Use AVAST as a super light and easy to use ANTI-EXECUTABLE (Guide)

Status
Not open for further replies.

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Disclaimer: "misuse" of AVAST is for members looking for a real easy to use Anti-Executable and quiet HIPS, not for average anti-virus user.

Install AVAST free with file shield only

upload_2016-12-28_9-32-13.png


Make it a easy to use ANTI-EXECUTABLE with a cloud based white-list

upload_2016-12-28_9-36-51.png


Make it run super light with near zero delay in program startup (apply tweak only when you have UAC on)

upload_2016-12-28_9-42-37.png




Increase sensitivity of HIPS (tweak is only for seasoned forum members)

upload_2016-12-28_9-53-14.png


Tweaks turn modest PC (dual core Celeron)

upload_2016-12-28_10-1-31.png


Into a six year laptop with reasonable enough performance for browsing and office tasks

C:\Program Files\Chromium\chrome.exe - 5 executions with MSE on default
2.4337 (cold start after reboot)
0.8923 (consecutive cached starts)
0.9246
0.8755
0.9103

C:\Program Files\Chromium\chrome.exe - 5 executions with tweaked AVAST
1.2320 (cold start after reboot)
0.4052 (consecutive cached starts)
0.3933
0.3543
0.3739

Note: I use @RejZoR tips to make Avast more silent
 
Last edited:

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
No it is more a replacement for people running the abondoned No Virus Thanks, run out of the first year free of SecureAPlus year or run into problems by one of the VoodooShield updates.

I had VoodooShield on my wife's laptop and one of the updates crashed VS itself, so I decided to look for an easy to use alternative. I just can''t use stuff without tweaking it, which is sometimes dis-functional and sometimes provides alternative solutions ;)
 
Last edited:

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
No it is more a replacement for people running NoVirusThanks n default settings or run out of the Freemium SecureAPlus year or as in my situation one of the VoodooShield updates made it crash on my wife's laptop, so I decided to look for an easy to use alternative
Seems like a nice idea but if you want to try another free anti exe with low load based on windows abilities alone use Rehips in Normal mode and changing the default isolated program rules to allow.
If you want 0 load do the same but select no gui and lockdown mode on(no alerts blocks everything unknown).

No online list though only default program rules.
 

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Yes, ReHips is interesting, but it is still in closed beta and as you smentioned it does not have the massive cloud white-list of AVAST. It is my wife's laptop and AVAST aggressive mode is intended for people with low security awareness or interest.
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Yes, ReHips is interesting, but it is still in closed beta and as you smentioned it does not have the massive cloud white-list of AVAST. It is my wife's laptop and AVAST aggressive mode is intended for people with low security awareness or interest.
It has open beta also but you are right it doesn't have a massive whitelist. Your method is better for the user intended to use the system.
 

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
@Windows_Security Thanks for the guide. Made me seriously consider avast! as both an anti-executable and antivirus. I want to use ERP but it's abandoned. avast! is surely a good additional free anti-executable alternative to recommend people to in spite of the death of one.

May I ask though, what threats/compatibility issues are there to keep UAC when excluding the folders from the antivirus in the guide above to warrant it? If the whitelists works as it does in Comodo Internet Security, then UAC doesn't seem to be necessary as an increase of marginal security and that one has a sucky antivirus. @cruelsister 's avast video though lead me to conclude that avast! aggresive mode behaves differently. So again, the wondering.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Honestly the reputation services of Avast needs more improvement which in general not effective, instead the overall focus went to Hardening Mode.

They need to balance the usage of cloud analysis and AI.


Well Immunet Protect is another good supplement for the setup but actually Avast alone is enough.
 

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
@TerrakionSmash
UAC was one of the features introduced with Vista, although not designed as a security mechanism, it helps to increase security like ASLR, Smartscreen, protected mode, Control Flow Guard, signing drivers, et cetera because it makes crossing boundaries harder for malware.

When power brakes were introduced people doubted on the practical use in terms of people dying in car crashes, same applies for power steering, anti-lock brack systems, traction control, stability control et cetera. Despite all these improvements people still crash their car.

