Antivirus most compatible with CFW?

alrite so I use CFW for its good leak protection

now I looking for an AV with good heuristics (not interested in signatures cause they’re dumb & only hog down memory. I only want good heuristics/behavior blocking)

I’m also more interested in proactive aspect, not cleanup & removal

so which one is most compatible with CFW?

btw Avira is free but they’ve gone over to the dark side recently, so that aint no option

and Comodo AV also aint no option cause they’re not rated by the famous VB100, which means their heuristics aint strong enough

so which ones you recommend?

I recommend avast. But i disabled all shields while installation, apart from the “local” antivirus one. Together with comodo you just need an antivirus.
Never had such a low resource usage! And so much usefull features! I would never had used avira if avast had been my first. I switched when avira went… you named it :smiley:

NOTE: Dont use the avast web shield together with comodo. As this is like a proxy which isnt controlled by comodo.
Avast has many “shields”. But if you look close, you might not be in need of most of them. I kept just one. “Data system protection”. And comodo.

avast looks intersting BUt check the file (real time) protection, it has a bug: even if you disable on-write alarm (and only leave on-execution alarm), avast still throws up an alert if you write an infected file

(I had a test exe which I knew was infected, I opened it with notepad and avast didn’t alert me - which was good - but if I made a copy of that exe then avast threw an alert even though on-write alarm was off!)

so in avast theres no way to enable real-time protection for execution only :frowning:

If i read this topic, i would choose avast :slight_smile:

Since i have it, the daily amount of scanned files is lower than ever before. A lot.
There are a lot of settings. Lots of choices. Best performance from what i can tell.

What you describe as a bug, would save the a… of another user. :slight_smile:

bleh not really

technically its stilla bug (write check disabled means it should be disabled)

also theres no danger in writing a virus file, only execution is dangerous

like when I tried to hex edit a virus file (to see if scanner would detect the new file, to test heuristics), but I couldnt save the new file cause write check was still active even though I switched it off >:(

For danger loving people there is the choice to exclude a folder. :slight_smile:

Copying scratches: Writing, reading, “executing”.
So i definitely expect to get a malware alarm if a malicious file gets copied.

Its a point of view. The actual happening is usefull for the average user. You are an exception, who knows what you are doing :slight_smile:
But there is a setting for your attempt.

I know, the setting is “writen protection” or something like tat. but it dont work, cant be disabled

but how is writing a virus dangerous? its like writing a text file
its only dangerous if its run

also if the AV checks everytime something is written then it hogs down hard drive & resources and I aint got a strong PC, thats another reason to only check on file execution…

I tested avast on a computer from 2004 for long. Thats why i found it to be the low resource demander of what i am speaking about.

Avast has some “built in” exceptions in default. And a statefull function, and so much settings available. Together with comodo (thats your question anyway) you can strip down avast to a core functionality of antivirus.

In contrast to you, i find “write only scan” the most usefull, if you are using comodo. IF i wanted to make an exception like a game folder etc.

Also, the statefull function works well. Not everything gets scanned.

If you know a better program/combination, just tell.
When avast would have been part of cis, cis would be like the perfect thing in my eyes (no, not with v6 interface)

“stateful”? what stateful function? ??? (unless your talking about firewalls, but avast aint got a firewall function…)

The function that can be enabled for each or several scans to build a persistent list of files that do not have to be scanned again. Dont know the english name atm. (Persistent cache?)

The setting structure is not optimal.
You have settings for every thing on its own.
And you have a more general setting section (top left).
After you found out, this makes sense :smiley:

How did you switch it off?

? it’s as simple as switching off the other options (execution & read) in File System Protection settings: just untick all the boxes in the ‘write’ section

You actually ENABLE the scan if you untick the box. :wink:
The headline is called “exclusions” ? So you have to make the mark where you want to have a scan exclusion!

In your case the only place without a mark should be: Execution.
If you select your whole drive with this exclusions, avast will scan only on execution.

Important:
If you spoke about the direct settings, not the exclusions, try the exclusions like described above. You will get the expected result.
(Make the direct settings like they have been before.)

