Tyler

OA++ Antivirus Question

Recommended Posts

Hi everyone,

Recently I wanna give OA++ a try. But I used to use OA Premium with a Avira Personal a lot, having no idea about the Antivirus part of OA++.

There are 2 questions I wanna know for the time being. They are:

1. Do the Antivirus have realtime protection or they are just two scanning engines merged with OA?

2. How to exclude a file that I trust in the Antivirus part? Option - exclusion seems to only exclude a folder and it's a function part of OA firewall as I know.

Any help will be appreciated. Thank you in advance. ;)

Best regards,

Tyler

Share this post


Link to post
Share on other sites

1. Do the Antivirus have realtime protection or they are just two scanning engines merged with OA?

OA ++ integrates the Emsisoft and Ikarus scanning engines into it's HIPS to scan Unknown programs when they try to run to help ensure that they are not malicious. It doesn't scan files on read/write/access etc, like a traditional AV does so it doesn't flag infected files that aren't able to be executed (because they have to be executed to do any damage). On demand or scheduled scans will however flag non-executable files that are infected.

2. How to exclude a file that I trust in the Antivirus part? Option - exclusion seems to only exclude a folder and it's a function part of OA firewall as I know.

Trusting the program in question will stop it being flagged as infected.

You can read more about the Antivirus in OA ++ here :)http://www.online-armor.com/webhelp3/Antivirus.htm

Share this post


Link to post
Share on other sites

Hi catprincess,

Thank you for your reply. :P Here is one more quesiton: Do I need another Ativirus with realtime protection if I already have OA++? Any known conflicts I should be aware of?

Best regards,

Tyler

Share this post


Link to post
Share on other sites

Hi catprincess,

Thank you for your reply. :P Here is one more quesiton: Do I need another Ativirus with realtime protection if I already have OA++? Any known conflicts I should be aware of?

Best regards,

Tyler

Never have two AVs (or two FWs) as real time protection. It's a recipe for disaster.

If you use OA++ that's everything you will need.

You can have as many on-demand scanners as you'd like: Malwarebytes, HitmanPro and so forth ... as long they are on-demand.

Regards,

Jose.

Share this post


Link to post
Share on other sites

Do I need another Ativirus with realtime protection if I already have OA++? Any known conflicts I should be aware of?

As per this page http://www.online-armor.com/webhelp3/Antivirus.htm of the webhelp :):

Note: While you do not need to use an antivirus program with Online Armor ++ to keep your system free of infection' date=' you still have the option to do so. Because of how Online Armor ++ incorporates the Emsisoft/Ikarus engine, Online Armor ++ is still compatible with third-party antivirus and other anti-malware scanners.[/quote']

I did notice elsewhere the discussuon about OA and Unicode support. What was discussed there also applies to the AV; I'm unsure if that's important to you or not but thought I should mention it :)

Share this post


Link to post
Share on other sites

Hi catprincess,

Thank you for your details.

I did notice elsewhere the discussuon about OA and Unicode support. What was discussed there also applies to the AV; I'm unsure if that's important to you or not but thought I should mention it

It's important to the people who do not use English that often. And it's important to me, 'cause I can download files which are named with Chinese or other Asian languages, whatever, without even noticing. And when I run them, I do expect OA to do some magic, but Unicode problem will not let it do so.

Best regards,

Tyler

Share this post


Link to post
Share on other sites

Unfortunately, OA++ may not be the best choice for you then, if you are using a language that has Unicode characters. Hopefully support for Unicode will come at some point in the future :), but I'm not aware of an expected timeline for this.

Share this post


Link to post
Share on other sites

I have a question that I think fits in here, rather than starting a new thread.

Is there any advantage in getting Emisoft Anti-Malware to complement OA rather than just getting OA++?

I just spent several hours reading through the Anti-Malware Tutorial and through the OA++ Antivirus section and I am not sure if I would be better off getting Anti-Malware as a standalone product with OA.

I couldn't find any mention of Anti-Malware scanning email attachments as they are downloaded or scanning web traffic to see if it contains something nasty trying to reach your browser.

Any info would be great.

Share this post


Link to post
Share on other sites
...I couldn't find any mention of Anti-Malware scanning email attachments as they are downloaded or scanning web traffic to see if it contains something nasty trying to reach your browser...
Hi Jorg,

1st, scanning e-mails/attachments and monitoring web traffic are different areas

EAM does not control web traffic. Its Surf protection will block potentially dangerous sites.

