Would like recommendations !

I was disappointed that there were no replies to this post several weeks back

https://forums.comodo.com/general_discussion_off_topic_anything_and_everything/slow_response_when_clicking_on_cpf_and_resource_usage_by_other_programs-t12442.0.html

For many years it was strongly recommended that you run anti virus program (loads at startup), but that you could run 2 different software firewalls although not recommended. That has changed to only one software firewall. And now anti Spyware programs especially those that use HIPS might be causing conflicts among them selves.

In the earlier post I mentioned about how long it took Comodo to change after the allow or deny was clicked. That was because of hight cpu usage. When one programs runs many times it triggers other programs, during installation, or routine scanning.

I uninstalled Spyware Doctor Starter Edition and things got better. Instead of 15 seconds for the allow/deny pop up to close now its down to 3-5 seconds at the most.

When I notice things sluggish I try and check the task manager

the highest usage are Windows Defender MsMpEng.exe, BOC425.exe, Avira avGuard/avgnt, Spyware terminator etc if they are running. MsMpEng and BOC425 seem to pop up for most activities when another security program is running.

Here are the security programs I am running at startup
Comodo Firewall Pro current version
BoClean
Avira Free edition
Spyware Terminator
Spyware Guard
Spy Bot Search and Destroy (Tea Timer and Resident)
Spyware Blaster
StartUp Monitor
StartUp Control Panel
Verification Engine
I have loaded but not running
A2 Squared free version
Ewido now AVG anti spy ware free version
plus a few other programs.

Also installed IE7 Pro Plug In (wonder if any others that use IE7 have tried it out?)

Thank you for suggestions of any uninstalling I can do, either completely or just not loading at startup.

UncleDoug

too much too much

1st, ST and SBSD r both resident and got HIPS AS–>take out 1 of em, i suggest take out SBSD.
2nd, HIPS fr either of em should monitor startup which makes SM,SCP overlap–> take out these 2.
3rd, do u enable AV fr ST (which is ClamAV)? if yes then another conflict between 2 AVs: Avira and Clam -->suggest take out Clam.
4th, turn out anti-phishing fr IE since u got VE.
5th(optional), try Opera so u dun need SB, SG.
6th, do u use MS Defender coz i see u mention it?if yes then take out.
7th (optional), set A2, AVG AS services as manual. U haf a pretty gud protection so i think u its uneccessary to haf A2, AVG AS services run as automatically. Wen u wanna scan, run–>services.msc–>start a2, avg as services–>update–>scan–>turn off services.

and i also dun kno wat is IE pro plugin? I never use IE.

no, ST’s Clam av is fine.no conflict. i use it along with my CAVS

Thank you for responding aladinoul !

  1. Knowing there might be a conflict I did not run HIPS in Spyware Terminator. Did not know it was part of Spybot.

2)Will Hips tell me during an installation that certain files want to run at StartUp That is why I use StartUp Monitor, And Start Up control panel is to try and stop some files from loading after the program is already loaded (there are some like Quick Time and Windows Media Player etc that do not listen and try to sneak in when you go to a new page with out clicking on anything.

  1. Also did not install Clam.

  2. Problem is that currently there probably are more on the IE black list than VE has on it’s white list. Really would like to!

  3. Would prefer currently to stay with IE7. Thought there might duplication with SG possibly SBSD also wondered if SB might be duplicated some where and which performed the best, it has been a while since SG had an update.

  4. Windows Defender is one that I had targeted for removal. Since it is Strongly recommended by Microsoft (I know I know its their puppy) , but it just might get into areas that are blocked to other software. Hoped to see 5 or more suggesting why to keep it or remove it.

  5. Have A2, and AVG AS set to manul. Not sure why but when I want to update I have to go into services.msc and hit start. I just leave alone and both automatically STOP. Just checked, manually did updates and scans with both 2-3 days ago and in services.msc both are Stopped.

IE7 Pro is a plugin with quite a few features. One I like is it stops the ad at the top right of the MSN home page and instead you get a one line Click On to see. Did not check block flash.

Another featue is Crash Recovery. If for some reason you need to close the system other than the normal process through IE when you reboot you will get options of which programs you want to return to by checking the box.

