KAV Personal Pro 5.0 setup for speed & accuracy

Discussion in 'other anti-virus software' started by halcyon, Nov 23, 2004.

Thread Status:
Not open for further replies.
  1. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    I'm about to trial KAV Personal Pro 5.0 (latest build).

    However, before I install, I have a few questions I was hoping the resident KAV users could perhaps answer:

    1) What options to choose during install?

    2) Is there already a build of KAV P Pro 5.x that allows user NOT to install ADS-tagging at all (tags never get added)?

    3) How to optimize KAV Personal Pro for speed and accuracy so that:

    3.1) real-time scanning and protection is good, but doesn't compromise speed a lot

    3.2) on-demand scanning is as extra-thorough and super-accurate as possible, and can be slow as well.

    4) How to configure Personal Pro 5.0 to use super extended databases (and is it worthwhile doing so)?

    I'd appreciate any help on these issues.

    Best regards,
    Halcyon
     
  2. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    My experience is with KAV 5.0 WS, but it's very similar to KAV 5.0 Pro

    1) You are not given options at install time - it's a flat install. The module design of 4.5 is not present.
    2) You don't have the option to do this at install time. Once installed you should be able to disable iStreams/iChecker from all the relevant scan scopes.
    3) I'm still working on this one.
    4) Can't do that automatically yet as far as I know.

    Blue
     
  3. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,000
    You can certainly use the extended database in the KAV 5 version!
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    In KAV 5.0 Personal - yes, they are available. In KAV 5.0 Personal Pro or KAV 5.0 WS, the answer is not yet as far as I know.

    Blue
     
  5. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Ok,

    I will then wait for a version of Personal Pro (5 series) build that:

    - enables super extended databases

    and

    - disables ADS-tagging at install time

    If you have any speed/accuracy configuration tips, I'm all ears (or in this case, eyes) :)

    Thanks!
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    halcyon,

    I'm still working on my adjustments here, but this is where I'm at to date:

    1. On the start-up scan: The way this scan is default configured can really place a tug on system resources - it's basically set to perform a comprehensive system wide scan on machine startup. If you reboot infrequently, you may feel this is not a huge deal since the scan is performed and then you're done with it. But if you do reboot frequently and perform a regular comprehensive run of the "Scan My Computer" task, the startup scan can be knocked down quite a bit in aggressiveness.

    Under Settings>User Tasks>Automatic Scan on Application Startup>Properties>Configure Scan

    Settings -
    • Objects to scan - Infectable Objects by format
    • Actions to be performed on infected objects - Prompt user for action when scan completed
    • Actions to be performance on suspicious objects - Prompt user for action when scan completed
    Details - Under Exclude from scan
    • Check Objects and then select Modify. Click add and navigate to the "My Computer" level and add any hard drives on the system.
    • Check Email format files
    • Check Email databases
    • Check Do not use iStreams
    • Check Do not ask for password for password protected objects.
    • Do not scan composite objects over 8 MB
    Now, let's turn out attention to the standard demand scan. Under Settings>User Tasks>Scan My Computer>Properties>Configure Scan

    Settings -
    • Objects to scan - Infectable Objects by format
    • Actions to be performed on infected objects - Prompt user for action when scan completed
    • Actions to be performance on suspicious objects - Prompt user for action when scan completed
    Details - Under Exclude from scan
    • Check Email format files
    • Check Email databases
    • Check Do not use iStreams
    • Check Do not ask for password for password protected objects.
    Finally, some adjustments of the realtime monitoring are in order. Under Settings>Configure Real-time Protection

    Under Manage Settings>Protection Level - Select Lowest (bottom) protection level (High Speed) on the default collection of options - I basically start here to set all the macros setting to run/prompt.

    Now, under Manage Settings, select Additional Settings

    Files -
    • Objects to scan - change to Infectable Objects by format
    • Actions to be performed on infected objects - change to Block access, prompt user for action
    • Actions to be performance on suspicious objects - change to Block access, prompt user for action
    Details - Under Exclude from scan
    • Objects>Modify>Add - added directories for Agnitum, ProcessGuard, NSClean - minimize impact of logging actions from these apps.
    • Add check to Do not use iStreams; the following others should already appear (check if not)
    • Files on Network Drives
    • Embedded OLE Objects
    • Self-extracting archives
    • Stop scan if longer than 60 sec.
    Select tab labelled Scripts. Check Prompt user for action.

    These are my current settings and they appear to provide a reasonable mix of performance and coverage for real world exposure - which is dependent on usage habits. Keep in mind that I'm trying to maximize for speed while providing for decent coverage for my own usage habits, appropriate settings may differ for other users. As nameless stated it so appropriately here,

    KAV 5.0 does have some resource issues under the default settings.