How many car owners will remove all these systems in their car after having seen one video of a car crashing? So why do you show this type of behavior when it is a PC? When you are skilled enough to disable UAC you are also skilled enough to find a trick or program to bypass elavation requests.

The threat is a that user land program may change executables in Windows and Program Files folders without you knowing and with the exclusions added in Avast file shield both Windows and Program Files are not fully protected by your AV neither. It is better to set UAC to elevate silently, than to disable it because you still have folder and registry protection by UAC.

When you set UAC to elevate silenty this tweak prevents unsigned programs to elevate. You can switch it on and off when you might need to install an unsigned program (with the tweak ON, you still can run unsigned programs).
 
Last edited:

Windows_Security

Level 24
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Well [enter random name of product] is another good supplement for the setup but actually [enter random name of other product] alone is enough.

I don't know whether it is intended as a joke, but it made me smile :D I have no answer why I tweak stuff when it works well out of the box.
 
Last edited:

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Disclaimer: "misuse" of AVAST is for members looking for a real easy to use Anti-Executable and quiet HIPS, not for average anti-virus user.

Install AVAST free with file shield only

View attachment 128997


Make it a easy to use ANTI-EXECUTABLE with a cloud based white-list

View attachment 128998


Make it run super light with near zero delay in program startup (apply tweak only when you have UAC on)

View attachment 128999



Increase sensitivity of HIPS (tweak is only for seasoned forum members)

View attachment 129002


Tweaks turn modest PC (dual core Celeron)

View attachment 129003


Into a six year laptop with reasonable enough performance for browsing and office tasks

C:\Program Files\Chromium\chrome.exe - 5 executions with MSE on default
2.4337 (cold start after reboot)
0.8923 (consecutive cached starts)
0.9246
0.8755
0.9103

C:\Program Files\Chromium\chrome.exe - 5 executions with tweaked AVAST
1.2320 (cold start after reboot)
0.4052 (consecutive cached starts)
0.3933
0.3543
0.3739

Note: I use @RejZoR tips to make Avast more silent
great post, thanks.
users should know that hardened mode will not apply default/deny to scripts, but only to .exe files.
also, it is dependent on internet connection.
nevertheless, it is a massive increase in security.
 
Last edited:

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
hello, thank you for your guide. I already applied some of them. I have a few questions:
1/ Why do you disable Reputation service and cybercapture? I think reputation service can catch some of the malwares with poor reputation. I saw it in action so many times in my laptop and youtube reviews. Cybercapture is broken I agree but it may be improved later
2/ Web shield can slow down browsing experience especially for some users. I have seen so many complains but so far I have never seen such slow down in all devices I installed (1Gb of RAM, slow internet connection). It can block phishing websites and malwares (js ransomwares downloading payloads) if we enable "warn when downloading files with poor reputation". Avira browser safety is a good alternative but it's just a blacklisting program without any scanning method
3/ I also disable "transient caching", after this, all the PCs I installed were lightning fast. This is the cause of high disk usage/activity
4/ I also increase the heuristics to max. For me most of the false positives come from the harderned mode in both levels. Yes leave it normal can improve the speed
 
Last edited:

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
hi
but it was developed by avast to be faster , i guess they use hashes to skip files in the whitelist
I don't think so. According to the description:
Use transient caching - if transient caching is used, a file that has been scanned, and in which no infection was detected, will not be scanned again the next time it is accessed.

However, this is only valid until the next virus definitions update, as the file may contain an infection that was not previously detected but which may be detected based on the new virus definitions. Also, information that the file is clean will only be stored in the computer's operating (temporary) memory.

This means that when the system is restarted the information will be lost, therefore the file will also be scanned again the next time it is accessed after a system restart. This box is checked by default; if you want files to be scanned every time they are accessed. this box should be unchecked.

It means the files are cached in the memory (ram) until the signature is updated or system is restarted. Then, the files will be scanned again and again -> higher disk usage

I just enable Persistent caching -> specific files will be scanned 1 time and never be scanned again

This theory works for me. very fast and light
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top