Status
Not open for further replies.

RejZoR

Level 14
Verified
Disabling transient and permanent cache would make no sense at all. Both are designed to improve performance.

How do you mean "scanned again and again". It'll be scanned again only if system restarts or you receive signature update in between. Which means it'll be scanned just once until those conditions are met again. As for the caching, they don't actually cache the files in memory. They cache files in terms of building an index of what was scanned and what wasn't, meaning it doesn't actually use any RAM to store huge files.
 

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
Disabling transient and permanent cache would make no sense at all. Both are designed to improve performance.

How do you mean "scanned again and again". It'll be scanned again only if system restarts or you receive signature update in between. Which means it'll be scanned just once until those conditions are met again. As for the caching, they don't actually cache the files in memory. They cache files in terms of building an index of what was scanned and what wasn't, meaning it doesn't actually use any RAM to store huge files.
I know but according to my experience disabling transient caching significantly reduces disk usage
I always had a problem with high disk usage in my extremely slow PC. After disabling, avast always stayed calm. I also read some comments in avast forum about high disk and CPU usage in the past (old version) and many of them ended up with this solution (lscache.dat constant disk usage). In this new version, lscache.dat is not longer available but I'm fine with it. Just my real usage, regardless of the explanation
 

RejZoR

Level 14
Verified
It would make no sense if caching somehow made more disk activity... Also be aware that often Windows sees certain things like double the activity where in fact you have less. For example, Web Shield traffic is often counted as double transfers even though it's really just single, but monitoring interfaces count it as once for download and once for pass through the Web Shield. I'd say file scanning is the same thing. Windows sees it as double HDD activity, but in reality, it's even less.
 

shmu26

Level 85
Verified
Trusted
Content Creator
It would make no sense if caching somehow made more disk activity... Also be aware that often Windows sees certain things like double the activity where in fact you have less. For example, Web Shield traffic is often counted as double transfers even though it's really just single, but monitoring interfaces count it as once for download and once for pass through the Web Shield. I'd say file scanning is the same thing. Windows sees it as double HDD activity, but in reality, it's even less.
@RejZoR, what are your "tips to make Avast more silent"?
 

Windows_Security

Level 23
Verified
Trusted
Content Creator
hello, thank you for your guide. I already applied some of them. I have a few questions:
1/ Why do you disable Reputation service and cybercapture? I think reputation service can catch some of the malwares with poor reputation. I saw it in action so many times in my laptop and youtube reviews. Cybercapture is broken I agree but it may be improved later
2/ Web shield can slow down browsing experience especially for some users. I have seen so many complains but so far I have never seen such slow down in all devices I installed (1Gb of RAM, slow internet connection). It can block phishing websites and malwares (js ransomwares downloading payloads) if we enable "warn when downloading files with poor reputation". Avira browser safety is a good alternative but it's just a blacklisting program without any scanning method
3/ I also disable "transient caching", after this, all the PCs I installed were lightning fast. This is the cause of high disk usage/activity
4/ I also increase the heuristics to max. For me most of the false positives come from the harderned mode in both levels. Yes leave it normal can improve the speed
AD 1. When you use HARDENED MODE AGGRESSIVE only white-listed programs are allowed (so AVAST could even run without blacklist data base or reputation service or cybercapture)

AD 2. I only install file shield in this setup with Avast Online Security extension. The rest is up to your preference.

AD 3. Disabling caches decreases performance normally, only with insufficient memory the cache could be swapped in and out, but that would be a rare and unique situation valid for you, but which should not be translated into best practises (because it is not in most cases).

AD 4. Fine, I have raised it to the max to see whether it impacts anaything, thanks
 

Windows_Security

Level 23
Verified
Trusted
Content Creator
Program Data shoudl be used to store data of programsTo improve perfo. rmance you exclude read/write access checks, but leave the on execute on. When programs behave well, they don't execute anything in Program Data and leaving the execute check on has no peformance impact. When programs behave bad and execute stuff from Program Data folders, you want Avast to check it anyway. Hope this explains the choices.

I don't know what the HIPS monitors. It think it will be out in 2017 version (replaced by AVG behavioral blocker)? Rezjor has tested AVG IPS module against ransomware, it did well. Until 2017 is final I use AppCheck as a backup for Avast whitelist.

Cruels Sister test Avast in hardened mode link and AppCheck link
 
Last edited:
S

Sr. Normal 2.0

@Windows_Security thanks for this guide. I have not used Avast for many years and maybe try it today to see this working.

And thanks @RejZoR for sharing your settings

Both are really interesting :) Thanks again
 

Evjl's Rain

Level 45
Verified
Trusted
Content Creator
Malware Hunter
@Windows_Security What does only monitoring execute and excluding scan on write on ProgramData do and what does avast's HIPS do/monitor?
Avast's HIPS monitor is close to useless. I set it at max.
during the whole year of using it, it just shows prompts about applications wanting to create startup entries, allow or not. I have never seen anything different
HIPS is just not about startup entry. This is useless for me
 

RejZoR

Level 14
Verified
Avast's HIPS monitor is close to useless. I set it at max.
during the whole year of using it, it just shows prompts about applications wanting to create startup entries, allow or not. I have never seen anything different
HIPS is just not about startup entry. This is useless for me
It was never meant to be a full fledged HIPS. Though, in the 2017 version, they've entirely removed it in favor of Software Analyzer, a full fledged, highly efficient behavior blocker.
 

russ0408

Level 4
This might be a bit off topic, but I was wondering if anyone heard when Avast 17.1.2283 was coming out of beta? I heard January.
 

DC47561

Level 3
Looks like a very decent setup for Avast! especially when combined with a limited user account setup. Thanks for sharing this :)
 
Status
Not open for further replies.
Top