Panda Dome Essentials v18 - A Review

Discussion in 'Reviews and Tests' started by Der.Reisende, Jun 10, 2018.

  1. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    ***********************************************************************************************************************************************
    PANDA DOME ESSENTIALS (v18) Review
    ***********************************************************************************************************************************************

    Panda Antivirus Resources...

    Panda Security Official Homepage:
    https://www.pandasecurity.com/germany/

    Panda Forums (requires a free registration in order to post):
    http://support.pandasecurity.com/forum/ (English)
    http://technik.pandasecurity.com/forum/ (German)
    http://soporte.pandasecurity.com/foro/ (Spanish)

    Panda AV FAQ:
    http://support.pandasecurity.com/forum/faq.php?sid=20f6b4892132cf32839df829679296ca

    Panda Dome system requirements:
    https://www.pandasecurity.com/usa/support/card?id=40027

    Panda Dome Essentials trial:
    https://download.pandasecurity.com/thankyou/index.php?productID=PDE&interstitial=0

    Panda Dome installation:
    install1.PNG install2.PNG install3.PNG install4.PNG install5.PNG install6.PNG install7.PNG install8.PNG
    Beware, it will install PUPs by default, do uncheck the activated boxes!

    A quick look at Panda Dome Essentials...

    WINDOWS FEATURES
    The smallest paid version comes with following features:
    • Protection against all sorts of malware (cloud assisted product)
    • USB Protection
    • Gaming / multimedia mode
    • Rescue Kit
    • Free VPN (150 MB / day for free) - unlimited traffic for 9.99$ / month or 7.44$ when choosing a 1y plan, for 5 devices, 24/7 support
    • As I own a license for F-Secure SAFE VPN, I haven’t tried Panda’s VPN. You might also need more than 150 MB. You might want to choose the Premium plan (see below).
    • Cyber-security news
    • Safe browsing (Panda Safe Web)
    • Personal Firewall
    • Wi-Fi Protection
    • Application Control
    • Virtual Keyboard
     
    silversurfer and RGiskardR like this.
  2. Google Adsense

  3. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    How does Panda Dome Essentials protect my computer?
    Panda Dome products do not use any 3rd party engine like many vendors, which do license Bitdefender ones. It does have it’s own signature database. According to the fast updates, I come to the conclusion most decisions are taken by the cloud, which compares hashes to already known patterns. Nethertheless, it also does store signatures on the local machine.
    To provide even further protection, Panda Dome does use heuristics (both local and in the collective cloud) as well as a rule based behavior blocker, to prevent not-known-to-signatures malware infecting your machine. Last but not least, it can also detect exploit attempts.
    GUI.PNG GUI2.PNG MainSettings_1.PNG MainSettings_2.PNG Notifications.PNG Options.PNG ProcessMonitor.PNG VPN.PNG Antivirus1.PNG Antivirus2.PNG

    What about scanning my computer for viruses?
    Panda dome essentials does monitor the computer in realtime.

    Personal experience:
    It's a pity there is no option to schedule scans in Panda Dome Essentials!

    USB Protection
    A simple but vital tool to shut off the AutoRun feature of both your computer as well as of removable drives, to prevent infection by malware via removable drives.
    The USB protection does not only offer an option to vaccine (=to prevent AutoRun) of threats stored on the removable drive, but also scanning for ‘em whenever a removable drive is plugged in.

    You can set Panda Dome USB Protection to
    • shut off the AutoRun function of your PC, so everything on the removable drive will not be launched unless user does execute
    • shut off the AutoRun function of a specific, currently plugged in device
    • automatically shut off the AutoRun of any device being plugged in
      USB.PNG
    Gaming Mode / Multimedia Mode
    A feature to be found in most AV today.
    It both reduces the resource usage as well as the amount of popups whenever your Panda product detects you’re playing a full-screen game or watching a movie.
    The antivirus autodecides without bothering the user in the current session. It will log every intrusion / block attempt however.
    You can exit or start that mode anytime.

    Rescue Kit
    Also offered by many vendors, this tool is designed to create a bootable media in order to clean up nasty infections, which cannot be handled in the current user session (for example, because you have been infected by a screenlocker).
    When in the „Safe Mode“ of the Panda Rescue Kit, you can scan your system thoroughly by the Panda Cloud Cleaner, in order to detect hidden threats.
    RescueKIT.PNG RescueUSB.PNG

    The Rescue USB drive can help removing malware preventing a computer booting, removing it by the Panda Cloud cleaner as well.

    Personal experience:
    Buggy in my VM. It did try to set up itself for the first time, but did not work after that.

