Resident task settings Scanner (Basic) and Scanner (Advanced) Risk vs Performanc

I have searched the forums and have not been able to get a clear answer as to what these settings exactly do and what are the risks of changing them.

My Preferred settings:

  1. Scanner (Basic)
    a) Scan diskette boot sectors → checked
    b) Scan OLE Documents on open → checked
    c) Scan executed programs → unchecked
    d) Scan dynamic libraries … → unchecked
  2. Scanner (Advanced)
    a) Scan files on open → unchecked
    Scan files with these extensions → blank
    b) Scan created/modified files → checked
    All files → selected

Firstly I want to know if in Scanner (Advanced) with Scan files on open checked AND Scan files with these extensions blank, does Avast scan anything or nothing? Is leaving it blank the same thing as filling it with a single * or asterisk? In other words does blank mean scan all extensions OR does it mean dont scan any extension?

Secondly in Scanner (Basic) with Scan executed programs unchecked will CDROM, USB drives and other external media still get scanned on executables Open/Run directly from removable media? Or does it disable scanning of executables completely, irrespective of whether they are launched from the hard disk or from removable media?

Thirdly in Scanner (Basic) with Scan executed programs unchecked and in Scanner (Advanced) with Scan created/modified files checked and All files selected, is it possible to still get infected? What is a probable pathway? Is it possible for a program to be “executed” without being first created on the hard disk?
Assume there is only one OS on the system with access to the drive. Further assume that there is no possibility of accessing the hard drive except through the OS installed on the hard drive.

Thanks in advance,
Emmanuel

p.s. My PC has become a lot faster ever since I disabled Scan executed programs, thats why I am asking.

If you havent already done this, recomended

avast! 4 FAQs http://www.avast.com/eng/faq-avast-4-home-professional.html
avast! User Guides and Manuals http://www.avast.com/eng/download-user-guides-and-manual.html

I think DavidR is the one to answer this, he is in here somewhere and will probably respond soon :wink:

Nothing much of use to be found there. Will wait for DavidR, if you say so…

For the most part the default settings provide the best balance between protection and performance.

See images of my existing Settings with the Standard Shield set to Normal.

With those settings I have zero impact on performance and I don’t believe any issue with protection and I have been using avast for a little over five and a half years. I would only consider changes if your system was experiencing performance issues.

There will always be an increased risk the more scanning options that you disable and for me the only reason to disable any default setting would be performance and avast is relatively light on resources. I don’t know exactly the full impact of disabling elements are, but I do trust Alwil to have given considerable thought in the default settings when it comes to the best balance between protection and performance.

Your Preferred settings My thoughts:

  1. Scanner (Basic)
    a) Scan diskette boot sectors → checked
    b) Scan OLE Documents on open → checked
    c) Scan executed programs → unchecked - downright dangerous
    d) Scan dynamic libraries … → unchecked - Not an issue if you aren’t using XP if you are risky
  2. Scanner (Advanced)
    a) Scan files on open → unchecked - risky but 1c. above may reduce from downright dangerous
    Scan files with these extensions → blank
    b) Scan created/modified files → checked
    All files → selected - I have gone further (only default extension set) as my image shows, this only scans files at risk of infection

I wish someone could answer the 3 specific questions I have raised rather than giving their own opinions. I want facts please!

Firstly I want to know if in Scanner (Advanced) with Scan files on open *checked* AND Scan files with these extensions *blank*, does Avast scan anything or nothing? Is leaving it blank the same thing as filling it with a single * or asterisk? In other words does blank mean scan all extensions OR does it mean dont scan any extension?

Secondly in Scanner (Basic) with Scan executed programs unchecked will CDROM, USB drives and other external media still get scanned on executables Open/Run directly from removable media? Or does it disable scanning of executables completely, irrespective of whether they are launched from the hard disk or from removable media?

Thirdly in Scanner (Basic) with Scan executed programs unchecked and in Scanner (Advanced) with Scan created/modified files checked and All files selected, is it possible to still get infected? What is a probable pathway? Is it possible for a program to be “executed” without being first created on the hard disk?
Assume there is only one OS on the system with access to the drive. Further assume that there is no possibility of accessing the hard drive except through the OS installed on the hard drive.

Sorry I bothered in wasting your time and mine.

@DavidR

You did not waste my time.

@mavin

You should have more respect of an avast! Überevangelist

The opinions given by DavidR are based on his 5+ years’ power-user experience, and hence are facts.

