In this option you reduce the effects of overlaps by:
- Preventing packages from monitoring each other by excluding security package directories from monitoring.
- Run batch functions that overlap at different times. For example run AV and spyware scans at different times - but remember that scans can take variable lengths of time.
This option is much more difficult to implement - attempt it only if you are reasonably technically competant. It is quite easy to make mistakes that create security flaws.
Excluding directories You must do this in both CIS and the other packages, and you must cover all functions in each package. Also you should exclude
all directories – those under Documents and Settings as well as Program Files, and within Documents and Settings, those under the All Users profile as well as those under normal users' profiles, and in each user profile under %Userprofile%\Local Settings \Application Data (a hidden directory) as well as %UserProfile%\Application data. Also all subdirectories of these directories.
You may also need to exclude temporary files generated in temp directories (eg C:\Windows\Temp; %UserProfile%\Temp; C:\Temp) by each security package from monitoring. You can only do this safely if they have an unusual and predictable name format, as it is unsafe to exclude whole temporary directories from monitoring. To exclude files with known name formats you will need to use wildcards (eg*). This is supported by CIS but may not be supported in other packages.
Function by function guideAntivirusCIS AV overlaps with anti-spyware real time scanners as well as AV scanners. Email AV scanners as well as file scanners. If you wish to exclude other security package’s directories in CIS you can do this using the Exclusions tab in Scanner Settings. If you wish to reschedule batch scans in CIS you need to use Antivirus ~ Scheduled Scans.
Defense plus / Program behaviour controlCIS Defense plus overlaps program behavior control systems and local 'behaviour blockers' in other packages – for example the ‘OS firewall’ in Zonealarm, AviraProactive, Norton Sonar, Threatfire, Kapersky Proactive Protection, Online Armour Program Guard. If you wish to exclude other security packages directories in CIS you are best to make the contents of these directories ‘Installer/Updaters’ in the Computer Security Policy ~ Defense Plus rules. Making them ‘Trusted Files’ may not be sufficient. The easiest way to do this is to create a File Group which includes all the directories involved using the Groups button in say the Protected files tab of the Computer Security Policy, and then apply the Installer/Updater policy to this group using Computer Security Polcy ~ Defense Plus Rules ~ Add.
FirewallOverlapping functions in other packages will probably be called ‘firewall’ or ‘network firewall’ or ‘network protection’ or something similar. If you wish to exclude other package’s directories in CIS you need to do this by making Application Allow rules for incoming and outgoing communication in the Network Security Policy. The easiest way to do this is to create an allow rule which references the Defense+ file group you may have created in the last section. If you do not have a Defense+ group see the last section for how to create it.