Hardening Avast 5 settings

Discussion in 'other anti-virus software' started by alberto_balsalm, Feb 6, 2010.

Thread Status:
Not open for further replies.
  1. alberto_balsalm

    alberto_balsalm Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    4
    Hi, all. Decided to try out Avast 5 when it was released and have been pleased so far.

    I was wondering though, what you all suggest as far as hardening/securing Avast's settings for optimal protection/optimal performance (speed).

    For example, do you select 'all packers', set heuristics to high or normal, use transient/persistent caching. And also what are the drawbacks/advantages to using your specific settings.

    I'd like to get a good discussion going on this subject.

    Thanks a lot, and love the site.
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Default settings are optimal. You just might want to set heuristics for all shields to High. At least that's what i did. Everything else is fine.
     
  3. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    he only other thing i do is set the scan options all to add pup's during the scans. i found after doing some testing the hueristics on high was not much better than default really
     
  4. alberto_balsalm

    alberto_balsalm Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    4
    Yeah, I disabled the IM and Mail shields since I don't use them, set the heuristics to high, and disabled transient and persistent caching since I thought it might be more secure to scan the files at all times instead of waiting for new virus defs/etc.
     
  5. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I checked the box to activate scanning for pup's on the shields.
     
  6. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    I believe the caching is a very useful addition and doesn't compromise security. I think the caching causes Avast to only scan previously scanned files when the files themselves change; not the virus defs. It speeds up scans significantly.
     
  7. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    I did this too... for awhile. I have too many Nirsoft utilities to leave it checked - too chatty with it turned on.


    I unchecked "Do not scan verified system DLLs". I'm assuming avast! is checking the file signature against a whitelist to at least verify the file is good. After reading The Art of Computer Virus Research and Defense by Peter Szor (well I'm 90% finished at this point) and learning how some viruses can infect files without changing sizes or checksums, it made me a bit paranoid on relying on such things.

    What do you guys think about this setting?

    On a side note, I would highly recommend this book. It is very informative. I just wish I remembered Assembler better so that I could follow the code examples more closely.
     
  8. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    all i do is check PUP for everything and set heuristic to high on everything.
     
  9. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    Hi do you save on resources if disabling those 2 services?
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I don't know where do ppl get idea that caching compromises security in any way. What difference does it make to scan already scanned file over and over with same signature? It's not like the detection will miraculously appear out of nowhere. When program updates definitions, that file is scanned and then cached until the defs are updated again. Or in case when that very file gets modified. Because when it gets modified, it's considered as new file and thus scanned again. There are no compromises here. It's just improved logic.
     
  11. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    +1 to Rej's comment about caching and this is one of Avasts most appealing features IMO in addition to the boot time scan, anti-rootkit features, detection, and customization, although to date I've only read about it and haven't tried Avast since I tested it a few years ago.

    Since I haven't used it I'm not sure what default settings are and I'd like to hear opinions on a couple settings too.

    'all packers' - scanning compressed files? A lot of people complain about the performance impact with this enabled and state such files will be scanned before they are opened anyway, what is the general opinion on this...best enabled or not?

    heuristics to high or normal - I'd prefer them on high and have a higher chance of FP's, I'll research if a file tests positive, for a more novice user I'd leave this at normal

    transient/persistent caching - I think the basic difference is transient cache is more temporary and persistant cache is a stronger way to prevent re-scanning of files even after updates & rebooting, I'd choose the persistant cache, if you think this is less secure choose transient or disable caching if you feel necessary and don't mind a lot of disk activity.





    From avasts forum:

    Use transient caching - if transient caching is used, a file that has been
    scanned, and in which no infection was detected, will not be scanned again the
    next time it is accessed. However, this is only valid until the next virus
    definitions update, as the file may contain an infection that was not previously
    detected but which may be detected based on the new virus definitions. Also,
    information that the file is clean will only be stored in the computer's
    operating (temporary) memory. This means that when the system is restarted the
    information will be lost, therefore the file will also be scanned again the next
    time it is accessed after a system restart. This box is checked by default; if
    you want files to be scanned every time they are accessed. this box should be
    unchecked.

    Use persistent caching - if persistent caching is used, the information about
    the scanned file is stored in the permanent memory. This means it is not lost
    after a system restart and it is also not affected by virus definition updates.
    Consequently, persistent caching is suitable only for files which are guaranteed
    not to contain any virus infection e.g. operating system files, files signed by
    trusted publishers, or other files covered by the avast! whitelist. This box is
    checked by default; if you want all files to be scanned regardless of their
    trust status, this box should be unchecked.
     
    Last edited: Feb 7, 2010
  12. alberto_balsalm

    alberto_balsalm Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    4
    @ Rejzor:

    Maybe you have a point (you're obviously more knowledgeable about these things than I am), but then why have an option to disable/enable these features? Why not make them default, without an option to turn on/off the features? This is why I am curious.

    @ Captain Ron:

    I was also wondering about enabling all packers. Would that make avast slow down just the system scanning time, like the wording of the avast help file seems to suggest, or would it cause avast to affect system performance, however negligible.

    @ acuariano:

    I would also like to know. I'm assuming it does, but you know what they say about assuming... :D

    -------------------

    One addition I would like to have seen is a button to reset all defaults.
     
  13. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    alberto, I would say they include these settings so advanced users can customize Avast to their liking. I *think* that scanning all packers would adversely affect overall performance since it scanning archives takes longer than ordinary files and it will scan each accessed archive file, maybe someone could verify that for us.
     
  14. YanK33

    YanK33 Registered Member

    Joined:
    Jan 30, 2010
    Posts:
    195
    i try it and have problems with the network shield but overall a good AV from default settings
     
  15. alberto_balsalm

    alberto_balsalm Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    4
    What kind of problems are you having with the network shield?

    I have it enabled right now, but was wondering if it is necessary. After all, I'm not connected to any wireless network.

    I really think avast's helpfile needs a good overhaul. It's pretty vague in most area's and in some areas, such as the 'network shield' section, it simply says "there are no settings for this shield." Strange...

    And the 'behavior shield' section...I haven't seen any activity in the graphs, and there is also zero info on the shield in the help file.

    What's going on here?
     
Loading...
Thread Status:
Not open for further replies.