Anti-Ex and usage with other programs

Discussion in 'other anti-malware software' started by Acadia, Dec 10, 2007.

Thread Status:
Not open for further replies.
  1. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Ok, want to make sure that I understand this correctly.

    If I want to ran an on demand virus scan of my entire system, or scan with any anti-Spyware program, I should leave Anti-Executable turned on. But if I want to download the latest signatures for those scanners, I need to have AE turned off.

    If I want to defrag my system I should leave AE turned off.

    And of course, any operation with FirstDefense, leave AE turned off. Have had no compatibility problems with those two programs, just want to make sure about the scanners and defragger.

    Have I got it right? o_O

    Thanks,
    Acadia
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    I have less experience than others with AE but I'll add my $.02. I leave AE on and my definitions update with no problem (NOD32). I also leave AE on when defragging with JKDefrag with no problems. I have AE set to HIGH with Copy and Delete Protections disabled.
     
  3. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    For AVG free you need to add a folder to the exclusion list so that it can update. I cannot remember which folder but try to update and wait for the AE alert. Then check the log and you now know which folder to exclude.

    For defragging using windows, you need to add a couple of files to the trusted list. I cannot remember which files but try to defrag and wait for the AE alert. Then check the log and you will know which files to add.

    I think this methodology is a good way to determine how to configure AE on your system.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Acadia,
    I think you have to configure AE according your needs and which other softwares you use and that is different for each user. Any personal advice might not be valid for your total system.

    My policy is to keep AE on maximum security (except Delete Prevention) and I had to make some adjustments of course to keep AE that way.
    I turned off all automatic updates of all softwares, because AE can screw up such an automatic update, if there are changes in executables and those updates can occur at any moment of the day.
    I only have program upgrades, not signature updates and if I have program upgrades, I have to turn off AE.
    The only extra thing I did in AE was configuring FDISR as a Trusted Application.
    The more you use Trusted Applications and Exempted Folders, the weaker AE will be in its protection.
    It's the same in a frozen snapshot : the more you anchor objects, the weaker your frozen snapshot becomes.
    That's why I didn't do any anchoring in my frozen snapshot, because I want my system back as it was after reboot, including AE and all the other softwares + registry.
     
    Last edited: Dec 10, 2007
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    ErikAlbert, curious, why not have delete prevention enabled ?
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Because FDISR gives errors during copy/update between snapshots/archives, including the freeze function.
    You can only freeze the current snapshot and my on-line snapshot is the current snapshot where AE is installed.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    One reason is it will drive you nuts. When windows boots, it does a lot of deleting and recreating log files. AE goes nuts on the deletes.
     
  8. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    @Erik

    You posted not long ago a list of ISR files that you exclude from AE. I can't seem to relocate that thread. If you run across it again i would appreciate the URL, AE while not a cure-all is certainly a very worthy addition, and teamed with my HIPS should complete the circle so-to-speak.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Read post #388 of this thread. :)
    https://www.wilderssecurity.com/showthread.php?t=171576&page=16
     
  10. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Thanks :)

    Anti-Executable tied into a FD-ISR snapshot covered by SandboxIE & Power Shadow plus my HIPS, EQSecure 3.4, makes for excellent coverage.

    One thing i like about AE, it's easy as pie to adjust your whitelist to your needed preferences.
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes, I'm certainly a man of whitelists, they are always COMPLETE and much easier to understand.
    1. The freeze storage is a whitelist of ALL objects on my system partition, anything else is removed during reboot.
    2. AE is a whitelist of ALL executable objects on my system partition, anything else is refused immediately.
     
Loading...
Thread Status:
Not open for further replies.