Optimal avast! configuration

Discussion in 'other anti-virus software' started by atomomega, Aug 14, 2012.

Thread Status:
Not open for further replies.
  1. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    Hey! This morning I made a fresh install of XP Pro on my dad's pc and need to install an AV. I've already decided it's going to be avast! and I've also decided I'm not interested in having my dad deal with HIPS nor sandboxes nor subscription popups... you know. Neither want to change the registry. I just want to keep it simple with a realtime AV, No Autorun and windows firewall.
    Imaging software and on-demand scanners will be in place of course.

    So I'm looking for the optimal configuration for avast!, last time I used it (a week ago) noticed some drag on performance while streaming media specially on firefox. Not sure if it's the system, but it was a clean install aswell.

    Which shields do you recommend me to install? I wanna keep it as simple and minimalistic as possible.

    Your comments and suggestions will be much appreciated.
     
  2. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I'm running avast! with XP Pro with all shields enabled, and I'm not noticing any drag on performance. I think these things vary enormously from one system to another though so it will probably be a case of experimenting to find what works best for you.

    The one thing that I did find makes a difference is to add all other security applications as Trusted Processes within the Behaviour Shield's Expert Settings. This prevents avast! from monitoring them which not only slightly improves performance but also minimises the risk of conflicts.
     
  3. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    I see. Thank you for your reply. See, I tend to think the problem has to do with script shield and/or web shield. Because it's like i'm on SoundCloud listening to something and then I open a new tab and go to YouTube and while it loads the featured videos, the stream on SoundCloud starts to break-up and skip for some seconds, but you can actually hear it skipping. Viceversa and even when opening a new tab on a random webpage, if I am streaming media, it just starts breaking-up.
     
  4. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    To keep everything simple just put file shield and thats all.
     
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Use all shields and leave them at default config. Thats what's optimal.

    Using just File System Shield is NOT recommended because modules depend on eachother and if you remove them you cut out protection. I'm not sure why they still allow removing individual shields when protection only works if they are all installed.

    For example if you have File System Shield that is also hosting Auto Sandbox module, but you don't use Web Shield, Network Shield and Behavior Shield, Auto Sandbox analysis will not be able to determine if malware inside Sandbox is really malware since it won't be able to analyse connections and file behavior.
     
  6. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Yeah you are right if the web scanner slows you down you can disable that.
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I didn't say anything like that. I said that by removing individual shields you're severely degrading entire protection.
     
  8. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    I agree. :thumb:
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    If I were to find, and I have not, that I could not use all the protection provided I would change AVs. I am not finding any drag with Avast so far.
    Jerry
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    No but sandbox will still be pretty effective with static PE entropology analysis of the file shield combined with vulnability access monitoring of behavioral shield.

    I vote for XP Pro with
    a) Avast file and behavioral shield (all set to auto)
    b) Software restriction policy of XP Pro set to
    - run all internet facing software / threat gates (like FF, WMP, Mail) run as basic user
    - deny execute on USB drives and User Documents (and any other Data partition)
    - include DLL's
    - excluding Administrator
    => right click run as admin (under same user) will install every software, but deny execute on user/data directories will protect him from drive by's
    => run as LUA (basic user) of threatgates (FF, Mail, WMP) will capture exploits in LUA container and protect against most social engneering / shoot in the foot errors (since the malware has no ring 0/admin access, you AV will stop it easily).

    or using all Avast Shields under Admin user as you and several others adviced


    Bottem line: only perform dissection on the shields of your AV when you raise the threshold somewhere else (e.g. full lua or partly lua/deny execute as outlined)
     
    Last edited: Aug 15, 2012
  11. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    Thank you all for your replies. I'm not experiencing any drag while using the machine for regular tasks. It's just while I'm on internet that I noticed that perhaps the Web Shield or the Script Shield are causing this delay on the stream, cause avast!'s tray icon just keeps turning around over and over again.
    Thank you Kees1958, as always your posts leave me with a ? above my head on how to do all that. I wish I knew half of what you know about computer security.
    I already asked on Avast!' forums but looks like nobody else can reproduce this situation, which makes me think it might be my router or my network card, or something in here.

    Thanks again!
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Here is a guide on Software Restriction Policies to get acquinted
    http://www.dedoimedo.com/computers/policies.html

    Here is an explanation on how to run internet facing software as basic user (this works on XP and Vista, not Windows 7)
    http://dougzuck.com/decrease-malware-infections-using-software-restriction-policies

    When you are afraid of adding the hidden basic user by hand through regedit, copy this (below *****) to a notepad, save as basicuser.reg (ansi file) and run
    ******* start ******

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
    "Levels"=dword:00020000



    :eek: :eek: :eek: good luck :D :D :D
    This is how it should look like when running GPEDIT.MSC (group policy editor)
     

    Attached Files:

    Last edited: Aug 15, 2012
Loading...
Thread Status:
Not open for further replies.