Testing Out AVG Suite Also

Thanks C.S.J and Firecat. Two more questions if I may. I'm showing these Firewall Logs. Application > Filter Device, Direction > Out, Protocol > UDP, Local address > 192.168.1.101.68 with Remote address > 255.255.255.255.67. And. Application > Windows\System32\svchost.exe, Direction > In, User > NETWORK SERVICE, Protocol > TCP, Local address > localhost135, with Remote address 0.0.0.0.1024. I believe the first one is my PC asking for a new IP address from the DHCP service on my router or something of that nature, and even though I'm not sure what the second one is I don't think it's spyware. So my two questions are. How do I set up a rule (or find out where to) that allows them access? And should I?

 

I'm sorry, I am not using the AVG firewall so I'm not sure.

I have noticed some very strange behaviour with the AVG Anti-Malware suite which could also apply for the AVG Internet Security suite.

I noticed that on certain infected samples, AVG reports the samples as being "suspicious" even when they are actually detected by signatures by either the AVG or Ewido engine.

I had a few samples which were detected by signatures with Ewido engine and heuristically by AVG Antivirus engine. However, AVG Anti-Malware reports the files as being suspicious (the AVG engine detection) instead of actually being infected (as Ewido engine detects it). Not such a big deal but it is not such a good thing because it can lead to people unnecessarily sending samples for analysis simply because AVG reported it wrongly...

 

the firewall will block thins like svchost.exe and filter device all the time, i wouldnt worry about this at all, it wont block any new application, unless you select it to block, as for dhcp services, just make sure you have it ticked in the firewall settings, and this will allow it forever.

 

I think youll probably get rid of the first set of logs by enabling internet connection sharing under system tab (its disabled by default).Not sure about the svhost ones though (i use 98 )
ellison

 

i have ICS turned on,

i get scvhost and filter device logs, but id rather the firewall be logging stuff than not doing.

if it aint causing any problems etc etc, why bother worrying about it?

 

I wasn't worried C.S.J, just alittle curious is all. I also appreciate your and everyones input in this forum, and want to thank them and you. I like the AVG Suite, and am contented enough with it to finally stop trying other protection software. Just how good though, do you or others believe the new 7.5 is now as Antivirus with it's latest improvements? AVG has been very close to Avast in the AV Comparitives before the improvements, and I can't imagine it won't surpass it now. Also the Antispyware Componnt should be one of the top AS Protection Programs around, and since Grisoft bought Ewido,and I would image both are better than before. Take care.

 

i have also stopped testing others and sticking with avg suite, its sooo fast, especially boot-up times.

when we complained a few times on here about a few things, and sent a few emails... they soon fixed all that with updates, so updates can come quick and fast whenever they are needed.

as for detection, i really think avg suite will give a detection of the highest quality with ewido signatures added, and avg has improved too ... mainly with heuristics / detection and removal, which is what you want really.

i really do think avg will surpass avast and maybe some of the big boys, but IBK aint saying.

my only worry would be, with ewido joining... yes their detection for malware was great and will improve avg's but it did have FP's, but only time will tell.

 

Glad to hear this C.S.J. The only small gripe I have with the AVG Suite, and maybe it's the way others are, is that it doesn't offer more information or features in it's Antispyware Components, or really even in the Firewall one like it does with the Antivirus Component. I guess this to keep it simple which is fine, but I miss the way the User Interface was in the stand alone AVG Ant-Spyware program, and would like a little more information in the Firewall Component. (logs programs ect...) not complaining, just wishing. LOL. What's your opinion on Leak Tests? Is it really that important how many a Firewall passes? Talk to you soon.

 

well avg antispyware is just ewido 4.0 with the name altered.

avg suite is ewido signatures built into the scan and realtime.

 

Unfortunately, I've already had instances of AVG's anti-malware finding FPs through the ewido engine, but they fixed it (even though they took 15 days to do it).