Tuesday, April 9, 2013

[Umbra's Impossible Combos] Avast IS + Emsisoft IS


HI guys,

For the elder members here, they know i am a "combo-scientist"  , i like to test various combos that were not supposed to be or not known to be possible.

last week, i did i review of Avast IS but i felt lazy to uninstall Emsisoft IS so i decided to see if both could run alongside each other; so there is my result.


What you need

Check my reviews below to understand how they works:


Avast Internet Security

Emsisoft Anti-Malware

Online Armor Premium



What you have to do

1-  Install Emsisoft AM

2- install Online Armor Premium

3- uninstall OAP firewall via the configuration button, OAP will uninstall its firewall completely then reboot. by doing this we keep all the other modules of OAP especially the powerful HIPS



4- turn off Emsisoft AM guards

5- Install Avast IS (all modules), reboot.

6- Turn on EAM guards

after all those step done, we reboot and then we can tweak the apps.


Set the exclusions in Avast

Avast has a lot of modules , so we have to set EAM + OAP running processes in Avast exclusions:

We put Emsisoft processes/folders in every Avast exclusions tab available  including File system Shield, Behavior Blocker, Sandbox, auto-sandbox, basic settings.

EAM processes : a2service.exe , a2guard.exe , a2start.exe
OAP processes: oacat.exe , oahlp.exe , oasrv.exe , oaui.exe


Set the exclusions in Emsisoft AM

Avast has only 2 running processes : AvastSvc.exe , avastUI.exe

We set them in EAM's "Application Rules" ( "Guard" --> "Application Rules" --> "Add new rule")

then add the full Avast folder in the EAM whitelist (Guard --> "File Guard" --> "Manage Whitelist")


Set the exclusions in Online Armor Premium

Similar to the step above, we just have to add the whole Avast folder in OAP exclusions ("Options" --> "Exclusions" --> "Add" )



Tweaks

Avast IS:  we set it as our main AV so you can tweak it in whatever way you want,

EAM:  it will be our companion AV (a role that is was designed for) by changing the file guard setting.

"Guard" --> "File Guard" --> "scan only program before they are executed"

by doing this EAM will react only if a suspicious executable/process is executed and Avast missed it, also it will reduce EAM resources usage.

OAP:  since now we dont have the firewall (so no conflict with avast one) we can tweak it as we want; no special rules here, do whatever you want.


Possible Conflicts/bugs

during the test of this combo, i had 3 issues on my system

1- Firefox's process (plugin-container.exe) crashed until flash player is allowed/trusted by OAP's HIPS

2- IDM crashed until Internet Explorer's process ( ielowutil.exe) was excluded in Avast Behavior Shield

3- Chrome can't install if the Avast Behavior Shield is turn on, (i didn 't found out why)

edit: Those issues were solved with Avast v8 beta



Final Notes


We are finish , you have to understand that this combo is only for advanced users who are paranoid or who want to play with their AVs; since some conflicts may happens (depending each system), so a very good knowledge of the OS is necessary.


PROS


- Absolute-Detection: Avast + Emsisoft + BIt Defender Engines !
- Hyper-Prevention: 2 compatible real-time scanners + 2 Behavior Blockers + 1 HIPS + 3 compatible Web Shields + 2 policy-based sandboxes +  1 full sandbox + 1 Virtual Environment
- Correct on system responsiveness for medium/high-end system
- Lot of modules/guards/tools


CONS


- Long boot-time (faster win Avast 8 beta)
- Possible softwares crashes (no more win Avast 8)
- Pricey
- each softwares must be tweaked properly



Thanks for reading.

No comments:

Post a Comment