    In some casual testing, I recently ran quick head-to-head coverage comparisons of KAV 5.0 WS (using settings above)/KAV 4.5 WAS/NOD32/NOD32&BOClean/Dr. Web/Bitdefender/F-Prot in an effort to avoid the clinical conditions mentioned by nameles. I tried to replicate use conditions and went to websites where I knew malware in the form of trojan downloaders would attempt to infect. On initial exposure I was protected only by the AV and Outpost Pro firewall. I allowed any action noted by the AV to be blocked/deleted. The only other actions blocked were outbound communications captured by the firewall. I then rebooted to survey the net impact. I have BOClean on this installation - it was shutdown for the infection phase, but ran on reboot and did halt execution of and delete a dropped trojan for all cases except KAV and NOD32&BOClean - these were clean on reboot. For the very limited challenge that I performed KAV 5.0/KAV 4.5/NOD32&BOClean ran neck and neck. NOD32 alone was next. F-Prot/Dr. Web/Bitdefender brought up the back. Any of the last three augmented with BOClean should be basically equivalent to the NOD32/BOClean combination, but run alone NOD32 did outperform them in this isolated challenge. As is noted in many posts at Wilders, NOD32 augmented by a dedicated AT is a powerful combination with NOD32/BOclean being a rather resource light option. While the settings listed above do speed KAV along, NOD32/BOClean remains a somewhat quicker combination on my PC. I'm still weighing my options for final configuration.

    I also have run into one instance where my exclusionary check of "Do not use iStreams" was not persistent. This also happened to me with the beta test version. Not sure what's going on here.

    Finally, while KL's support is typically praised as unmatched, I'd rate my own experience over the past few months as very marginal. I've not had a single response to multiple e-mails with specific questions regarding KAV 5.0 WS usage/configuration/bugs - my experience may be unique. I note this only to emphasize that any user may experience a support shortfall from any of the AV vendors at some point in time. Plenty are reported here. From time-to-time, they all can drop the ball. User's should not make purchase decisions based on isolated anecdotal reports of support issues, and that includes this report. It's only one facet of the analysis and I feel a minor one at that since the quickest responses often come from the user community here and elsewhere.

    Blue
     
    Last edited: Nov 27, 2004
  7. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    Thanks a lot for the info!
     
  8. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    My pleasure,

    The other point I'd add is that you can develop a good sense for the settings that KL feels tradeoff speed and coverage by looking at each of the default group settings of High Speed, Recommended, and Maximum Protection. This is done by selecting one of those options on the slider bar (see screenshot below) and then hitting the Additional settings button. That will lead you to the detailed options screens with the respective KL specified options already selected.

    Need more speed? - go with scanning infectable objects by extension under realtime scanning and increase the number of exclusions under the Details setting associated with Objects to Scan

    Blue
     

    Attached Files:

  9. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    This confuses me. The whole point of iStreams is to increase performance, right? (It prevents files from being scanned unnecessarily.) So how could disabling iStreams increase performance?
     
  10. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    It could be due to preference of the whole iStreams.

    It tags all files. That increases fragmentation likelihood and speed a lot on many systems.

    For me the only reason I don't currently buy KAV is the lack of an installer that allows me to disable iStreams at install time (files never get tagged).

    I wouldn't mind additional speed, but if it happens at the expense of fragmentation, I'm not too sure about it...
     
  11. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    nameless,

    Just my preference at this point based on functionality. During my testing of the beta version, it did incur a decided hit on speed, see here. As IgorK notes here, there is an equilibration phase in the first couple of weeks after an installation, so I assume those numbers really refer to that phase - even though the tests that I performed went well beyond the two weeks mentioned by Igor.

    In any event, I'll take it as a given that I may be sacrificing some speed here, but it should be almost exclusively on system scans. I perform these off-hours, so that scan time is not an issue for me unless it extends to multiple hours. I take a bit of a hit on the startup scan, but I've severely curtailed that one, so the net real impact is minor. Regular comprehensive scans are performed, so the scale back of the startup scan should not be a vulnerability. For the most part, the slowdowns that get my attention is when I'm working on files uploaded from a laptop and/or surfing. In these cases, the file content always new to the system, dynamic in nature, and transient on the system. My read on iStreams - and the details provided on it by KL are few and far between - is that there's little positive benefit in this situation. I don't see a large downside, although the anecdotal tales of compatibility issues do lurk in the back of my mind.

    The net result - I'll skip iStreams for now and re-examine my position as time passes.

    I'm not sure how much I'd focus on the fragmentation issue. As detailed here, it's an issue with System Restore - not wholesale file fragmentation. It's only a concern when the files are being actively accessed, which in these case is only during restore or a defragmentation operation. It is apparently eliminated with the shutdown of either System Restore or iStreams. It would be nice to allow some customization during the installation, but I don't think that is to be with this flavor of KAV.

    Blue
     
  12. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    Halcyon!!!
    pleae get the latest version of KAV 5.0 personal
    NO iStreams!!!!!!
     
  13. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    @halcyon - for #4, as i searched the kaspersky labs for av def. downloads i found the following:

     
  14. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Those having problems with a long startup scan, can apply this registry tweak to stop it;


    Tweak found here; http://forums.useice.com/cgi-bin/ikonboard.cgi?;act=ST;f=1;t=1703;st=10

    There is also a similar tweak for the WorkStation version.
     
Thread Status:
Not open for further replies.