BUT make sure that you dont create a “blind spot”. I use exclusions for points where no infection should happen, so the least layer of protection is enough (like write only). I dont disable protection for any point though! Just reduce the resource to a reasonable level. While comodo covers the rest.

Thats why avast is ideal with comodo.

the exclusions apply to all scans (execution, opening & writing) so that’s be dangerous. there aint no exclusions for writing-only

nope that’s not how the bug works

antivirus → file system shield → settings → scan when writing

http://oi46.tinypic.com/21kas00.jpg

and it still reacts when writing bad file

(I tried ticking that option instead to see if maybe the settings were “reversed”, but it still reacts)

I also tried unticking everything in “scan when executing” and “scan when opening” as well as “scan when writing”, but the bug persists. the only way it won’t react on writing is if I disable the entire file shield

it’s too bad there’s such serious bug cause it looks like quite a good AV both light on resources & user-friendly & with good proactive performance according to reviews (reactive/removal part sucks compared to bitdefender or kasperski or comodo, but I’m mostly looking for a good proactive AV - in other words good behavior blocker & good heuristics - cause prevention comes 1st)

but what good’s an AV where the user settings ain’t applied
maybe I’ll go to the avast forum & tell them about it cause it really sucks that such an obvious bug aint fixed yet. those countless alerts ■■■■ me off (I’m testing the AV with bad files but since it alerts me everytime I copy a bad file, ain’t practical)

ps. bitdefender & kaspersky are supposed to be good on both proactive & reactive, but the former is bloated & very user-unfriendly, and the latter’s behavior-blocker hogs up resources :confused:

Removed various unneeded line breaks for a better flow when reading. Eric

Leave the shield settings as they are. And make an exception under the shields setting instead. That way you only exclude specific files/folders from this “shield”!
You can get what you want. With exceptions. And furthermore, you can make specific choices which gain performance, without reducing security (if done right).

You can choose general exceptions in general settings (not recommended), or shield specific exceptions in shield settings (avoid creation of blind spots!).

If you want a scan only when executing a file:

Exception file/or folder/or drive:
X Read
X Write
O Execute

(X= marked, O= blank)

nope tried that too, it’s even worse. also tried excluding a specific folder from r/w just in case I was getting the wildcards wrong. this time the alert was triggered even when I right-clicked

actually its a general bug: Avast can’t tell the difference between read, write & execute

when “scan on execute” only is enabled, Avast still scans the file even when trying to read it (like when trying to right-click)

what’s worse it I can actually get avast to react when I read or write but execute (which is the opposite of what I want), but not the opposite. they completely messed up that one
the program’s even buggier than I thought

but hey you can test it yourself: there’s a reputable site which tests leak-protection of firewalls (comodo fw got the best results there), you can download a file called “jumper.exe” (it tests dll-injection & process hijacking)
there’s several versions of it including a command-line & a GUI version which are different, I’m talking about the GUI version with a bug icon so I’ll put the link to the right version here:

http://www.matousec.com/downloads/windows-personal-firewall-analysis/leaktests/Jumper.zip

put that exe in a custom folder (you gonna need to disable avast file shield first because of the bug) then see if you can tick the right options or make an exclusion or whatever, so that avast reacts ONLY when you double-click on the file (ie. try to run it)
you must be able to open the file’s folder, left-click on the file, right-click, open with notepad, with a hexedit…and make copy of it (to same folder or elsewhere) without Avast reacting (no alerting no scanning)
see for yourself if it works
hehe

I have a better antivirus than before. I am fine.
But if you see a bug, tell them.
Your scenario does not happen here, so i cant tell about the bug.

Post results of bug report. :slight_smile:

not sure what you mean? ???
did you test it? if so what happens? (and what doesnt happen?)

and what version you using? latest final or latest beta?

Post results of bug report. :)
they dont check feedback often apparently, so I aint holding breath

I meant, i dont have a scenario were this bug would appear to me. I exclude reading for some folders, things dont get read scanned, etc.
Its better than the antivirus i had before.
Its statefull.
I dont handle with virus, so i dont have an impact from the bug. But enough benefit to suggest that program.