Hopefully this will not be a double post since I tried to post a few minutes ago, but had the wrong security answers. When I tried again, it said this post has already been submitted, but I can’t see it.
Thanks to Charyb for steering me to the needed literature.
I have downloaded the free version of Avast! antivirus, but I have a few questions about the settings.
Since I only use web based e-mail, will the mail shield produce any benefits if activated?
I do not use file sharing. So I assume P2P shield should not be activated, is that correct?
Are there any reasons not to use the auto updates for either the definitions or the program?
If I run a full scan, will external hard drives be scanned by default?
What are the pros and cons about leaving the Sandbox active all the time?
Does Avast! produce quite a few false positives? How do you handle them?
1, it’s good to have installed in case a spam bot gets installed on your system.
2, wont hurt leaving it, if it’s not scanning it’s not using any resources.
3, defaults settings are best for this as you don’t wont your program updating automatically as it’ll require a reboot and you may be doing something important.
4, yes.
5, you have the free version so its automatic and only sandboxes suspicious programs which you can set to trusted if you believe they are so.
6, no, very few if any. False positives will be sent to chest which you can return later after reporting the detection first here on the forums to get it checked.
leave it enabled, I would go one step further and bump up the heuristic sensitivity. This can help to identify an undetected/hidden spambot on your system, they come with their own smtp program to send the S P A M. Not to forget if it isn’t actually being used it won’t be using resources.
I don’t use P2P or IM applications and I haven’t got those shields installed.
leave on defaults virus definitions are set to auto and you want those immediately to increase protection. The program update ‘isn’t on Auto,’ for obvious reasons you wouldn’t want a program update start automatically when you are busy.
If these external hard drives are listed in the windows drive list then I believe they should be, but it should be easy for you to check.
You don’t say which sandbox the autosandbox and full sandbox are different and the latter is only on the paid versions.
Relatively few, but that also depends on what the users browsing habits and what they download are. How do you know they are false positives, you need to confirm, virustotal has 40+ scanners. The main thing is ‘first do no harm’ don’t delete, send to chest (default action) and investigate (here).
Some malware sets up proprietary (private) P2P or IM clients for their command and control networks. Perhaps for the same reason the Mail Shield is recommended even for those that don’t use an email client (first sentinal), the other shields should be left on also.
Well if it is setting up its own ‘proprietary’ P2P or IM network then the chances of the avast shield monitoring that is lessened as the proprietary P2P or IM app would be unsupported (not in the list of supported programs).
It would catch them if the malware was mimicking known peers to get by a firewall. For the others, it would likely require further improvements in Avast’s detection methods.
Mimicking, is hardly proprietary. With the Mail Shield it is monitoring the email ports and redirecting them through the mail shield local proxy. For the others it is actually monitoring the program as it does its work (I believe), hence the list of supported programs in those shields.
Most of these P2P and IM programs use certain ports, at least initially to establish contact and set up the transfers, etc. One would think that Avast’s shields would be monitoring them. You may be correct that it only monitors the named process, but that seems a shortcoming in Avast.
As stated, unless there is active processes triggering the shields there is minimal hit to leaving them active. If they are being triggered, then they are doing their job and shouldn’t be disabled or uninstalled. I’m not seeing any load with them in place.