Making Avast the lowest overhead AV available

I created the key myself in Vista.
I guess it's normal now that I can save the Eicar test file on my PC, but not run it directly or click on the executable and run it then?

 

Do you have implemented this also https://www.wilderssecurity.com/showthread.php?t=262475 ?

What browser do you use?

 

Chrome, but now I see how to include zip files too.

 

Is there a way to configure Avast free with Sanboxie, to archive the same, but without the use of Difficult things like Group Police or SRP?

 

Kees, you are a fountain of useful information. I'm in the market for a new AV that is light. Like you I don't have a use for all that functionality as I have other means (i.e. hardening, HIPS), and it would just be overlap. I'll be putting it on a 512 MB old Dell Dimension desktop, so I'm betting it will make a difference for me. I know somebody said it won't, and that even with all the shields it's light. I know that when I switched from Avast to Avira the latter ran lighter for me. If I could get Avast to run that light that would be great.

I don't have time to comb through all this stuff now but I'll bookmark it for later. I looked at your IE8 tweaks too, you thought of some stuff I hadn't. I hear you have posted many such tweaks in the past. I would love to take a look at them. I wish there were a nice, tidy place I could find them all at.

 

Dear Kees,one more seeker on your door step.

I use ShadowDefender in shadowMode 99 % of the time. I also run my normal browser in a tight Sandboxie sandbox 99% of the time.
(the 1% remaining is Windows updates.)

I need "lite" because I have one gig of ram.

With Avast!5,I can run the file and behavior shield,real time,at least as lightly as I ran Avira 9 or 10,on demand only.

My question is giving the other dynamics of my security system,should I run the behavior shield? Or the file? or just use Avast as a pure on-demand as i was using Avira?

thank so much,
rat

 

Ut oh... care to elaborate on this? I run XP Home SP3. I hope I don't encounter a problem because this seems like the AV for me.

 

Well, I'm running all on ATM. Wrt the behaviour shield - well, according to the stats at least, it's been totally idle so far... no idea how to test it (probably would need some really fishy-behaved utils or perhaps scripts?) but definitely it isn't resource hungry.

Have it on two XP SP3 Pro boxes... no problem.

 

Also, one more tip - if you are running something else realtime w/ Avast (like ClamAV/Immunet, PrevX or whatever), you should exclude

Code:

%WINDIR%\Temp\_avast5_\
%TEMP%\_avast5_\

folders from scanning. Avast itself uses those for scanning and you can get conflicts and .tmp junk accumulated there if you don't exclude them in those other apps.

 

@doktornotor:

Thanks,yes the behavior shield certainly does not seem to use anything.
disabling it does not change resource use,and if needed,it may pounce
on something.

 

Well I'm having no conflicts here on XP Home SP3 and Comodo FW w/D+. This runs lighter than v4 from what I recall. I even have most of the functionality (shields) enabled and it's not making a dent on this 512 MB Dell. I've heard that it can be a bit slow the first few days until the cache builds up. Well if it only gets better from here, that's encouraging.

The one thing that bugs me is the lack of support for UTorrent. It's the only P2P I'll use. I don't use it often but it'd be nice to have that. Unless that has changed recently? I remember hearing that the UTorrent box isn't checked by default for good reason (conflicts).

I'm also not sure what 2 settings mean: "Check white-spaces sequence in name of attachment"... and under that the "count" set at 20 by default. The other is "ignore virus targetting". I'm going to browse their support forums shortly to get some info. on this product, but figured maybe somebody here could shed light on it too.

So far, I'm liking it.

 

Well... imagine an Outlook attachment called "Letter.doc________________________.exe" (where _ means space); most people will only see the "Letter.doc" part displayed.

Unless the box is checked, the file will be only checked for virii affecting that particular file type, not against the entire signature DB.

For both, it's described in detail in the help BTW (click on ? button).

 

Dok, you always seem to be there when I need you. Thank you kindly, and good lookin' out on the recommendation for Avast and directing me to this thread.

I imagine the "Count:20" is some sort of recursion depth then? What would you recommend setting that at?

Thanks again.

 

No, it doesn't have have to do anything w/ recursion. It literally means number of spaces (or equivalent characters) in the file name, nothing special behind it. Well, the suitable setting depends on the mail client you use and how it represents the attachemnts and filenames thereof. Frankly... this is just something that I could live without even in expert settings. Letter.doc________________.exe still EXE first of all and as such has no place in email. Yeah, there's some malware that employs this tactics, but then again... just social engineering and people stupid enough to open whatever lands in their mailbox

 

Now that I've run a full system scan and the results have been entered into this remarkable cache... Avast is running even lighter, light as a feather on this 2.4 GB Celeron CPU/512 MB ram Dell. I have all shields enabled except the mail shield and most of the functionality (i.e. scan when opening, writing and executing... all files... whole files, ignore virus targeting).

The file shield barely has to do anything now thanks to this remarkable cache. Oh, and the full scan took only 16 minutes to scan roughly 250 GB worth of data. That's absurd.

I've only had this for about 2 weeks, but so far I have to say it's the best AV (paid or free) I've ever used.

So far I haven't seen the Behavior Shield do anything. Has anybody? Is this module still a WIP and functionality will be added later on down the road?

And what about the Sandbox? I'd heard at first that it didn't work very well, and saw that a recent update included a lot of fixes for it. How is it working now?

 

Well, it seems to do something occasionally here. Might differ for you if you are on 64bit OS.

No idea... Not included in the free version, plus I use sandboxie anyway.

 

Nevermind, I got it working already!

 

To make sure I have this right:

Turning off everything in Avast and using this tweak will make it so that the only files Avast will scan are downloaded executables and script files upon execution? No other files even when executed?

Is there a way for it to also scan downloaded .doc files which are of course opened and not executed?

 

maybe you should check "Scan Documents when opening"

 

The avast BB is alive? I will try avast again

 

I realize this thread is about lowering Avast's OH.

It looks as if some of the policy tricks Kees has shown may work with other AV SW. Do you guys think this is a correct assumption?

FWIW, (not much) I will wait on trying AVAST x until later when 2 conditions occur.

1) My current AV subscription runs out.
2) AVAST rises to ADVANCED + in both reports from AV Comparatives.

One item from this whole thread that worries me is the notion that once an file/email attachment ( I think it was email) has been found clean it is NEVER scanned again (to save resources?) This idea seems wrong since it may be found unclean in the very next update of AV signatures?

What do you think? As you can tell, I'm more concerned with preventing malware and/or quarantining it than OH on my setup. With the newer CPU's in W7 with 64 bit this issue of OH seems even less important.

 

But if you have the File Shield turned off will it do that?

Are there settings to have the File Shield turned on but so that it will only scan documents when opened?

I'll be installing Avast to check all these things out but it just doesn't suit to do it right now.

 

Yes it should, I think Kees has done this with other AV's but the result is not as dramatic for me as has been with Avast

Has it ever been given a great report?

I think this is an excellent question. One would assume that they have some mechanism in place for just this scenario but I honestly don't know.

 

Thanks for commenting!

On the AV Comparatives AVAST 5 got the highest rating Advanced + in it's on demand performance on the last report. On the proactive/retrospective test it scored Advanced.

For me, my requirements are the best possible real-time detection of 'new" malware that still lack a signature. This is the toughest test of course.

Again, my priority is detection and removal performance even if it costs me a bit in resource usage.
It is effectiveness versus efficiency.

 

Easily understood. I would imagine most security conscientious people will desire the same.