UncleDoug

Again Thank You for responding, it was a long shot on the 3rd question in the un answered post from Sept. especially since so many programs block DoubleClick. But thought I would have gotten 2-3 replies to question 1 and 2.

ganda,
With so many programs for additional anti spyware scans I do it online with several leading sites, like Kapersky and Norton, and about 3 others. Stopped using Panda because after a scan I would get emails for about 2 months from them. And for some reason I did not use Mcaffee online to scan.

           As I mentioned before, words have meanings, with Avira the pop up starts with [u]"Block"[/u] then Quarantine,  then delete.  Most others have just Quarantine  then delete.  Plus in tests it may not be the best but still is one with a high detection rate.

           IF (one of the biggest 2 letter words in the English language). IF I had the funds, my choice for an anti virus programs were  Nod32, Avira  Paid version, and Kapersky.

UncleDoug

urhmm… aladinonl actually :slight_smile: ur welcome!

1) Knowing there might be a conflict I did not run HIPS in Spyware Terminator. Did not know it was part of Spybot.
tho HIPS is not activated, 2 antisyware at da same time stil can slow u down.
2)Will Hips tell me during an installation that certain files want to run at StartUp That is why I use StartUp Monitor, And Start Up control panel is to try and stop some files from loading after the program is already loaded (there are some like Quick Time and Windows Media Player etc that do not listen and try to sneak in when you go to a new page with out clicking on anything.
dis is an important feature of a HIPS. But some uncomprehensiv HIPS wont monitor registry or startup entry. I dun use ST so i dun kno, SBSD i used long time ago before; but I hope they hav coz ST/SBSD is an AS and AS HIPS should has dis feature.
3) Also did not install Clam.
no, ST's Clam av is fine.no conflict. i use it along with my CAVS
abt Clam, I dun use ST so i dun kno how it utilizes Clam. but share w u abt clam in winpooch.

Winpooch is an opensource HIPS which can utilize Clam either thru xternal Clam dat u installed in ur PC or its internal Clam.

-thru xternal Clam: winpooch triggers Clam process to scan in real-time and as u kno, how turtle ur comp can become T_T; CPU 99% most of time, high Ram.
-thru internal Clam come w winpooch: better, ~50% CPU, 40M for clam process only. Cant update Clam database as winpooch havnt upgraded since 2006 -->go-along clam havnt upgraded since then and clam server deny all old clam versions (so for Clam, u haf to upgrade after some times in order to update).

4) Problem is that currently there probably are more on the IE black list than VE has on it's white list. Really would like to!
  1. Would prefer currently to stay with IE7. Thought there might duplication with SG possibly SBSD also wondered if SB might be duplicated some where and which performed the best, it has been a while since SG had an update.

just FYI, besides speed, Opera comes w effectiv popup, script, flash, cookie control. Anti-phing is powered by GeoTrust and PhishTank, 2 reliable org.
6) Windows Defender is one that I had targeted for removal. Since it is Strongly recommended by Microsoft (I know I know its their puppy) , but it just might get into areas that are blocked to other software. Hoped to see 5 or more suggesting why to keep it or remove it.
actually its not so bad, recommended by download.com and pcmag. But if u keep it for on-demand scan, its process ~ 20M means u can haf a mor efficient resource usage w A2 (~2M) w a non-negotiable detection. Mor dan dat, a M$ app dun integrate w xplorer is just stupid. w A2, AVG AS, rite click-->scan, nice.
7) Have A2, and AVG AS set to manul. Not sure why but when I want to update I have to go into services.msc and hit start. I just leave alone and both [u]automatically[/u] STOP. Just checked, manually did updates and scans with both 2-3 days ago and in services.msc both are Stopped.
if ur suffice in RAM, u dun need to set it manul, just coz im usin laptop and speedie so i try to suppress all unneccessay things as much as possible. urhmm, not sure ur concern tho.. if u set automatically and stop da service after dat, it stil run automatically next time u reboot. manual, once u start it, it will continue run until u stop it manually. after reboot, it wont run automatically.
IE7 Pro is a plugin with quite a few features. One I like is it stops the ad at the top right of the MSN home page and instead you get a one line Click On to see. Did not check block flash.

