Well - I've gone with avast! free 6 with Comodo Firewall installed as Firewall Only (so not using Defense+).
Seems to be the best working combination.
Just a note here:
I installed avast! free first. Then – after it was all setup and running (read below) – I first disabled all the shields permanently. Then I turned off the avast! self defence in the settings. This would then let me end the avastui.exe process via task manager. I also went to "Services" and stopped the avastsvc.exe service.
Once this was done I installed Comodo Firewall as Firewall Only then rebooted when asked.
On reboot – I then setup Comodo Firewall (described below).
Only after Comodo Firewall was setup did I re-enable the avast! shields and turn avast! self defence back on.
I have avast! on pretty much default settings (have not changed heuristics at all) except that I have:
- Selected the "Load avast! services only after loading other system services"
- Gone through the shields and selected the option to scan for potentially unwanted programs (PUP)
- Gone through the actions for the shields and made it for viruses: repair, move to chest, delete ; for PUP & Suspicious: ask, repair, move to chest
- Added comodo to exclusions under settings and file system shield
- Gone through the shields and selected the "All Packers" option
For Comodo Firewall installed as Firewall Only:
- Firewall Settings > General Settings: Set to Custom Policy and selected the options to "create rules for safe applications" and "enable IPv6 filtering"
- Firewall Settings > Alert Settings: Unticked the "this computer is an internet connection gateway" option
- Firewall Settings > Advanced: Selected "Protect ARP Cache", "Block Gratuitous ARP Frames", "Block Fragmented IP datagrams" and "Do protocol analysis"
- Ensured that, under the Network Security Policy > Application Rules, that avastsvc.exe, avastui.exe and avast.setup are "Trusted Applications".
- Opened, ran "check for updates" etc, and closed every program on my machine in order to create the rules.
- When prompted – added my network to the "Network Zone" and selected the option to allow other machines within the network to communicate with my machine.
I think doing this will allow general hassle free operation. Its the setup I plan on going with for my parents, sister and fiancee.