Hardening Avast 5 settings

Hi, all. Decided to try out Avast 5 when it was released and have been pleased so far.

I was wondering though, what you all suggest as far as hardening/securing Avast's settings for optimal protection/optimal performance (speed).

For example, do you select 'all packers', set heuristics to high or normal, use transient/persistent caching. And also what are the drawbacks/advantages to using your specific settings.

I'd like to get a good discussion going on this subject.

Thanks a lot, and love the site.

 

Default settings are optimal. You just might want to set heuristics for all shields to High. At least that's what i did. Everything else is fine.

 

he only other thing i do is set the scan options all to add pup's during the scans. i found after doing some testing the hueristics on high was not much better than default really

 

Yeah, I disabled the IM and Mail shields since I don't use them, set the heuristics to high, and disabled transient and persistent caching since I thought it might be more secure to scan the files at all times instead of waiting for new virus defs/etc.

 

I checked the box to activate scanning for pup's on the shields.

 

I believe the caching is a very useful addition and doesn't compromise security. I think the caching causes Avast to only scan previously scanned files when the files themselves change; not the virus defs. It speeds up scans significantly.

 

I did this too... for awhile. I have too many Nirsoft utilities to leave it checked - too chatty with it turned on.


I unchecked "Do not scan verified system DLLs". I'm assuming avast! is checking the file signature against a whitelist to at least verify the file is good. After reading The Art of Computer Virus Research and Defense by Peter Szor (well I'm 90% finished at this point) and learning how some viruses can infect files without changing sizes or checksums, it made me a bit paranoid on relying on such things.

What do you guys think about this setting?

On a side note, I would highly recommend this book. It is very informative. I just wish I remembered Assembler better so that I could follow the code examples more closely.

 

all i do is check PUP for everything and set heuristic to high on everything.

 

Hi do you save on resources if disabling those 2 services?

 

I don't know where do ppl get idea that caching compromises security in any way. What difference does it make to scan already scanned file over and over with same signature? It's not like the detection will miraculously appear out of nowhere. When program updates definitions, that file is scanned and then cached until the defs are updated again. Or in case when that very file gets modified. Because when it gets modified, it's considered as new file and thus scanned again. There are no compromises here. It's just improved logic.

 

+1 to Rej's comment about caching and this is one of Avasts most appealing features IMO in addition to the boot time scan, anti-rootkit features, detection, and customization, although to date I've only read about it and haven't tried Avast since I tested it a few years ago.

Since I haven't used it I'm not sure what default settings are and I'd like to hear opinions on a couple settings too.

'all packers' - scanning compressed files? A lot of people complain about the performance impact with this enabled and state such files will be scanned before they are opened anyway, what is the general opinion on this...best enabled or not?

heuristics to high or normal - I'd prefer them on high and have a higher chance of FP's, I'll research if a file tests positive, for a more novice user I'd leave this at normal

transient/persistent caching - I think the basic difference is transient cache is more temporary and persistant cache is a stronger way to prevent re-scanning of files even after updates & rebooting, I'd choose the persistant cache, if you think this is less secure choose transient or disable caching if you feel necessary and don't mind a lot of disk activity.





From avasts forum:

Use transient caching - if transient caching is used, a file that has been
scanned, and in which no infection was detected, will not be scanned again the
next time it is accessed. However, this is only valid until the next virus
definitions update, as the file may contain an infection that was not previously
detected but which may be detected based on the new virus definitions. Also,
information that the file is clean will only be stored in the computer's
operating (temporary) memory. This means that when the system is restarted the
information will be lost, therefore the file will also be scanned again the next
time it is accessed after a system restart. This box is checked by default; if
you want files to be scanned every time they are accessed. this box should be
unchecked.

Use persistent caching - if persistent caching is used, the information about
the scanned file is stored in the permanent memory. This means it is not lost
after a system restart and it is also not affected by virus definition updates.
Consequently, persistent caching is suitable only for files which are guaranteed
not to contain any virus infection e.g. operating system files, files signed by
trusted publishers, or other files covered by the avast! whitelist. This box is
checked by default; if you want all files to be scanned regardless of their
trust status, this box should be unchecked.

 

@ Rejzor:

Maybe you have a point (you're obviously more knowledgeable about these things than I am), but then why have an option to disable/enable these features? Why not make them default, without an option to turn on/off the features? This is why I am curious.

@ Captain Ron:

I was also wondering about enabling all packers. Would that make avast slow down just the system scanning time, like the wording of the avast help file seems to suggest, or would it cause avast to affect system performance, however negligible.

@ acuariano:

I would also like to know. I'm assuming it does, but you know what they say about assuming...

-------------------

One addition I would like to have seen is a button to reset all defaults.

 

alberto, I would say they include these settings so advanced users can customize Avast to their liking. I *think* that scanning all packers would adversely affect overall performance since it scanning archives takes longer than ordinary files and it will scan each accessed archive file, maybe someone could verify that for us.

 

i try it and have problems with the network shield but overall a good AV from default settings

 

What kind of problems are you having with the network shield?

I have it enabled right now, but was wondering if it is necessary. After all, I'm not connected to any wireless network.

I really think avast's helpfile needs a good overhaul. It's pretty vague in most area's and in some areas, such as the 'network shield' section, it simply says "there are no settings for this shield." Strange...

And the 'behavior shield' section...I haven't seen any activity in the graphs, and there is also zero info on the shield in the help file.

What's going on here?