Another featue is Crash Recovery. If for some reason you need to close the system other than the normal process through IE when you reboot you will get options of which programs you want to return to by checking the box.


do u haf to pay for di$ ?

UncleDoug

Again Thank You for responding, it was a long shot on the 3rd question in the un answered post from Sept. especially since so many programs block DoubleClick. But thought I would have gotten 2-3 replies to question 1 and 2.


:slight_smile:

Uncle Doug,

VE is not a whitelist or blacklist of sites; it works completely differently. VE checks the site’s ownership credentials to tell you if it is who it says it is. The “phishing” type blockers are based on blacklisting approach; you can probably get better results from an integrated Hosts file, or SpywareBlaster, combined with VE. (Just IMO)

Also, you’re way way way overkilled (again, just IMO) on your software setup. And you can’t run TeaTimer in conjunction with BOC - TeaTimer causes conflicts (which may be why you’re seeing high CPU from BOC).

My personal suggestion is that if you have a strong, reliable AV running actively, this should be sufficient when combined with BOC (unless you are prone to malware).

I have no problems, however, with MS Defender; it doesn’t have the best ratings, but no free program does that I’m aware of. I also have no problem with Spyware Terminator and its HIPS. However, I wouldn’t run both; I wouldn’t run two, and I wouldn’t run two HIPS. Both ST and MSD provide some good information about what’s going on, and don’t just report on cookies (like a lot of AS’ do).

I’ve used a startup control program before, but no longer do so. One thing I learned from Kevin (BOC’s creator) is that Windows’ startup is a free-for-all, so unless you’re having trouble, these programs typically just waste resources. If you want to make sure your startup entries are protected, I’d suggest either a HIPS that will guard it, or investigating the necessary registry hacks to manually protect it (wherein you would have to manually add any items).

Just FYI, there are some good free HIPS out there, that do a lot more than ST does (not slamming ST, just that it’s pretty basic in that regard).

Hope that helps,

LM

PS: You might check out A2 Hijack Free, if you like their products. It’s an on-demand app that allows you to check and control a lot things (like startup entries).

Thanks for your reply “Little Mac”

       Wondered about those integrated Host Lists, wondered how they perform versus SpywareBlaster.  Forgot the name but 1 or 2 or mentioned at other sites.  Does SpyBot also have a block file?

       I turned of TeaTimer and Resident Helper.  Found resident Helper was duplicating some of the initial allow/deny pop ups I was getting from StartUp Monitor.  

       The reason I mentioned MS Defender is when ever I saw a slow down and checked Task Manager Windows Defender had High CPU usage, activated when another security program was running.  Did not know Windows Defender had HIPS?

I did not activate the HIPS in Spyware Terminator. I expect v3 of the firewall to be out shortly and it has HIPS and a Memory Guardian feature in it.

First program I thought of when you said cookies was Adaware. Recently the only items that Spyware Terminator finds is 1 to 3 cookies.

I liked the version of Spyware Doctor Starter Edition I was using, but not the CPU usage like Windows Defender. As I mentioned the response time on the Comodo Firewall allow/deny pop ups went from 15 seconds after clicking on it, to 4-5 seconds. That made a BIG difference during installations.

Let me know IF one of the programs I use already duplicates what SpywareGuard does. I might delete it along with Windows Defender.

Once a program is installed HIPS will protect it but what about those hidden files that do not need to run at start up. Like

Quick Time qttask.exe (very Very Annoying and stealth) went to a site and immediately got the pop up it wanted to run at start up (did not click on anything). Without the Startup monitor it would have loaded. I know 1 or 2 of the programs I am using also have a similar feature. But I prefer keeping using the two I have and StartUp Monitor uses only 152k ram and the StartUp Control Panel is not listed in the Task Manager.

Windows Media Player WMPNSCFG wants to run at startup every time I click on it.

Yahoo Pager tries to install with Yahoo Messenger.

There probably are a dozen or more that to run at startup and do not need to but those 3 have been the most annoying, And since they were part of the initial installation (not sure if they were stealthed) I don’t think HIPS would have caught them.

Since I try and control what runs at startup my system loads a lot faster!

As I mentioned above I am waiting for CFP 3.0 and it will have both HIPS and Memory Guardian.