    Safe Browsing11
    Aimed to block acccess to phishing and malware pages.
    User may include and exclude additional pages.
    There is no need to install the Panda Safe Web extension in any version but the free one.
    Panda Dome Essentials and above have the feature integrated.
    BrowserSafety.PNG

    Personal experience:
    I don’t really get the idea behind it. Panda asks to install some toolbar or something like that when you install it (not needed in the paid versions, as stated above), but I have not seen a Panda module neither in Cent Browser (Chromium fork) nor in M$ Edge (not sure whether it’s compatible to extensions yet). I did not get any notification of a extension trying to install itself.
    I have not seen any web protection in action when I accessed phising / malware pages (e.g. via weaponized PDFs).

    Personal Firewall
    A non-intrusive, auto-decision-taking firewall monitoring your traffic for malicious content.
    It has quite a bunch of rules preset, and adds new ones based on cloud reputation checkup.
    Better leave them as they are as long as you don’t know what they’re doing, in order to not disrupt your browsing experience.
    User may however whitelist and blacklist programs to his preferences, via the advanced settings (not only addresses, but also inbound / outbound rules, ports, protocols,...).
    Firewall1.PNG Firewall2.PNG

    WI-FI Protection
    A very useful tool, which gives you detailed information about the signal strength, connection mode (WLAN, LAN,...) security level (as well as possible improvents, like as other methods of encryption), connected devices of your network. With this tool, you can spot possible unwanted guests in your WiFi, trying to sniff inside data transfers or just using your WiFi for free or for unwanted actions. The connection history does provide a useful logging function. You can block unwanted guests identified by their alias from accessing your computer.
    WifiProtection.PNG

    Application Control
    Useful feature which will prevent every unknown app from starting.
    I haven’t tested it, because when I first trialled Panda, it did conflict with Shadow Defender, rendering the computer unusable.
    Please refer to @RGiskardR ‘s review regarding that feature.
    AppControl.PNG

    Virtual Keyboard
    Useful function to prevent keylogger malware stealing information on what you’re typing, useful for banking and other financial transactions.
    Keyboard.PNG

    Personal experience:
    Buggy in my VM. It did try to set up itself for the first time, but did not work after that.

    Known limitiations with Panda Antivirus Softwares:
    Reported incompatibility to ShadowDefender, not solvable (the reason is that Panda cannot address the folder locations correctly, making the Behavior Blocker not functioning and App Control and Firewall malfunctioning (blocking EVERYTHING (as it sees even whitelisted software as unknown) in first place, until user confirms. Note that outside the Shadow Defender environment, the firewall autodecides and will give a warning once in a blue moon (stock settings). The Behavior Blocker is working as expected, as long as there’s a matching ruleset on running malware.
    Panda_SD.PNG Panda_SD2.PNG
     
    silversurfer and RGiskardR like this.
  4. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    Panda Dome against fresh malware samples...

    Windows testing system and hardware specificactions:
    HOST.PNG
    GUEST.PNG

    Applications and tools (fully updated) installed inside the virtual machine, mainly for tracking malware’s actions:
    Microsoft Edge Browser, Java Runtime Environment x64 (v10, latest), SoftMaker Free Office 2018, WinRAR, Sysinternals AutoRuns and TCPView, MisterGroup SystemExplorer, Zemana AntiMalware Portable (Free), HitmanPro Free, Norton Power Eraser.

    Malware testing methodology.
    Due to the known and reported ShadowDefender incompatibility of Panda Dome products to, all malware tests took part inside a Virtual Machine (Oracle VM Virtual Box), using a clean and fully updated snapshot in every test.

    The steps performed in every test were:
    1. Making sure that Panda Dome Essentials is up-to-date (it autoupdates, however I pushed the update button again, and took a screenshot of the time when the update was done)
    2. Shut down Panda Realtime protection, deactivated Windows Defender which automatically enabled
    3. Ran on demand scan over the folder with samples, took a screenshot of the scan results
    4. Submitted (SUDed) the samples to the vendor by mail (virussamples[at]pandasecurity.com), took a screenshot
    5. Reenabled Panda Realtime protection
    6. Remaining undetected samples from on demand scanning were tested dynamically running/executing one by one manually, taking notes and screenshots on what was visible in MisterGroup SystemExplorer (running / hollowed processes) and SysInternals TCPView
    7. Finally, checked if still some suspicious processes/services running, marking them with red borders on the screen-shot(s). Tools used: MisterGroup SystemExplorer, Sysinternals AutoRuns, Sysinternals TCPView
    8. Check whether any personal files were harmed by ransomware (Pictures, Documents, Downloads, Video, Music folders)
    9. Check system by multiple Second Opinion Scanners (Zemana AntiMalware Portable (Free), Hitman Pro (Free), Norton Power Eraser to check whether the system was finally clean or there were some active suspicious services and remnants/leftovers after dynamic tests.
    10. Note: Before executing the Second opinion scanners, all remaining and not active (but blocked or prevented to run) SOURCE samples were removed manually in order to not appear reflected in the final scan results.
    11. Judging from the above results (both Second Opinion scanners and analysis tools), the respective system status was chosen

