Use AVAST as a super light and easy to use ANTI-EXECUTABLE (Guide)

Status
Not open for further replies.
RejZoR

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Disabling transient and permanent cache would make no sense at all. Both are designed to improve performance.

How do you mean "scanned again and again". It'll be scanned again only if system restarts or you receive signature update in between. Which means it'll be scanned just once until those conditions are met again. As for the caching, they don't actually cache the files in memory. They cache files in terms of building an index of what was scanned and what wasn't, meaning it doesn't actually use any RAM to store huge files.
 
  • Like
Reactions: HarborFront, Sr. Normal 2.0, Andy Ful and 2 others
E

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
RejZoR said:
Disabling transient and permanent cache would make no sense at all. Both are designed to improve performance.

How do you mean "scanned again and again". It'll be scanned again only if system restarts or you receive signature update in between. Which means it'll be scanned just once until those conditions are met again. As for the caching, they don't actually cache the files in memory. They cache files in terms of building an index of what was scanned and what wasn't, meaning it doesn't actually use any RAM to store huge files.
Click to expand...
I know but according to my experience disabling transient caching significantly reduces disk usage
I always had a problem with high disk usage in my extremely slow PC. After disabling, avast always stayed calm. I also read some comments in avast forum about high disk and CPU usage in the past (old version) and many of them ended up with this solution (lscache.dat constant disk usage). In this new version, lscache.dat is not longer available but I'm fine with it. Just my real usage, regardless of the explanation
 
  • Like
Reactions: HarborFront, Sr. Normal 2.0, Andy Ful and 1 other person
RejZoR

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
It would make no sense if caching somehow made more disk activity... Also be aware that often Windows sees certain things like double the activity where in fact you have less. For example, Web Shield traffic is often counted as double transfers even though it's really just single, but monitoring interfaces count it as once for download and once for pass through the Web Shield. I'd say file scanning is the same thing. Windows sees it as double HDD activity, but in reality, it's even less.
 
  • Like
Reactions: HarborFront, Sr. Normal 2.0, Andy Ful and 3 others
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
RejZoR said:
It would make no sense if caching somehow made more disk activity... Also be aware that often Windows sees certain things like double the activity where in fact you have less. For example, Web Shield traffic is often counted as double transfers even though it's really just single, but monitoring interfaces count it as once for download and once for pass through the Web Shield. I'd say file scanning is the same thing. Windows sees it as double HDD activity, but in reality, it's even less.
Click to expand...
@RejZoR, what are your "tips to make Avast more silent"?
 
  • Like
Reactions: HarborFront, Sr. Normal 2.0, Andytay70 and 2 others
Windows_Security

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
shmu26 said:
great post, thanks.
users should know that this will not block scripts, it only works with .exe files.
also, it is dependent on internet connection.
nevertheless, it is a massive increase in security.
Click to expand...

Could you edit/correct your post, because this is what Avast checks at on execute access

upload_2016-12-28_21-16-30.png
 
  • Like
Reactions: HarborFront and Sr. Normal 2.0
Windows_Security

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Evjl's Rain said:
hello, thank you for your guide. I already applied some of them. I have a few questions:
1/ Why do you disable Reputation service and cybercapture? I think reputation service can catch some of the malwares with poor reputation. I saw it in action so many times in my laptop and youtube reviews. Cybercapture is broken I agree but it may be improved later
2/ Web shield can slow down browsing experience especially for some users. I have seen so many complains but so far I have never seen such slow down in all devices I installed (1Gb of RAM, slow internet connection). It can block phishing websites and malwares (js ransomwares downloading payloads) if we enable "warn when downloading files with poor reputation". Avira browser safety is a good alternative but it's just a blacklisting program without any scanning method
3/ I also disable "transient caching", after this, all the PCs I installed were lightning fast. This is the cause of high disk usage/activity
4/ I also increase the heuristics to max. For me most of the false positives come from the harderned mode in both levels. Yes leave it normal can improve the speed
Click to expand...

AD 1. When you use HARDENED MODE AGGRESSIVE only white-listed programs are allowed (so AVAST could even run without blacklist data base or reputation service or cybercapture)

AD 2. I only install file shield in this setup with Avast Online Security extension. The rest is up to your preference.

AD 3. Disabling caches decreases performance normally, only with insufficient memory the cache could be swapped in and out, but that would be a rare and unique situation valid for you, but which should not be translated into best practises (because it is not in most cases).

AD 4. Fine, I have raised it to the max to see whether it impacts anaything, thanks
 
  • Like
Reactions: Sr. Normal 2.0, Solarlynx and Evjl's Rain
Windows_Security

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Program Data shoudl be used to store data of programsTo improve perfo. rmance you exclude read/write access checks, but leave the on execute on. When programs behave well, they don't execute anything in Program Data and leaving the execute check on has no peformance impact. When programs behave bad and execute stuff from Program Data folders, you want Avast to check it anyway. Hope this explains the choices.

I don't know what the HIPS monitors. It think it will be out in 2017 version (replaced by AVG behavioral blocker)? Rezjor has tested AVG IPS module against ransomware, it did well. Until 2017 is final I use AppCheck as a backup for Avast whitelist.

Cruels Sister test Avast in hardened mode link and AppCheck link
 
Last edited:
  • Like
Reactions: Av Gurus, Evjl's Rain and Sr. Normal 2.0
S

Sr. Normal 2.0

@Windows_Security thanks for this guide. I have not used Avast for many years and maybe try it today to see this working.

And thanks @RejZoR for sharing your settings

Both are really interesting :) Thanks again
 
E

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
TerrakionSmash said:
@Windows_Security What does only monitoring execute and excluding scan on write on ProgramData do and what does avast's HIPS do/monitor?
Click to expand...
Avast's HIPS monitor is close to useless. I set it at max.
during the whole year of using it, it just shows prompts about applications wanting to create startup entries, allow or not. I have never seen anything different
HIPS is just not about startup entry. This is useless for me
 
  • Like
Reactions: HarborFront and Sr. Normal 2.0
RejZoR

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Evjl's Rain said:
Avast's HIPS monitor is close to useless. I set it at max.
during the whole year of using it, it just shows prompts about applications wanting to create startup entries, allow or not. I have never seen anything different
HIPS is just not about startup entry. This is useless for me
Click to expand...

It was never meant to be a full fledged HIPS. Though, in the 2017 version, they've entirely removed it in favor of Software Analyzer, a full fledged, highly efficient behavior blocker.
 
  • Like
Reactions: Handsome Recluse, Sr. Normal 2.0, Evjl's Rain and 1 other person
russ0408

russ0408

Level 5
Verified
Well-known
Jul 28, 2013
238
This might be a bit off topic, but I was wondering if anyone heard when Avast 17.1.2283 was coming out of beta? I heard January.
 
D

DC47561

Level 3
Verified
Feb 3, 2017
102
Looks like a very decent setup for Avast! especially when combined with a limited user account setup. Thanks for sharing this :)
 
Status
Not open for further replies.

Similar threads

Victor M
    • Like
NixOS it's strengths, weaknesses and how to fix them
Replies
4
Views
824
ChromeOS & Linux
Brahman
Brahman
J
    • Love
    • Applause
Opera launches Opera One R2 – the best Opera Browser to date
Replies
7
Views
393
Opera
Gandalf_The_Grey
Gandalf_The_Grey
Tutman
    • Like
I just wanted to play Duck Hunt with my kids’: the man on a mission to bring back the light gun
Replies
0
Views
994
News Archive
Tutman
Tutman

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top