In this option you reduce the effects of overlaps by:
[ol]- Preventing packages from monitoring each other by excluding security package directories from monitoring.
- Run batch functions that overlap at different times. For example run AV and spyware scans at different times - but remember that scans can take variable lengths of time.[/ol]
This option is much more difficult to implement - attempt it only if you are reasonably technically competant. It is quite easy to make mistakes that create security flaws.
Excluding directories
You must do this in both CIS and the other packages, and you must cover all functions in each package. Also you should exclude all directories – those under Documents and Settings as well as Program Files and ProgramData, and within Documents and Settings, those under the All Users profile as well as those under normal users’ profiles, and in each user profile under %Userprofile%\Local Settings \AppData (a hidden directory) as well as %UserProfile%\AppData. Also all subdirectories of these directories.
You may also need to exclude temporary files generated in temp directories (eg C:\Windows\Temp; %UserProfile%\Temp; C:\Temp) by each security package from monitoring. You can only do this safely if they have an unusual and predictable name format, as it is unsafe to exclude whole temporary directories from monitoring. To exclude files with known name formats you will need to use wildcards (eg*). This is supported by CIS but may not be supported in other packages.
Function by function guide
Antivirus
CIS AV overlaps with anti-spyware real time scanners as well as AV scanners. Email AV scanners as well as file scanners. If you wish to exclude other security package’s directories in CIS you can do this using both the Excluded Paths and Excluded applications tab in In this option you reduce the effects of overlaps by:
[ol]- Preventing packages from monitoring each other by excluding security package directories from monitoring.
- Run batch functions that overlap at different times. For example run AV and spyware scans at different times - but remember that scans can take variable lengths of time.[/ol]
This option is much more difficult to implement - attempt it only if you are reasonably technically competant. It is quite easy to make mistakes that create security flaws.
Excluding directories
You must do this in both CIS and the other packages, and you must cover all functions in each package. Also you should exclude all directories – those under Documents and Settings as well as Program Files, and within Documents and Settings, those under the All Users profile as well as those under normal users’ profiles, and in each user profile under %Userprofile%\Local Settings \Application Data (a hidden directory) as well as %UserProfile%\Application data. Also all subdirectories of these directories.
You may also need to exclude temporary files generated in temp directories (eg C:\Windows\Temp; %UserProfile%\Temp; C:\Temp) by each security package from monitoring. You can only do this safely if they have an unusual and predictable name format, as it is unsafe to exclude whole temporary directories from monitoring. To exclude files with known name formats you will need to use wildcards (eg*). This is supported by CIS but may not be supported in other packages.
Function by function guide
Antivirus
CIS AV overlaps with anti-spyware real time scanners as well as AV scanners. Email AV scanners as well as file scanners. If you wish to exclude other security package’s directories in CIS you must do this using the both Excluded Paths and the Excluded Applications tab in Advanced Settings ~ Security Settings ~ Antivirus ~ Exclusions. If you wish to reschedule batch scans in CIS you need to use Advanced Settings ~ Security Settings ~ Scans ~ Edit
Defense plus / Program behavior control
CIS Defense plus overlaps program behavior control systems and local ‘behavior blockers’ in other packages – for example the ‘OS firewall’ in Zonealarm, AviraProactive, Norton Sonar, Threatfire, Kapersky Proactive Protection, Online Armour Program Guard. If you wish to exclude other security packages directories in CIS you are best to make the contents of these directories 'Exceptions’ from Behavior Blocking and Shellcode protection in Advanced Settings ~ Security Settings ~ Defense Plus ~ Behavior Blocker ~ Settings. Making them ‘Trusted Files’ in Advanced Settings ~ Security Settings ~ File Rating ~ Trusted Files may not be sufficient. The easiest way to do this is to create a File Group which includes all the directories involved using the Groups button in Advanced Settings ~ Security Settings ~ Defense Plus ~ HIPS ~ Protected Files and then select this group when defining exceptions.
Firewall
Overlapping functions in other packages will probably be called ‘firewall’ or ‘network firewall’ or ‘network protection’ or something similar. If you wish to exclude other package’s directories in CIS you need to do this by making Application Allow rules for incoming and outgoing communication in Advanced Settings ~ Security Settings ~ Firewall ~ Application Rules. The easiest way to do this is to create an allow rule which references the Defense+ file group you may have created in the last section. If you do not have a Defense+ group see the last section for how to create it.