14 DAY TRIAL // Ad-Watch has turned Live in this year's Ad-Aware. It no longer loads as a separate application, it integrates perfectly in the interface and it provides real-time safeguarding thanks to the behavior-based heuristics. This means that it can pinpoint malware based on its behavior and even if there is no definition in the database.
The built-in module is available for all three versions of Ad-Aware but the cheaper editions come with limited functionality. Thus for the Free version it will only detect and block malicious processes and infected programs that try to start or run on your computer. For Ad-Aware Plus the developer threw in an advanced Ad-Watch that, besides processes and infected programs, also covers the registry.
The areas it protects are Windows Registry, processes and network. Clicking on the Ad-Watch menu button provides a set of details such as the security state for each of them and statistics with latest detect processes, accessed registry areas and latest blocked IPs so you can see all of them in a glance.
From this window you can edit the rules for every item displayed. In the case of registry entries you can be alerted every time a process accesses the registry or you can set up rules for a more comfortable management of the alerts. A closer look lets you make your choice for each individual registry area affected. The three options available are Inform, Allow and Block.
With network permissions it's almost the same deal and the differences are minor. In this case you are given the IP to be blocked (it would be nice to see the domain too), the latest application accessing it and, of course, the actions to be taken by default, which are Allow and Block. This is because Ad-Watch automatically informs you of the blocking of the IP.
As for the process rules, things are pretty simple as well. Ad-Watch will intercept a malicious process trying to start on the system and block it by default. The detection is made with the aid of heuristics and the list of definitions. When a malevolent process is spotted in the rules window you will get details such as TAI level (Threat Analysis Index), action, family it pertains to and how it was detected, therefore you can take an informed decision about blocking or allowing it.
For a more comfortable use of all the alerts Ad-Watch can be configured to skip user notification and handle all detected events based on the set rules. Of course, if you want to be informed of the detections you can set it up to display notifications at every detection.
Regarding the modules of Ad-Watch, these can also be enabled or disabled by choice and for the detection of malware both spyware heuristics and the built-in anti-virus engine with its behavior-based detection (Mild, Medium and Strict) work. Giving up one of the Ad-Watch modules can be done from the appropriate Settings window by ticking off the desired components or, easier, directly from the Ad-Watch menu. Suffice it to click on the module's icon and it will automatically be turned on or off.
Testing Ad-Watch's reflexes at spotting registry changes resulted in good detection capabilities. But when it comes to network protection a complete haze surrounds the feature. The function is supposed to block access to blacklisted IPs but there is no documentation about banned addresses so you don't really know why a certain IP is blocked.
One of the pitfalls Ad-Watch comes with is its inability to review files that are copied from one place to another or downloaded items. So from this point of view there is little reliance on Ad-Aware. Otherwise the application does a great job alerting whenever there is a new addition to the Registry. What it actually does for your protection is suspend the process so no change can occur unless you allow it.
The Good
Each constituent of the tool can be enabled or disabled with a single click on its icon in Ad-Watch's window. For detected items you have the final say and for a more comfortable management of the actions the access rights to different targeted registry areas can be edited and changed.
The Process Rules window provides the Threat Analysis Index so that you can take an informed decision on blocking or letting it through.
The Bad
You are not given the chance to add your own processes and set your own rules for them before Ad-Watch picks them up and pops up the alert.
The Truth
It does a good job with alerting you on processes trying to make registry changes and blocks access to Lavasoft blacklisted IPs automatically but it gives the possibility to change permissions at any time.
