[Guide] avast! Proactive Protection

[Lisandro]

About OCX extension, won't it block Windows Updates?

[greenhatch]

Yes, if you UNCHECK all checkboxes in Blocker page you will DISABLE Behaviour Blocker. Checking just one of them will enable it with certain degree of protection.
Formatting protection is hovever the most non intrusive setting and should always be checked.

Ok I enabled the default Blocker and ticked the 1st and 4th options. Amusingly, the first Trillian message that I received from a buddy got a Writing alert! I allowed it and it was just a straightforward message in text format, hardly needing to be blocked. Does that not sound strange?

[ardvark]

Hi RejZoR...

I'm missing something....do you have the Professional version?
On my "On-Access Scanner" window, I only have two choices for the sensitivity level, Normal and high. How do you get custom?

Best Regards...

[emy80]

Yes, if you UNCHECK all checkboxes in Blocker page you will DISABLE Behaviour Blocker. Checking just one of them will enable it with certain degree of protection.
Formatting protection is hovever the most non intrusive setting and should always be checked.

Ok I enabled the default Blocker and ticked the 1st and 4th options. Amusingly, the first Trillian message that I received from a buddy got a Writing alert! I allowed it and it was just a straightforward message in text format, hardly needing to be blocked. Does that not sound strange?

hi! since I use Trillian as well, what does it meas? That everytime you recive a message you'll get a warning? Or was that an attached txt file you friends was sending you? Thanks

[greenhatch]

It was just an ordinary message containing type, nothing else; that's why the alert seemed so strange. Unfortunately I failed to screenshot it before I allowed it   My messager was a girl I wouldn't keep waiting

[emy80]

It was just an ordinary message containing type, nothing else; that's why the alert seemed so strange. Unfortunately I failed to screenshot it before I allowed it   My messager was a girl I wouldn't keep waiting

sorry...what do you mean containing type. that she did a copy and paste from a txt file to a trillian message? Did the warning stopped after you gave the ok? I don't want to get too many pop outs when i chat. that's why i'm asking. Sorry.

[Lisandro]

On my "On-Access Scanner" window, I only have two choices for the sensitivity level, Normal and high. How do you get custom?

Isn't just clicking the buttom Customize at left?
Did you click the buttom 'Details' in the first window of the avast! settings and you're seeing all providers or not?

[greenhatch]

It was just an ordinary message containing type, nothing else; that's why the alert seemed so strange. Unfortunately I failed to screenshot it before I allowed it   My messager was a girl I wouldn't keep waiting

sorry...what do you mean containing type. that she did a copy and paste from a txt file to a trillian message? Did the warning stopped after you gave the ok? I don't want to get too many pop outs when i chat. that's why i'm asking. Sorry.

It was just a message like 'goodnight, it's late here'.

[emy80]

It was just a message like 'goodnight, it's late here'.

that's strange. Well...I'll guess I'll see what will happen the next time i'll use Trillian. Thanks

[RejZoR]

Well i don't know why would Trillian need to write into any of the listed filetypes. They are all possibly malicious. Tell us what exactly says on the warning message or or simply make a screenshot of it.

Also please read the guide regarding Detailed view. It's written there from the beginning, you just have to read it.

OCX blocking will block ActiveX stuff only at install point and will not obstruct it while using it. WIndows Update will work as usual once it's installed.

[ardvark]

Ok, Let's try this again....

Hi RejZoR...

I'm missing something....do you have the Professional version?
On my "On-Access Scanner" window, I only have two choices for the sensitivity level, Normal and high. How do you get custom?

Best Regards...

[DavidR]

It is there for all providers mentioned in this thread, however, if you don't expand the information displayed you won't see it.

Click on the Details... >> button to expand.

[DaveD]

RejZoR,

For the Internet Mail provider proactive detections (regarding mass mailing worms specifically) you can also add additional ports to the avast4.ini file to cover other common e-mail ports.

Example:

[MailScanner]
PopRedirectPort=110,995
SmtpRedirectPort=25,587

I don't know if there are any additional ports that would be useful to add or not, or if any worms can use encrypted ports or not but I just thought of this so decided to post it anyways just in case it could be of any use.

Very knowledgeable and professional directions, by the way.

Edit: I wonder if it is possible to add those additional ports through the GUI on the Redirect tab, as opposed to modifying the avast4.ini file?

Cheers,
Dave

[Lisandro]

Edit: I wonder if it is possible to add those additional ports through the GUI on the Redirect tab, as opposed to modifying the avast4.ini file?

If fact, it will be better to add them by the GUI.
To change some parts of the avast4.ini file, it's necessary to stop the providers, make the changes, save the file, start the providers again.
On contrary, when you shutdown the computer, the non-changed settings at GUI will be saved over the avast4.ini file... 

[alanrf]

For the Internet Mail provider proactive detections (regarding mass mailing worms specifically) you can also add additional ports to the avast4.ini file to cover other common e-mail ports.

Example:

[MailScanner]
PopRedirectPort=110,995
SmtpRedirectPort=25,587

A word of warning on this recommendation (and Tech's very sensible suggestion that changes be made via the GUI).

If you are a user of a secure SMTP service - such as GMail using port 587 - then this recommendation will cause avast to prevent creation of a secure session.  This recommendation should come with a warning that it be used by those not really trying to use the port.