were enterprise...funnily enough the ones that didn't catch it

  • @TheOfficialSethos
    @TheOfficialSethos 3 місяці тому +1

    I would love to see a gaming benchmark between windows defender, bitdefender, Eset, Kaspersky etc. see which one has the least direct impact