I'm not a fan of MSE - but I still install it on most every computer that I support (and that is quite a few). MSE is easy on the resources and it gets along with other software. In particular, software that installs low level file filters like online backup apps.
What I really do not like about MSE is its heuristics. It lets stuff happen that should never happen. It should at least ask the user if it is okay to add a shell app to this key:
Code:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
I've been playing with a ransomware file for about a week now. I used Process Monitor to watch it infect an isolated virtual machine. MSE was fine with the download and the infection process. Uploading that tiny infected file to Google's Virustotal showed AVAST was okay with it, as was Malwarebytes. [A scan via Virustotal does not have any heuristics involved - so it is not a way to rate antivirus tools.]
I've been playing with malware like this for many years now and I have a feel for how the major AV tools work. AVAST flagged the ransomware file during the infection process (based on heuristics). As of this post, MSE is still fine with me installing this ransomware on a computer that it is "protecting".
Before MSE was around, I installed AVAST and AVG on lots of computers that I support. I stopped using AVG when they started
loading their signature list into the SYSTEM process. This was crippling weaker hardware.
If AVAST would stop requiring repeated registration, I might use them for most of those that I support. My elderly users have incorrectly blamed that registration process for an uptick in SPAM and/or they call me to help them complete the annual reregistration :-(