Not active I have A2 Squared and AVG anti Spyware to manually scan. Had Adaware but not sure if I want to reinstall the latest release.

Wondered about root kit scans read that Sopho (guessing at name) but was supposed to have had higher detection rates than the 2 I have. I know they should not get in when the beta software are released, But the human factor, does not prevent errors, I have 3 others using this computer.

Thank you for your recommendations.

UncleDoug

I liked the version of Spyware Doctor Starter Edition
I dun use starter edn but tried da Pro edn and just got tired after few hours. PC was unusuable. Turn off keylogger shield and web shield as ppl suggested relieved situation a lil bit.
My personal suggestion is that if you have a strong, reliable AV running actively, this should be sufficient when combined with BOC (unless you are prone to malware).
I totally agree w dis. If I'm not wrong then Avira also detects spyware (is it?), combine w BOC, its gud enuf. Consider my word: Dun b so paranoid.

For ur startup list: qttask.exe,WMPNSCFG,Yahoo Pager: kill kill kill and kill all Windows startup entries!

There probably are a dozen or more that to run at startup and do not need to but those 3 have been the most annoying, And since they were part of the initial installation (not sure if they were stealthed) I don't think HIPS would have caught them.
No, a HIPS which monitors registry will notify it. (do u kno startup entry is actually a registry entry?) and if u got a gud HIPS(rite now, System Safety Monitor free edition is ■■■■ gud enuf), thro away ur Startup thingies. Those things r only 4 paranoid newbies:) (im kinda newbie too but not so paranoid). U even dun need any app to control ur startup in case u even dun kno or scare abt registry: Run-->msconfig-->startup.

In msconfig, u also can control ur services.
And more information, wasted services is also slowing down and security loopholes. Theres a thread somewhere in Comodo forum discussing abt this or u can just google. Disable stupid services is one of da 1st thing i do wen i instal window$.

As I mentioned above I am waiting for CFP 3.0 and it will have both HIPS and Memory Guardian.
yes, CPF3 will monitor ur startup a lots of other things.
Did not know Windows Defender had HIPS?
i say it got light HIPS as it can monitor registry. How strong and good it is? Im not sure, dun use for long time and used for quite short time.
Had Adaware but not sure if I want to reinstall the latest release.
if ur using SE1.06r, fine. But dun use 2007, its bloated.
Wondered about root kit scans read that Sopho
its Sophos. Im not expert in rootkit. Just kno Panda rootkit scanner is best recommended for normal users.

P.S: i rmb bundled into AVG AS r startup, service managers, and system harden also.

I’m not aware of WinDefender having a HIPS aspect to it. Wouldn’t seem very likely, to me.

I wouldn’t worry too much about rootkits unless you think you have some. I’ve run most of the common anti-rootkit apps. Most of them seem to almost be a way to get you to purchase a full version - they’ll perhaps find a rootkit, but not remove it. However, I think the key is to finding the RK in the first place - RKRevealer, GMER, IceSword are probably the best at tracking them down and beginning the process. If you find you have a rootkit, it’s going to take quite a bit to get rid of; more than what your commonly-produced application can do (just IMO). Be sure to read all instructions before trying to attack these things, especially as there are system hooks that might show, which are legit.

aladinonl is correct - startup entries are registry entries. For the more persistent items like QT (ugh!) you’ll probably need to edit the registry (if you’re not going to just uninstall QT completely), and change the startup value. Deleting the key probably won’t do it, as it would repopulate.

And yes, most dedicated HIPS will guard the registry. And there are good free ones (besides SSM), so you have choices.

LM

LM,
What about CPF 2.4
Just pickin at ya but it was rated the best

OD (:CLP)

:slight_smile: i think he meant AS only.
If all, we can bring loads of free dat beat paid.

UncleDoug,

abt da startups, once u kno da list but hesitate which one to keep and which one to get rid of, u can come to here:
http://www.bleepingcomputer.com/startups/

Ha ha, good one! ;D

Yeah, I just was referring to the AS proggies, and also the fact that those doing the “ratings” seem to be biased toward the “paid” rather than “free” for some reason. Maybe they’re getting paid for their ratings…?

LM