eScan Anti-Virus review

eScan is a popular brand of security products developed by Mumbai-based MicroWorld Technologies.

This antivirus product is at the very bottom of eScan's PC range, but don't be fooled – it's more capable than you think. The program includes a two-way firewall and a spam filter, as well as behavior monitoring, on-access threat detection, and more.

• You can sign up for eScan Antivirus here 

Its use of the excellent Bitdefender engine means you can be sure of a good baseline level of accuracy in terms of antivirus protection. The company claims to take this even further with layers of its own technology.

The price is average at $30 (£23.08) for a one-year, one-PC license. If you're an eScan fan, a two-year, five-device license offers better value at $112 (£86.15). The competition goes even further, though, and even a top product like Bitdefender Antivirus Plus offering a two year, five-device license for £75 ($97.50).

Setup

The eScan website creates a weak first impression with a headline proclaiming 'eScan NOW compatible with Windows 10'. Microsoft released Windows 10 in the summer of 2015, more than three years ago; are we supposed to be impressed?

The system requirements on the website also gave the product a dusty, dated feel, with talk of how e-Scan needs at least Windows 2000 Professional SP4 with Internet Explorer 7.0 or a display with a resolution of 640x480, and no mention of Windows 10 at all.

There are trial builds available for all the main eScan products, and although the download page asks for your email address, you don't have to provide it. Close the pop-up window and you can choose to download the package as normal.

Setup is simple, but a little unpolished. On first launch the program displays the 'Date of virus signatures' which was more than three months earlier, presumably because it hadn't been updated yet. A pop-up dialog complained about this and seemed to say it couldn't update itself, suggesting it might be due to a problem with our internet connection, even though this was working just fine for every other application on our system.

We would have expected an issue like months-old signatures to be highlighted in the interface with a big red cross, an 'INSECURE!' warning or some other alert, but no. Once the pop-up alert is dismissed, you'll only notice the issue at all if you read the virus signature date.

Bizarrely, although eScan seemed completely unable to update itself automatically, we were able to launch a manual update in a couple of clicks. This proved very, very slow, taking around 8 minutes on even our 75Mbps test system, but eventually the package was ready to go. (Future updates cover changes only, and are much faster.)

Checking the program's files and folders revealed something of a mess, with more than 150 executables from multiple providers, including Bitdefender, eScan, open source tools, Windows components (is that really an ancient copy of sc.exe?), and some files so old they seem to be left over from Windows NT.

We can't say what the true security impact of all this might be, but software which tries to tie together so many executables from different sources gives malware many more ways to attack it, as well as increasing the possibility of bugs. It leaves the suite looking more like a Computer Science students' personal project than a professional product from a big security vendor.

Features

EScan Anti-Virus has a bulky console which is mostly white space, but with five tiles for key areas of the program: File Anti-Virus, Mail Anti-Virus, Anti-Spam, Firewall and Cloud Protection. You might think that clicking these would lead to important actions, but no - they largely take you to very basic status information and links to Settings and other dialogs. It would have made more sense to bundle most of these into a single Settings dialog, where they're only visible when you need them.

Meanwhile the much more important Scan function is relegated to a small icon at the bottom of the screen. Still, click it and you get a good set of scan types: quick, system, USB drives, CD-ROM and a custom scan.

Tapping any of these displays assorted settings which you can use to change how the scan works. We're normally big fans of configurability and options, but in this case it's not clear what some of them do. Would you check the box marked ‘Use separate exclude list for ODS’? What happens if you apply an ‘automatic’ action in case of infection, rather than ‘delete’? What's the difference between scanning program files only, and using ‘automatic type detection’? A Help file gives some basic assistance, but non-experts might wish the program was a little easier to use.

Scanning results are presented poorly, and often miss out relevant information. 

Scan selected files from Explorer's right-click, for instance, and the Summary report won't list their names, and they're not even displayed in the Details tab. If you need to check you must switch back to the Explorer folder and hope your targets are still selected.

We found the scanner deleted Registry items it considered suspect, but not only did it not tell the user, it actively reported zero 'objects deleted'. That may rarely have any impact, but it stinks as an operating principle, because it's altering the state of the system while simultaneously telling the user that nothing has changed. 

This leaves you unlikely to spot the Registry deletions, unable to learn from them (perhaps they're an indication of wider problems), confused by any change in Windows or application behaviour (because you believe the scan didn't do anything), and struggling to know how to fix things, if that turns out to be necessary (if you don't know when these deletions happened, you won't know which system restore point or backup will restore your previous state.)

The issues continued, wherever we looked. When we scanned a password-protected archive, the eScan interface reported it as checked, even though it hadn't been able to open the file. The only way you'll notice any of this is if you tap a 'View Log' button and scroll through potentially a very long text file, something the average user will never want to do. 

Scan speeds were average in our tests. EScan Anti-Virus did at least pick up all our test threats, but we'll look at some larger scale tests later.

There's no anti-phishing protection or general blocking of malicious URLs. The program will scan downloads to detect threats, but that's as far as the web protection goes.

EScan's firewall could be a bonus for experts, as it provides some control over which apps you allow online, and what they can allow it to do. But most users will be baffled by its technical options and settings, and the module is no match for the more intelligent and modern firewalls you'll get with other security suites.

The spam filter uses a very standard mix of junk-blocking trickery (header checks, SPF inspection, real-time blacklists). It works to a degree, but in our experience is no competition for commercial antispam products.

This antivirus app has a few other bonus tools, including the ability to create a bootable USB stick for running eScan on other systems, and a USB Vaccination feature to prevent infection by autorun viruses. Like the rest of eScan Anti-Virus, they work, but don't stand out in any way. You can get equal or more capable functionality elsewhere, often for free.

Protection

AV-Comparatives' Real-World Protection Test is one of the first benchmarks we use to assess antivirus performance. EScan Anti-Virus hasn't been included in the tests since 2017, but one of eScan's corporate products is included in AV-Comparatives' Business Security Test, and we hoped that would give us some idea of the company's abilities.

It did, too, but the news wasn't good. The August - November 2018 report placed eScan 11th out of 15 for Real-World Protection, and saw the package compromised by 14 out of 1207 samples. Even Windows Defender for Enterprise did better with only 10 samples missed, and Bitdefender Endpoint Security List topped the list by blocking everything.

AV-Test's Home Windows reports still include eScan Internet Security, which has the same core protection features as eScan Anti-Virus but its results aren't exactly consistent. The August 2018 report saw eScan bottom of the list of 18, for instance, while the October report saw it rank fourth from top. 

We ran one further test of our own, matching eScan Anti-Virus against our custom ransomware simulator. As this was our own creation, eScan wouldn't have seen it before, making the simulator an interesting test of behavior monitoring.

At least, that was the theory. In practice, the package paid no attention to our simulator, allowing it to encrypt thousands of documents. Our test app wasn't real-world malware and so we can't penalize eScan too heavily for missing it, but other antivirus engines have done much better. For example, Kaspersky and Bitdefender not only detected and blocked the simulator, they also restored the very few files it managed to encrypt.

EScan can do well in some tests, then, but its inconsistency at AV-Test and the lack of coverage at AV-Comparatives is a concern. If you're looking for reliability and accuracy, there are plenty of better-rated packages around.

Final verdict

EScan Anti-Virus is a basic product which underperforms in most areas. Apparent plus points like the firewall and spam filter are also unimpressive, and we see no compelling reason to choose this product over the top competition.

• We've also highlighted the best antivirus