    ===============================================================================================
    First of all I would like to thank @silversurfer providing me with all the samples packs for this review.
    When there was no thread on MTAC forums, I pulled the samples from Hybrid Analysis in order to have some more material to test against Panda Dome.
    All tested malware is linked in the thread (Hybrid Analysis).
    Disclaimer: Due to the small number of samples used in these tests, you should take results with a grain of salt.
    ===============================================================================================

    ===============================================================================================
    Sample Pack: Double Team (09/06/2018)
    Type: Special Samples
    Provided by: Der.Reisende
    Thread @ MTAC section: http://tweakbytes.com/threads/double-team-09-06-2018.6667/
    ===============================================================================================
    Containment: Oracle VM VirtualBox v5.2.12 r122591 (Qt5.6.2)
    Guest/OS: Win10 Home v1803 - build 17134.81
    Product: Panda Dome Essentials v18.05.00
    Static (On-demand scan): 0/2
    Dynamic (On execution): 0/2
    Total: 0/2
    SUD: Everything
    VPN: F-Secure FreeDome v2.18.5493.0
    System Status: infected (hollowed msiexec.exe calling out, AutoRun)
    Files encrypted: no
    update.PNG
    static.PNG
    SUD.PNG
    Scan packed files
    Don't ask before neutralzing viruses
    Block files by max. 60 sec., until cloud rep is received
    Rescan after cache sync
    Ask for user action on threat detection
    PUP detection
    Injector.exe triggers cmd.exe, conhost.exe and ping.exe. Autodeletes itself after dropping and running outlaw.exe, which hollows msiexec.exe. Last named calls out. Malware sets an AutoRun. MISS.
    lo-que-el-viento-se-llevo-1939-dvdrip2_79gb.torrent.vbe drops and runs a .exe, which autoterminates instantly. No further malicious actions, no AutoRun. Untouched source file deleted before firing off 2nd_opinion scans. MISS.
    run1.PNG run1_1.PNG run2.PNG TCP_PE.PNG autorun.PNG files.PNG
    2o.PNG HMP.PNG NPE_detail.PNG
    ===============================================================================================

    ===============================================================================================
    Sample Pack: Trojan (03/06/2018)
    Type: Special Sample
    Provided by: Der.Reisende
    Thread @ MTAC section: http://tweakbytes.com/threads/trojan-03-06-2018.6639/
    ===============================================================================================
    Containment: Oracle VM VirtualBox v5.2.12 r122591 (Qt5.6.2)
    Guest/OS: Win10 Home v1803 - build 17134.81
    Product: Panda Dome Essentials v18.05.00
    Static (On-demand scan): 0/1
    Dynamic (On execution): 1/1
    Total: 1/1
    SUD: Everything
    VPN: F-Secure FreeDome v2.18.5493.0
    System Status: clean
    Files encrypted: no
    update.PNG
    static.PNG
    SUD.PNG
    Scan packed files
    Don't ask before neutralzing viruses
    Block files by max. 60 sec., until cloud rep is received
    Rescan after cache sync
    Ask for user action on threat detection
    PUP detection
    2.exe drops and runs EV79TT0713.exe. Source file autodeletes, dropped .exe gets intercepted and autoquarantined by Panda BB as suspicious object (W32/Exploit.gen). HIT.
    run1.PNG run1_1.PNG TCP_PE.PNG autorun.PNG files.PNG 2o.PNG NPE_detail.PNG
    ===============================================================================================

    ===============================================================================================
    Sample Pack: 14/06/2018 #15
    Type: Malware Pack

    System status: protected, no encrypted files
    Provided by: Silversurfer
    Thread @ MTAC section: http://tweakbytes.com/threads/14-06-2018-15.6686/#post-28007
    ===============================================================================================
     
    silversurfer likes this.
  5. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    ***Rating***
    Performance: 4/5
    GUI: 5/5
    Protection: 3/5
    Ease of use: 3/5
    Customer Support: 5/5

    In Detail:
    Performance:
    Panda Dome Essentials is very lightweight and the UI is snappy. I'm very happy with it. The boot time does not suffer. File copying feels as fast as without Panda installed.
    However, some parts of the software are buggy, and did not run at all in my VM (Panda Cloud Cleaner, Virtual Keyboard).

