| ▲ | thewebguyd 2 days ago | |
> How well did that work out? Classic old school antivirus? Not great, but did catch some things. Modern EDR systems? They work extremely well when properly set up and configured across a fleet of devices as it's looking for behavior and patterns instead of just going off of known malware signatures. | ||
| ▲ | maccard 2 days ago | parent | next [-] | |
My last job had a modern endpoint detection system running on it and my 7 year old MacBook was as quick as my top of the line i9 processor because of it. I have never seen software destroy a systems performance as much as carbon black, crowdstrike and cortex do. They’re also not exactly risk free - [0] [0] https://en.m.wikipedia.org/wiki/2024_CrowdStrike-related_IT_... | ||
| ▲ | panki27 2 days ago | parent | prev [-] | |
If modern EDR systems are so great without relying on classical signature matching, then why are they still doing it? Why do they keep fetching "definition databases" as often as possible? ... because it's the only thing that somewhat works. From my personal experience, the heuristic and "AI-based" approaches lead to so many false positives, it's not even worth pursuing them. The best AV remains and will always be common sense. | ||