@DavidR,

Always look forward to your ever-helpful contributions to discussions in this forum. Thank you for sharing your Scanner settings.

I have no wish to start a flame war. I would much appreciate answers to my three questions.

For as long as everything is enabled on BASIC page, you should be fine. But it’s recommended to keep it at least on Normal setting.

But my three specific questions are still unanswered :cry:

Of course it became faster. It’s not scanning 99% of the files. And 99% of the threats are executables (i’m exaggerating a bit but it’s not far from that). You can optimize scanning whatever way you like for as long as everything under BASIC tab is enabled. Once you start disabling these, you’re sacrificing more than you gain by using antivirus. Because in such case you might just as well just remove antivirus.

Well I still have scan on create/modify enabled. So you are just sidestepping question no 3. Looks like I shall have to find someone who knows, possibly a developer.

All of the info you asked, has been answered. The info I have referenced is from the avast help file, available at pondus’ link or through the program directly…

It seems that that box specifies additional filetypes to scan…

[b]Scan files on open.[/b] In addition to the file types set on the Scanner (Basic) page, you can specify other file types, recognized by the file extension, that will be scanned on starting/opening. The extensions should be separated by comma. You can use the wildcard "?" (e.g. if you want all .htm and .html opened files to be scanned, enter either "htm,html" or use the wildcard - "ht?"; in the later case, however, all files with extensions starting with "ht", such as "htt", will be scanned).
Secondly in Scanner (Basic) with Scan executed programs *unchecked* will CDROM, USB drives and other external media still get scanned on executables Open/Run directly from removable media? Or does it disable scanning of executables completely, irrespective of whether they are launched from the hard disk or from removable media?
I would leave it on.
[b]Scan executed programs.[/b] Before starting any program, it will be scanned for viruses.
Thirdly in Scanner (Basic) with Scan executed programs *unchecked* and in Scanner (Advanced) with Scan created/modified files *checked* and All files selected, is it possible to still get infected? What is a probable pathway? Is it possible for a program to be "executed" without being first created on the hard disk? Assume there is only one OS on the system with access to the drive. Further assume that there is no possibility of accessing the hard drive except through the OS installed on the hard drive.
As DavidR said,
c) Scan executed programs -> unchecked - [b]downright dangerous[/b]

I would leave both checked…

Secondly in Scanner (Basic) with Scan executed programs *unchecked* will CDROM, USB drives and other external media still get scanned on executables Open/Run directly from removable media? Or does it disable scanning of executables completely, irrespective of whether they are launched from the hard disk or from removable media?
I would leave it on.

Of course you would leave it on. But that is your opinion. It doesn’t answer my question whether removable media will still be scanned.

c) Scan executed programs -> unchecked - downright dangerous
I would leave both checked...

Yes you would leave both checked. By your logic Avast should not even have an option to uncheck these. There should be only one option: Turn Avast On or turn Avast Off. Obviously the developers have brains. That is why they left these options configurable. There are situations in which one can work with perfect protection even with some of these options unchecked. I just want to understand those situations. Your “woulds” and “wouldnts” really dont help me, sir!

You are missing the point, and not reading the things I quoted from the help files. And taking my posts out of context…

The first setting says that ANY executed program is scanned, unchecking it, will scan NONE.

The second one is a preventative measure of sorts, this setting will as it says, scan ALL files created or modified…

Having the second one on and not the first, would in theory be an option, however what about files that are not created/modified?
Say from a flash drive or cd, they are executed (not modified/created) and therefore would not be scanned…leaving you prone to infection…

Definitive enough?

In the end, it boils down to user configurability, avast! is designed in a way so that it is as configurable as possible…so it is your choice…

Hmm in that case, if you are absolutely sure, then Comodo looks like an interesting option with its Stateful Scanning Level, and another item to hit the Avast Wishlist I guess!

From the Comodo User Manual

Stateful - Not only is Comodo Internet Security one of the most thorough and effective AV solutions available, it is also very fast. CIS employs a feature called Stateful File Inspection (tm) for real time virus scanning to minimize the effects of on-access scanning on the system performance. Selecting the ‘Stateful’ option means CIS scans only files that have not been scanned since the last virus update - greatly improving the speed, relevancy and effectiveness of the scanning.

I feel sorry for your computer then.

+1

Isn’t that the same sorta thing that is being introduced into avast in version 5? Persistent scanning, or something like that?
Or have I misunderstood?