Other than that EAM's Behavioural Blocker (BB) will kick in if anything will try to execute without your knowledge and found being suspicious.

As for e-mails – EAM does not scan that in real-time, which is good since that is a potentially dangerous procedure, which can damage whole e-mails storage. That feature has to be disabled in any AV solution. Please find may articles written by experts out there regarding the matter.

Scanning attachments is useless waste of time. Just download attachments into dedicated storage.

Update EAM and scan before opening. Any AV will give you an answer only according its current knowledge (signatures and/or heuristic algorithm) no more than that, which is never 100% bullet proof anyway.

{added} actually I forgot to tell that there are new "onAccess" scanning features in v5 in FileGuard, which will do the job, if you want (scan files "...when they are created or modified" & "...when they are read")

Then, if you are trying to execute something BB will play its role again that is strengthen the security and the detection regarding unknown “zero-day” threats.

Otherwise, if the downloads are stopped, basically you never know whether the detection was genuine or FP. When the downloaded files are already on your hard drive you have a chance to check and investigate. As a mater of fact you can use multiple on-demand scanners as well for doing that

My regards

Share this post


Link to post
Share on other sites

Thanks Lynx for the excellent reply. What you explained makes perfect sense.

The only question that is still left unanswered is do I need EAM for this functionality, or does OA++ do the same thing, as it contains the same engine? Please bear in mind I already have an OA license, thus my decision is to buy EAM in addition to my existing license or to upgrade the OA to OA++.

Thanks for your help :)

Share this post


Link to post
Share on other sites

Hi Jorg,

Knowing that you come from KAV as your AV (due to your other thread), and reading between the lines you seem to be a bit uncomfortable with a web filter not being part of OA++ nor EAM - i would like to mention that you also have another option.

And that would be running OA++ and a program like Sandboxie, where you force your browser to run sandboxed (ie. isolated from the rest of your system).

I know a lot of people here are big fans of Sandboxie.

This would run very light on your machine.

You already know the performance of OA and would then top it with the dual AV engine in OA++ also found in EAM.

Personally, i rely on OA++ to take care of everything.

But thought i would make you aware of another option (or add to your confusion :lol: )

Martin

Share this post


Link to post
Share on other sites

Hi Martin,

I must admit that some of my fear is based on not knowing how these new products work, and what they consider a new program.

If a website downloaded some unwanted java, would the downloaded code be scanned once it was tried to be executed (by EAM or OA++), or would the fact that the java runtime has not changed and has been trusted allow any web based scripts to be happily run without further scanning? The same question would arise from word macros. Once MS Word has been scanned as safe, could a nasty .doc document wreak havoc because the actual executable has not changed?

It is those things that cause me to worry a little bit, as KAV had intercepted malicious code on web pages in the past where I had inadvertently followed an interesting link to the wrong place and had appeared to have been rescued from a fate worse than death by KAV's vigilance. I can't recall if that code was java, js or activeX, but it was trapped before it was executed by a trusted process like Chrome.

I am still curious if EAM offers anything on top of OA++ that would warrant having EAM + OA rather than just OA++, or if I am better off with OA++ and Sandboxie.

Actually, the other fear is that when I search the web for "antivirus comparisons" or "antivirus top 10", I have never ever seen anyone compare EAM against any of the other popular names. Maybe that is because I don't look for german language sites, but it gives the impression that EAM is not a well known product on the global market. I had always imagined that large companies have 10 000+ virus technicians sitting at the computers around the clock investigating all the code snippets sent to them to identify and defeat new viruses and send out hourly updates whereas the smaller companies have 2 guys going through a backlog of potential viruses dating back to the early 90's. Well, maybe not quite that bad, but having a large staff actively identifying and defeating new threats has to be more timely than a small staffed company.

So do the AV companies share the virus signatures so that they don't all have to identify the same virus or are small companies at a serious disadvantage when it comes to protecting their customers from new threats?

As my highest priority is a great firewall, and having found nothing that comes even close to OA, it is definitely the product that stays, the only question is what is going to replace KAV as they don't seem to happily work together on my Windows 7 64 bit.

Share this post


Link to post
Share on other sites

Well OA does have script protection, but (as i recall) will not scan a script since Java runtime etc. will be trusted - and this is what you where concerned about.

On the other hand - should this script try to alter anything on your system or try to download and install something nasty, then OA will react.

A HIPS prompt if something is tried to be changed in your system and a HIPS prompt with an AV scan if something was tried to be installed.

About if EAM has anything more to offer then OA++, yes it does.

