Use AVAST as a super light and easy to use ANTI-EXECUTABLE (Guide)

[Windows_Security]

Disclaimer: "misuse" of AVAST is for members looking for a real easy to use Anti-Executable and quiet HIPS, not for average anti-virus user.

Install AVAST free with file shield only

Make it a easy to use ANTI-EXECUTABLE with a cloud based white-list

Make it run super light with near zero delay in program startup (apply tweak only when you have UAC on)

Increase sensitivity of HIPS (tweak is only for seasoned forum members)

Tweaks turn modest PC (dual core Celeron)

Into a six year laptop with reasonable enough performance for browsing and office tasks

C:\Program Files\Chromium\chrome.exe - 5 executions with MSE on default
2.4337 (cold start after reboot)
0.8923 (consecutive cached starts)
0.9246
0.8755
0.9103

C:\Program Files\Chromium\chrome.exe - 5 executions with tweaked AVAST
1.2320 (cold start after reboot)
0.4052 (consecutive cached starts)
0.3933
0.3543
0.3739

Note: I use @RejZoR tips to make Avast more silent

 

[conceptualclarity]

Can you do this alongside another AV?

 

[Windows_Security]

No it is more a replacement for people running the abondoned No Virus Thanks, run out of the first year free of SecureAPlus year or run into problems by one of the VoodooShield updates.

I had VoodooShield on my wife's laptop and one of the updates crashed VS itself, so I decided to look for an easy to use alternative. I just can''t use stuff without tweaking it, which is sometimes dis-functional and sometimes provides alternative solutions

 

[SHvFl]

No it is more a replacement for people running NoVirusThanks n default settings or run out of the Freemium SecureAPlus year or as in my situation one of the VoodooShield updates made it crash on my wife's laptop, so I decided to look for an easy to use alternative

Seems like a nice idea but if you want to try another free anti exe with low load based on windows abilities alone use Rehips in Normal mode and changing the default isolated program rules to allow.
If you want 0 load do the same but select no gui and lockdown mode on(no alerts blocks everything unknown).

No online list though only default program rules.

 

[Windows_Security]

Yes, ReHips is interesting, but it is still in closed beta and as you smentioned it does not have the massive cloud white-list of AVAST. It is my wife's laptop and AVAST aggressive mode is intended for people with low security awareness or interest.

 

[SHvFl]

Yes, ReHips is interesting, but it is still in closed beta and as you smentioned it does not have the massive cloud white-list of AVAST. It is my wife's laptop and AVAST aggressive mode is intended for people with low security awareness or interest.

It has open beta also but you are right it doesn't have a massive whitelist. Your method is better for the user intended to use the system.

 

[TheMalwareMaster]

Good job! Hardened mode is Always really effective, but, in the past, I noticed some adware was bypassing it, thing which doesn't happen with VoodooShield

 

[Handsome Recluse]

@Windows_Security Thanks for the guide. Made me seriously consider avast! as both an anti-executable and antivirus. I want to use ERP but it's abandoned. avast! is surely a good additional free anti-executable alternative to recommend people to in spite of the death of one.

May I ask though, what threats/compatibility issues are there to keep UAC when excluding the folders from the antivirus in the guide above to warrant it? If the whitelists works as it does in Comodo Internet Security, then UAC doesn't seem to be necessary as an increase of marginal security and that one has a sucky antivirus. @cruelsister 's avast video though lead me to conclude that avast! aggresive mode behaves differently. So again, the wondering.

 

[jamescv7]

Honestly the reputation services of Avast needs more improvement which in general not effective, instead the overall focus went to Hardening Mode.

They need to balance the usage of cloud analysis and AI.


Well Immunet Protect is another good supplement for the setup but actually Avast alone is enough.

 

[Windows_Security]

@TerrakionSmash
UAC was one of the features introduced with Vista, although not designed as a security mechanism, it helps to increase security like ASLR, Smartscreen, protected mode, Control Flow Guard, signing drivers, et cetera because it makes crossing boundaries harder for malware.

When power brakes were introduced people doubted on the practical use in terms of people dying in car crashes, same applies for power steering, anti-lock brack systems, traction control, stability control et cetera. Despite all these improvements people still crash their car.

How many car owners will remove all these systems in their car after having seen one video of a car crashing? So why do you show this type of behavior when it is a PC? When you are skilled enough to disable UAC you are also skilled enough to find a trick or program to bypass elavation requests.

The threat is a that user land program may change executables in Windows and Program Files folders without you knowing and with the exclusions added in Avast file shield both Windows and Program Files are not fully protected by your AV neither. It is better to set UAC to elevate silently, than to disable it because you still have folder and registry protection by UAC.

