If you're running Prevx (paid) in real-time mode, does it make sense to only have your AV scan on write, instead of scanning on read and write (running Avira, btw, but could be any AV)?

I would leave Avira set at its default. Prevx does not scan on access - only on exe - which is my only criticism of it.

{QUOTE-> I would leave Avira set at its default. Prevx does not scan on access - only on exe - which is my only criticism of it. <-QUOTE}

Really? I've seen many people indicating that it indeed catches at sight, or atleast protects you at all times - that's obviously their goal afterall. Maybe Joe can enlighten you. ;D

We really don't see the benefit of scanning every file on write. It introduces a boatload of unnecessary overhead and doesn't actually provide any additional protection - Prevx scans code before it executes so it will protect you against anything as it tries to enter.

However, (and I'm unfamiliar with the individual feature of Avira) scanning on write only seems like a conceptually bad idea... :-\ What if the file is identified as a threat in between the time it was written and when it was read? We've written Prevx so that it will be compatible alongside any AV with their default configuration, so feel free to use Avira with its full shields up :)

Setting your AV only makes sense when using with applications like GeSWall or DefenseWall. They keep also downloaded files in a contained environment (so they are harmless). The Av is only used to prevent spreading malware to others.

What is a noce combo is setting PrevX heuristics after AGE, set all settings to medium and use it with DefenseWall. PrevX will only check the newest files, with medium heuristics, causing low CPU load.

Regards Kees

{QUOTE-> Setting your AV only makes sense when using with applications like GeSWall or DefenseWall. They keep also downloaded files in a contained environment (so they are harmless). The Av is only used to prevent spreading malware to others.

What is a noce combo is setting PrevX heuristics after AGE, set all settings to medium and use it with DefenseWall. PrevX will only check the newest files, with medium heuristics, causing low CPU load.

Regards Kees <-QUOTE}

Isn't setting Age to Medium even more prone to FPs? You've probably read my lame but true complaints. ;D

{QUOTE-> We really don't see the benefit of scanning every file on write. It introduces a boatload of unnecessary overhead and doesn't actually provide any additional protection - Prevx scans code before it executes so it will protect you against anything as it tries to enter.

However, (and I'm unfamiliar with the individual feature of Avira) scanning on write only seems like a conceptually bad idea... :-\ What if the file is identified as a threat in between the time it was written and when it was read? We've written Prevx so that it will be compatible alongside any AV with their default configuration, so feel free to use Avira with its full shields up :) <-QUOTE}

As Kees said, putting Avira on "Scan when writing only" is the best way to go if you start off with a completely clean PC. He also suggests using it alongside DefenseWall and GesWall, but it's also the same thing with using it alongside Sandboxie or any other HIPS (including classical HIPS).

In the end, if you use the correct set of programs (and thus have near 100% prevention) human error is the only way you could be infected through.

However, installing unknown (potentially unsafe) applications as trusted with DefenseWall (because they didn't install properly as untrusted) will lead to your demise (especially if you don't have a classical HIPS to potentially block its behaviour in real-time). With Sandboxie, saving an unknown executable (potentially unsafe) to your real system and running it will lead to your demise also (especially if no classical HIPS). And even if you do have a classical HIPS, allowing everything that pops up without knowing what its saying will also lead to your demise!

Leaving Avira on default settings (Scan when reading and writing) is almost pointless, given that if Avira failed to detect the malware when writing, your system is already compromised and your prevention system has failed. That's why it's very important to scan with several black-listing programs (that is, get several opinions) if you're unsure about the source of a new file on your system and think it might contain malware.

I can hear some people saying: but what if you don't run the malware-containing .exe file for a few days (and by then, maybe the signature has been added into the black-listing's database?). In this case, wouldn't "Scan when reading and writing" be of some benefit? Well, again, if you're uncertain about a .exe file, you should always get several opinions. It might takes weeks or months for that malware-containing file to be added into your black-listing's database so that it can be detected on "reading". Or worse still, it might never be added and be missed completely!

So in the end, "Scan when writing only" is really all you need if you start out with a clean PC. Furthermore, if you use a HIPS or a program like Sandboxie, "Scan when reading and writing" is pointless.

{QUOTE-> However, installing unknown (potentially unsafe) applications as trusted with DefenseWall (because they didn't install properly as untrusted) <-QUOTE}
Most of the software can be installed as untrusted with DefenseWall.

{QUOTE-> Most of the software can be installed as untrusted with DefenseWall. <-QUOTE}

That wasn't my point Ilya, but yes, I do understand your claims, as you have mentioned the same thing many times before.

My point is that there is no protection from that kind of human error. If a program (out of the billions out there, including ones containing malware) doesn't seem to install properly as untrusted, the novice user will install it as trusted and it'll be all over. User education is so important when using security software.

@ssj100 same with sandboxie if you run any apps out the box you are vulnerable for malware attack;D

{QUOTE-> My point is that there is no protection from that kind of human error. <-QUOTE}
It's about every HIPS software any kind of.

{QUOTE-> @ssj100 same with sandboxie if you run any apps out the box you are vulnerable for malware attack;D <-QUOTE}

Yes, that is exactly what I mentioned in my post too haha. Please read carefully next time haha.

{QUOTE-> It's about every HIPS software any kind of. <-QUOTE}

Yes, again please read my post carefully haha. My point was that human error will bypass everything, not just DefenseWall. My other point was a justification of why I use the AV to scan on write only. Thanks mate!

{QUOTE-> My point was that human error will bypass everything, not just DefenseWall. My other point was a justification of why I use the AV to scan on write only. Thanks mate! <-QUOTE}
It true, a few months ago, in the chicago area, people got scammed into giving away there property and house.