If you like to tweak your AV, then there is many more knobs to turn in EAM and you will have the option to scan on-access instead of on-execution.

Properly the OA+EAM combo is closest to the setup you are used to.

OA++ (and perhaps Sandboxie) will require that you change some habits and do some background reading on them.

Martin

Share this post


Link to post
Share on other sites

Thanks again Martin.

I am downloading EAM as I am typing this and will give it a go. I guess I have 30 days to work out if I am satisfied, and I have a system image that I can restore to from a CD boot if all goes wrong ;)

Share this post


Link to post
Share on other sites

Sounds like a wise decision, Jorg.

Remember to exclude OA in EAM and vice versa.

And since you are accustom to how OA's HIPS works, you might consider disabling the behavior blocker in EAM.

Martin.

Share this post


Link to post
Share on other sites
Remember to exclude OA in EAM and vice versa.

Does it really make sense to exclude the whole Online Armor directory in EAM? If some maleware would copy itself there it wouldn't get detected by EAM.

So since I'm using the same combination: What do you recommend to exclude in OA and what in EAM?

Share this post


Link to post
Share on other sites

Hi Pilis,

1st the question was about OA++ in the 1st place & I as can see it - that's important.

EAM by itself is a full fledged AV solution. Plus it has other additional layers of security: Behavioral Blocker (BB) and Surf Protection

It is always (almost in all cases) necessary to mutually exclude other security having similar or alike functionality irrespectively in order to avoid conflicts / system clashes / and preserving the performance of your system, which is not the last thing to think about

As for AV (meaning the one in OA++ and in EAM) - you definitely don't need both for sure.

note: that's not a matter of exclusion - that would be just redundant.

Does it really make sense to exclude

Yes but again keep in mind what was discussed above re: just OA and HIPS and/or (++) flaivour
... If some maleware would copy itself there it wouldn't get detected by EAM...
That message is not clear at all at least for me

1) Why would malware "copy itself" "there"?

That is not the main point in any case, including the fact that there is a self-protection feature(s) in place;

2) The aim of mutual exclusion was described here and in many other threads of the past.

That is about "not monitoring each other", which can cause performance degradation & conflicts. All other functionality of any layers of security are in place

3) Exclusions are different re: scanning / HIPS / BB / etc. You have to go through the settings of any security in place in order to do that ... but again that is not a matter of reducing security level

My regards

Share this post


Link to post
Share on other sites

So let me rephrase my question: What exactly should I exclude to exclude each other when I use "Online Armor Premium Firewall v4.5.1.431" together with "Emsisoft Anti-Malware v5.1.0.4"?

Is your recommendation like the following?

Anti-Malware:

- Menu --> Configuration --> Guard --> File Guard --> Manage whitelist

- choose "Folder" as Type, for Item the installation folder of Online Armor "C:\Program Files (x86)\Online Armor" and checking "Scanner", "File Guard" and "Behaviour Guard"

- press OK to finish

Online Armor:

- Main Menu --> Options --> Exclusions

- press "Add" and choose the installation folder of Anti-Malware "C:\Program Files (x86)\Emsisoft Anti-Malware\"

- check "Include Subfolders"

Share this post


Link to post
Share on other sites

Hi Pilis,

As for the EAM - Yes

Regarding the OA the experts here will add and correct me, but basically - Yes again

Options > Exclusions Tab

This tab allows you to specify folders that will not be monitored by Online Armor in any way, preventing pop-ups or restrictions of any kind by Online Armor for the programs within the specified folders

Plus make sure that EAM modules are in the Trusted Programs List

a side note: all said above should work & "ease a tension" so to speak.

At the same time, you should be aware of some additional issues - excluding whole directories / main modules / etc. from being scanned & monitored does not mean that all processes are excluded. That can be fine tuned further.

That's not a trivial stuff though - that's a matter of experience and knowing the Software deeply.

What I mean is - the Parent process can create as many Child processes as needed for the Software functionality

Those child processes still will be scanned/monitored. The sources may not necessarily reside in the main base installation directory, which you've excluded. Say, some executable was invoked from \system(xx)\.... That will be scanned / monitored

The implementation from the programming point of view can be different. Some security will not monitor such child processes as well. Others will not bother to check that at all, therefore all child processes are not excluded.

As an example, Avira will include child processes as being not monitored, but... there is a limit - just 20 of those.

Well, that is not needed usually, since the main rules applied will do pretty much decent job...

... but there are different circumstance and different kind of users. So, if you want that - just keep that in mind

Cheers!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.