    GUI:
    Clean, sorted, with submenus for everything the user might need.
    I like the ever-changing backgrounds. A nice gimmick!
    Panda Dome is very icon oriented, if you don't know what the icon means, you can get the text underneath with the "Aa" button. Very helpful!

    Protection:
    Panda's signatures / cloud is very weak against fresh malware. Even after 24h, I did not have a clean sheet when I rescanned the malware samples.
    This could be improved, to compete against big players like Norton, Kaspersky, ESET,...
    The Behavior Blocker is also not up to the big players. You will see in further posts, that in many cases, a 0day (non-signature detected malware) will bypass Panda and might set AutoRuns (persistant malware).
    One weakness I might point out especially (which I have detected by many vendors though) is Process Hollowing, for example I have seen malware injecting to explorer.exe, msiexec.exe,... and other legit Windows processes, and sending data to remote servers via the hijacked processes.
    Many firewall softwares have whitelisted such system processes, which poses a great threat if they're misused.

    I've yet not seen the Panda Safe Browsing in action. Other vendors do better, think about installing a free browser extension from another vendor of your choice to improve protection.

    One example:
    http://support.pandasecurity.com/fo...4&t=6839&sid=8a58df5d6403aae6353eb5af3da471a2

    There is no option to schedule scans in the Panda Dome Essentials Version, which is a big minus, as you actually pay for this Software!

    Ease of use:
    I found the GUI a bit complicated when I first used it. However, if you have installed and used for some time, it gets better. Especially, remember putting the subtitles on, via "Aa" button, to know what icon is for what (unfortunately, it is not activated by default).
    Panda is automated a lot, you will not need to use the different menus a lot.
    Some features did not work (like the Virtual Keyboard, the Panda Cloud Cleaner). Reboot did not help.

    Customer Support:
    I've set up an account @ Panda Security Forum, mainly in order to report the incompatibility of Panda Dome (Essentials) to Shadow Defender as well as to report malware bypasses (not detected by Behavior Blocker when executed).
    I must say I'm very happy with what I experienced, the local mod (namely Darth Panda) was very quick to PM me, and to open a support ticket.
    Also, those support tickets have been detailed in what traces they want me to collect, and how to. Customer oriented, with gentle phrasing.
    Also, the Shadow Defender case has been escalated to higher tech levels quickly, with letting me know in short time what they found out.
    Unfortunately, they could not deal with it however, nor could the developer of Shadow Defender.

    Apart from that, good job Panda, keep up that great support!

    Should I buy it?
    This review is not intended to give any recommendation solely based on my experience, so you should try out the product yourself during the free 1 month trial, and decide whether it meets your expectations.

    Personally, I'd look elsewhere, based on my preferences, which are not all met:
    *strong 0-day protection (the most important point)
    *at least mid-range signatures (Panda signatures are very weak)
    *good customer support (actually, if you post a request in Panda Support Forums, they contact you very fast, which is a big plus)
    *good webfilter (I've not seen it in action yet in Panda Dome Ess., other's do way better)
    *low system impact (Panda is very lightweight, being a mainly cloud-based product)

    ***This part is still under construction and might be altered, especially in the Protection sector, because of to less sample tested to judge.***
     
    silversurfer and RGiskardR like this.
  6. RGiskardR

    RGiskardR Malware Tester Silver Member

    :great: review! :congrats:!

    In a few weeks, I'll come also with a new Panda review, but this time with the product "Panda Dome Premium", just be a bit patient, since it comes with some extra security features and many other tools, also will run some malware tests with some tweaked settings...
     
    Der.Reisende and silversurfer like this.
  7. jasonX

    jasonX Giveaways Moderator Staff Member

    GREAT WORK Der.Reisende!

    THANKS SO MUCH! Developer has been informed!
     
  8. Der.Reisende

    Der.Reisende Malware Tester Silver Member

    Thank you sir, glad you like it!
    Awesome, looking forward to @RGiskardR!

    Thank you @jasonX!
    I will try to keep testing Panda and update this thread, can do it on weekends only though.
     
    silversurfer and RGiskardR like this.
  9. jasonX

    jasonX Giveaways Moderator Staff Member

    Thank you @jasonX!
    I will try to keep testing Panda and update this thread, can do it on weekends only though.[/QUOTE]
    -- No worries just update when you can.
     
  10. jasonX

    jasonX Giveaways Moderator Staff Member

    -- I and the Panda dev are waiting on it with eagerness RGiskardR :) Thanks!
     

Share This Page