Whenever I test AV’s, I also check the malware for testing with CCE Custom Scan & also compares it with CIS detection. And CCE always detects more than CIS as it has more powerful scanners.
I think CAV in CIS should have those powerful CCE Scanners in RealTime i.e CAV should have advanced section wherein you can enable Advance Protection/Detection of Malware i.e Enable CCE Scanners in RealTime Protection. And Proactive config may have this enabled by default. The same for OnDemand too.
What about a whitelisted malware infection that CIS isnt capable to completely remove?
I believe at sometimes, cleaning is very useful (2 in 1), no matter what AV you are using since there is no 100% protection (there will always be bypasses).
:-TD :-TD :-TD
No, no, no.
How many times will you ask about the same thing?
CIS is to prevent infection with sandbox and HIPS, it’s not specialized to clean and detection is just a background. CCE scanner produces a lot of FP too.
I’m against of any CCE and CIS integration. In fact rootkit scanner should be deleted from CIS.
I honestly believe that CLEANING and PROTECTING are 2 different things.
But I also believe that at somepoint you need both at the same time.
Why? As you would have false-positives and bypasses in the CLEANING process, you would also have bypasses and whitelisted malware infecting the so called PROTECTED “clean” PC with CIS. In other words, You will never have a 100% clean/protected PC as you would never have a 100% effective tool to clean all existing malware. At that point is where Cleaning and Protecting meet and complete each other.
I am strongly in favor of combining CCE scanners into CIS. IF it were possible for CIS to provide 100% protection then Melih’s argument would make sense, but CIS does not and never will provide 100% protection so there will be occasions where CCE capabilities are required. An example of this (which applies to any security suite) would be zero-day malware that has bypassed CIS but can be disinfected once the signatures and/or software have been updated.
If Melih were trying to market an advanced 4-wheel drive vehicle in the same way that CIS and CCE are presented it would only use 2-wheel drive for ordinary terrain, and to switch to 4-wheel drive for the really rugged stuff it would be necessary to stop the engine and manually engage 4-wheel drive from outside the vehicle. He would lose a lot of sales to the competition who could provide automatic 4-wheel drive engagement while on-the-move.
So, Melih you need to look at CIS from an ordinary user’s point of view, NOT from a technical point of view. Of course it is easier to separate protection and cleaning but most ordinary users want and expect automatic cleanup of any infections. Apart from various boot-time disinfection CDs do you know of any other security suites that separate protection and cleaning? If you want CIS to be considered serious mainstream security it must provide excellent protection, excellent disinfection, be suitable for novices to use, and it must be seen to be competitive with other security suites (i.e. very easy to use with very high detection rates).