Tuesday, April 9, 2013
[Umbra's Impossible Combos] Avast IS + Emsisoft IS
For the elder members here, they know i am a "combo-scientist" , i like to test various combos that were not supposed to be or not known to be possible.
last week, i did i review of Avast IS but i felt lazy to uninstall Emsisoft IS so i decided to see if both could run alongside each other; so there is my result.
What you need
Check my reviews below to understand how they works:
Avast Internet Security
Online Armor Premium
What you have to do
1- Install Emsisoft AM
2- install Online Armor Premium
3- uninstall OAP firewall via the configuration button, OAP will uninstall its firewall completely then reboot. by doing this we keep all the other modules of OAP especially the powerful HIPS
4- turn off Emsisoft AM guards
5- Install Avast IS (all modules), reboot.
6- Turn on EAM guards
after all those step done, we reboot and then we can tweak the apps.
Set the exclusions in Avast
Avast has a lot of modules , so we have to set EAM + OAP running processes in Avast exclusions:
We put Emsisoft processes/folders in every Avast exclusions tab available including File system Shield, Behavior Blocker, Sandbox, auto-sandbox, basic settings.
EAM processes : a2service.exe , a2guard.exe , a2start.exe
OAP processes: oacat.exe , oahlp.exe , oasrv.exe , oaui.exe
Set the exclusions in Emsisoft AM
Avast has only 2 running processes : AvastSvc.exe , avastUI.exe
We set them in EAM's "Application Rules" ( "Guard" --> "Application Rules" --> "Add new rule")
then add the full Avast folder in the EAM whitelist (Guard --> "File Guard" --> "Manage Whitelist")
Set the exclusions in Online Armor Premium
Similar to the step above, we just have to add the whole Avast folder in OAP exclusions ("Options" --> "Exclusions" --> "Add" )
Avast IS: we set it as our main AV so you can tweak it in whatever way you want,
EAM: it will be our companion AV (a role that is was designed for) by changing the file guard setting.
"Guard" --> "File Guard" --> "scan only program before they are executed"
by doing this EAM will react only if a suspicious executable/process is executed and Avast missed it, also it will reduce EAM resources usage.
OAP: since now we dont have the firewall (so no conflict with avast one) we can tweak it as we want; no special rules here, do whatever you want.
during the test of this combo, i had 3 issues on my system
1- Firefox's process (plugin-container.exe) crashed until flash player is allowed/trusted by OAP's HIPS
2- IDM crashed until Internet Explorer's process ( ielowutil.exe) was excluded in Avast Behavior Shield
3- Chrome can't install if the Avast Behavior Shield is turn on, (i didn 't found out why)
edit: Those issues were solved with Avast v8 beta
We are finish , you have to understand that this combo is only for advanced users who are paranoid or who want to play with their AVs; since some conflicts may happens (depending each system), so a very good knowledge of the OS is necessary.
- Absolute-Detection: Avast + Emsisoft + BIt Defender Engines !
- Hyper-Prevention: 2 compatible real-time scanners + 2 Behavior Blockers + 1 HIPS + 3 compatible Web Shields + 2 policy-based sandboxes + 1 full sandbox + 1 Virtual Environment
- Correct on system responsiveness for medium/high-end system
- Lot of modules/guards/tools
- Long boot-time (faster win Avast 8 beta)
- Possible softwares crashes (no more win Avast 8)
- each softwares must be tweaked properly
Thanks for reading.