When you set UAC to elevate silenty this tweak prevents unsigned programs to elevate. You can switch it on and off when you might need to install an unsigned program (with the tweak ON, you still can run unsigned programs).

 

[Windows_Security]

Well [enter random name of product] is another good supplement for the setup but actually [enter random name of other product] alone is enough.

I don't know whether it is intended as a joke, but it made me smile I have no answer why I tweak stuff when it works well out of the box.

 

[Duotone]

@Windows_Security great guide this would really be a good alternative.

 

[jamescv7]

@Windows_Security: Actually I reviewed your post based on what will be alternative setup besides to VS or SecureAplus when suffered performance issues, so that's why Immunet Protect is given.

I'm referring on the cloud functionality of Immunet Protect so more on free version since the paid contains BD signatures I think.

 

[shmu26]

Disclaimer: "misuse" of AVAST is for members looking for a real easy to use Anti-Executable and quiet HIPS, not for average anti-virus user.

Install AVAST free with file shield only

View attachment 128997

Make it a easy to use ANTI-EXECUTABLE with a cloud based white-list

View attachment 128998

Make it run super light with near zero delay in program startup (apply tweak only when you have UAC on)

View attachment 128999



Increase sensitivity of HIPS (tweak is only for seasoned forum members)

View attachment 129002

Tweaks turn modest PC (dual core Celeron)

View attachment 129003

Into a six year laptop with reasonable enough performance for browsing and office tasks

C:\Program Files\Chromium\chrome.exe - 5 executions with MSE on default
2.4337 (cold start after reboot)
0.8923 (consecutive cached starts)
0.9246
0.8755
0.9103

C:\Program Files\Chromium\chrome.exe - 5 executions with tweaked AVAST
1.2320 (cold start after reboot)
0.4052 (consecutive cached starts)
0.3933
0.3543
0.3739

Note: I use @RejZoR tips to make Avast more silent

great post, thanks.
users should know that hardened mode will not apply default/deny to scripts, but only to .exe files.
also, it is dependent on internet connection.
nevertheless, it is a massive increase in security.

 

[Evjl's Rain]

hello, thank you for your guide. I already applied some of them. I have a few questions:
1/ Why do you disable Reputation service and cybercapture? I think reputation service can catch some of the malwares with poor reputation. I saw it in action so many times in my laptop and youtube reviews. Cybercapture is broken I agree but it may be improved later
2/ Web shield can slow down browsing experience especially for some users. I have seen so many complains but so far I have never seen such slow down in all devices I installed (1Gb of RAM, slow internet connection). It can block phishing websites and malwares (js ransomwares downloading payloads) if we enable "warn when downloading files with poor reputation". Avira browser safety is a good alternative but it's just a blacklisting program without any scanning method
3/ I also disable "transient caching", after this, all the PCs I installed were lightning fast. This is the cause of high disk usage/activity
4/ I also increase the heuristics to max. For me most of the false positives come from the harderned mode in both levels. Yes leave it normal can improve the speed

 

[giulia]

hi
i will try it on a laptop
but i would like to watch a test about avast agains ransomware variants
about fast ,i won't say it's fast ,can't find

Note: I use @RejZoR tips to make Avast more silent

they will add soon in the pro version

 

[shmu26]

3/ I also disable "transient caching", after this, all the PCs I installed were lightning fast. This is the cause of high disk usage/activity

thanks for tip

 

[shmu26]

@Windows_Security I want to use ERP but it's abandoned

the dev seems to have abandoned ERP, but the users haven't, because it still works great on all versions of Windows. Its simplicity of design gives it a sort of "immortality".

 

[giulia]

3/ I also disable "transient caching", after this, all the PCs I installed were lightning fast. This is the cause of high disk usage/activity

hi
but it was developed by avast to be faster , i guess they use hashes to skip files in the whitelist

 

[Evjl's Rain]

hi
but it was developed by avast to be faster , i guess they use hashes to skip files in the whitelist

I don't think so. According to the description:

Use transient caching - if transient caching is used, a file that has been scanned, and in which no infection was detected, will not be scanned again the next time it is accessed.

However, this is only valid until the next virus definitions update, as the file may contain an infection that was not previously detected but which may be detected based on the new virus definitions. Also, information that the file is clean will only be stored in the computer's operating (temporary) memory.

This means that when the system is restarted the information will be lost, therefore the file will also be scanned again the next time it is accessed after a system restart. This box is checked by default; if you want files to be scanned every time they are accessed. this box should be unchecked.

It means the files are cached in the memory (ram) until the signature is updated or system is restarted. Then, the files will be scanned again and again -> higher disk usage

I just enable Persistent caching -> specific files will be scanned 1 time and never be scanned again

This theory works for me. very fast and light