Author Topic: DeepScreen & Hardened Mode in Beta 2  (Read 3962 times)

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11566
  • Gender: Male
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
    • Personal Message (Offline)
DeepScreen & Hardened Mode in Beta 2
« on: September 12, 2013, 09:32:44 PM »
Guys,

As some of you already noticed, neither DeepScreen nor Hardened Mode was really functional in the original beta 2 release. We have identified the issue now (the bug was in aswSP.sys) and actually took this opportunity to test the new "micro-update" mechanism in Avast 2014 to push out an updated version of aswSP.sys that's supposed to fix the problem.

What this means is that if you have beta 2 and DeepScreen / Hardened Mode doesn't work for you, it should now start working after the next reboot... (because the micro-update has likely been already applied, and so the changes in the aswSP driver will become effective right after the next reboot).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Online Alikhan

  • avast! Evangelist
  • Advanced Poster
  • ***
  • Posts: 1063
    • Personal Message (Online)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #1 on: September 12, 2013, 09:37:01 PM »
Ah, that explains it. I couldn't find 1 sample that would activate Deepscreen so now I know why.
Windows 7 Home Premium 64-bit • Avast Free Antivirus 9.0.2018 • MBAM Premium (latest) • Google Chrome •

Offline schmidthouse

  • VIRUS FREE A Long Time
  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 2583
  • Gender: Male
  • When you think you know, Think Again
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #2 on: September 13, 2013, 12:17:31 AM »
Ah, Nice. :)
**W8.1.1PRO 64Bit
*  xpSP3 PRO 32 Bit
Do not confuse kindness for weakness

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #3 on: September 14, 2013, 04:14:59 PM »
Thanks Vlk and now I am already able to trigger deepscreen detections  8)

Offline spywar

  • Malware Hunter
  • Poster
  • *
  • Posts: 411
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #4 on: September 14, 2013, 04:44:44 PM »
Thanks  ;D

Offline Lord Ami

  • avast! translator
  • Full Member
  • ***
  • Posts: 156
  • Gender: Male
    • My site
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #5 on: September 14, 2013, 04:45:30 PM »
With Hardened mode set to Agressive, I got the proper alert with autosandboxme2.exe but it still opened the window named Status (Success: Sandbox....". Is this normal, or with which file we can test it?

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11566
  • Gender: Male
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #6 on: September 14, 2013, 11:55:02 PM »
With Hardened mode set to Agressive, I got the proper alert with autosandboxme2.exe but it still opened the window named Status (Success: Sandbox....". Is this normal, or with which file we can test it?

Yes this is normal, because we don't actually block the autosandboxme2.exe executable itself, but another executable (called autosandboxme2.exa) that autosandboxme2.exe extracts and runs... so it doesn't block the whole thing, just a part of it.

We will likely prepare another set of test utilities that will be better suited for DeepScreen and Hardened Mode testing.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 728
  • Gender: Male
  • A Good Old Indian!
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #7 on: September 15, 2013, 03:43:57 AM »
Vlk,does this mean avast will now be able to do analysis with the 2 technologies as you mentioned before or that will be further in the beta cycle?

Thanks!

Offline RejZoR

  • Polymorphic Sheep
  • Starting Graphoman
  • *****
  • Posts: 7811
  • Gender: Male
  • We are supersheep, resistance is futile!
    • RejZoR's little secrets
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #8 on: September 15, 2013, 04:44:16 AM »
It would be nice if you could remove the "Add to exclusions" button on the Hardened Mode popup without strictly locking up the avast! with password.
For example i want to use Hardened Mode on my sister's laptop, but i don't want to password protect avast! because there is no need to, but i don't want her to add the file to exclusion by mistake (sort of).

So, if everything remains as it is, just add a control to disable or enable "Add to exclusion" option on the Hardened Mode popup.

Offline Justin_22

  • avast! Evangelist
  • Poster
  • ***
  • Posts: 447
  • Free your soul and let it fly
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #9 on: September 15, 2013, 05:29:13 AM »
With Hardened mode set to Agressive, I got the proper alert with autosandboxme2.exe but it still opened the window named Status (Success: Sandbox....". Is this normal, or with which file we can test it?

Yes this is normal, because we don't actually block the autosandboxme2.exe executable itself, but another executable (called autosandboxme2.exa) that autosandboxme2.exe extracts and runs... so it doesn't block the whole thing, just a part of it.

We will likely prepare another set of test utilities that will be better suited for DeepScreen and Hardened Mode testing.

Thanks
Vlk

Does it work this way for all files? Or just files like autosandboxme2.exe?

For example if i way to run aaa.exe would it block that file or just aaa.exa (if that is how the file were to work?

And i believe rejzor has a nice idea in the idea of a switch to add or remove the exclude button. The way they are on the popup could cause some accidental clicks of exclude.
Avast!  2014 beta - Sandboxie - K9 Web Protection

Offline RealNature

  • Poster
  • *
  • Posts: 419
  • Gender: Male
  • Nothing without GOD
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #10 on: September 15, 2013, 01:36:29 PM »
It would be nice if you could remove the "Add to exclusions" button on the Hardened Mode popup without strictly locking up the avast! with password.
For example i want to use Hardened Mode on my sister's laptop, but i don't want to password protect avast! because there is no need to, but i don't want her to add the file to exclusion by mistake (sort of).

So, if everything remains as it is, just add a control to disable or enable "Add to exclusion" option on the Hardened Mode popup.
+1000 to that. This is a good option even for us advanced users.
AsusK53U, W7 Sp1 HP, WFW, Avast free, Malwarebytes free.
"When the power of love overcomes the love of power, the world will know peace".

Offline Para-Noid

  • avast! Evangelist
  • Ultra Poster
  • ***
  • Posts: 4501
  • Gender: Male
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #11 on: September 15, 2013, 08:30:43 PM »
We will likely prepare another set of test utilities that will be better suited for DeepScreen and Hardened Mode testing.
Thanks vlk!

This is what I've been hoping for.
Dell Inspiron, Win7x64 SP1, Pentium Dual-Core, 6 GB Ram, Avast Free 2014.9.0.2018, Comodo Firewall 5.12 w/D+, MalwareBytes Premium 2.0, MCShield, Super Anti-Spyware Free, SpywareBlaster, Bitdefender TrafficLight, OpenDNS Premium, Keyscrambler Personal,  PrivDog. CCleaner, Greenshot, Firefox (latest build) and, Google Chrome (latest build).

When you do something, do it with a purpose and do it on purpose.

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #12 on: September 15, 2013, 09:36:13 PM »
We will likely prepare another set of test utilities that will be better suited for DeepScreen and Hardened Mode testing.
Good.
I've tested some AutoIt tools and seems the detection has improved, less false positives.
The best things in life are free.

Offline RejZoR

  • Polymorphic Sheep
  • Starting Graphoman
  • *****
  • Posts: 7811
  • Gender: Male
  • We are supersheep, resistance is futile!
    • RejZoR's little secrets
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #13 on: September 15, 2013, 09:53:55 PM »
Best way to test DeepScreen and Hardened Mode activation is program "LockNote". Due to its nature of operation, it modifies itself on every execution and thus activates DeepScreen every single time. It's not meant for this, but i found it as an effective tool to test avast! Autosandbox/DeepScreen.

Offline Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64880
  • Gender: Male
    • Personal Message (Offline)
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #14 on: September 16, 2013, 11:34:52 AM »
Well, running LockNote more than once, nothing is shown as being DeepScreened right now. Is it working in the actual beta?
The best things in life are free.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now