I am aware of that thread. But my initial question was about the behavior guard.
And i would like to get an answer from the support. I really think about buying your software cause i really like it's gaming mode. But if i do not get an answer here i am not sure if it is advisable to spend money here...
First off all, sorry for the delayed answer. While 100% security is the goal, no one is ever 100% safe from viruses with any anti-virus product. Unfortunately, people continue to create new viruses that are very sophisticated and often hard to destroy. But with version 10, we’ve taken BullGuard to the next level, introducing technology that positions BullGuard in top. Our Behavioural Detection engine enables us to counter what in the industry is known as Zero-day Attacks, and identifies viruses long before traditional virus detection, based on the behavior of the virus.
We are improving the detection and the removal modules of our product each day, releasing core updates, not only virus definitions.
The new security enhancement features have already proved themselves in several independent virus tests. BullGuard scored detection rates of 100% for both known and unknown viruses, proving that our newly implemented technology combining the Behavioral Detection and the traditional SBD-engine technology, gives our users the highest protection against any form of threat from the internet. En example from these tests is one made by the renowned av-test.org. You can read all about the test here: finance.yahoo.com/news/BullGuard-is-the-Best-in-prnews-4097021372.htmlAlin Vlad Senior Support Technician firstname.lastname@example.org www.bullguard.com
A note from one (me) there are dealing with mbr/kernel rootkits almost every day.
"MBR rootkit use IRP hooks to filter out every attempt to read and write the MBR. Disk.sys Windows driver, disk class driver used for managing disk devices, was hooked and the original Windows functions pointed by the driver and used to handle disk packet requests were replaced by the rootkit ones. Of course every reference to the original address was overwritten by the rootkit, so that it was more difficult for a security product to discover the original function address and restore the legal function.
The new version of MBR rootkit is smarter enough to give researchers some bad days, due to improved hooking techniques.
It doesn't hook anymore disk.sys driver, it goes deeper. It checks which is the lower device to which the device \Device\Harddisk0\DR0 - belonging to disk.sys driver - is attached to.
MBR rootkit and many other ones are all real in the wild attacks that are showing the difficulties of security industry to fight against these threats."
That´s why we need special diagnose and fix tools to deal with them, what I mean is, if BG and other AV companies really could fix them, then it would in many cases be very damaging such as eliminating your internet connection completely or removing legitimate files that are required for your computer to run.
I am not talking about the removal of those stuff! I am a malware removal helper so i know exactly what you mean. I was talking about the ability to BLOCK those threats bevor they install using the behavior blocker! A couple of Behavior Blockers are able to successfully block the installation of MBR and Kernel rootkits and my simple question was: Is the NovaShield core of your Behavior Blocker able to block those threats or not?
If it is able to do so i would chary ask you to work on the ruleset to block the threats a bit better. Cause at the moment your behavior blocker is doing bad if it comes to nasty rootkits. (Everything else, simple malware, keyloggers and so on, is blocked successfully!)
Btw.: Do you update the ruleset for the Behavior Blocker or is NovaShield responsible for that?
habakuck said... Do you update the ruleset for the Behavior Blocker or is NovaShield responsible for that?
I'm afraid that we can't reveal the mechanisms behind this. This is an internal rule: we can't divulge internal work procedures or technologies because we are in an open market and we have competitors.