Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: malko on August 05, 2010, 06:44:30 PM
-
Hello
I went to the Behaviour Shield part of Avast 5. I clicked on "Show traffic history" and I see two infected items in the red part.
Now I want to see what the two infected are. I did a full scan, nothing was found. A boot time scan will be done later today.
I tried to open "Show Report File" but it says nothing there.
Thanks
-
Now I want to see what the two infected are
what did avast do with the items ?
have you checked the chest / quarantine ?
-
Yes I have checked the chest.
I just want to see what Avast caught that it says 2 infected items.
-
Unfortunately the Behaviour Shield log is worse than useless as it doesn't record detection information like the other resident shields. Why this is the case I don't know, but simply recording when it starts and stops every day, which is pretty useless other than to see if it was running.
-
Plenty of info for you on this thread (http://forum.avast.com/index.php?topic=61342.0), all of it amounting to others having experienced what you have, and wondering when it will be fixed.
-
Unfortunately the Behaviour Shield log is worse than useless as it doesn't record detection information like the other resident shields. Why this is the case I don't know, but simply recording when it starts and stops every day, which is pretty useless other than to see if it was running.
Now you can join the crowd with the rest of us in that larger thread. ;D That is why I made my last comment in that thread.
-
Well I have never had a Behaviour Shield detections, so no personal experience.
I don't have to join the crowd, I have already posted a few times in that topic.
Are there no details in the Behaviour Shields Report file ?
If not this is a failing that should be rectified in a program or engine update, so that detection information is recorded as it is in the file system shield, etc. etc.
That is what I'm dropping a hint about, the developers need to enter data into the behaviour shield report file on detection otherwise it is worse than useless.
-
I'm not quite sure if Behavior Shield is even useful at all. I've seen it checking actions and i've also got blocked actions but i have absolutely no idea what happened. Not even which process caused those blocked events, nothing. I also haven't seen a single malware getting actually blocked by it.
So either i'm observing things in a wrong way or Behavior Shield should be improved in many more ways, detection and interface wise.
-
This is the original thread that started the topic: http://forum.avast.com/index.php?topic=61342.0 (http://forum.avast.com/index.php?topic=61342.0).
That's why we're trying to make a point that the devs. need to take a look at this and make some changes to this particular shield.
-
I'm not quite sure if Behavior Shield is even useful at all. I've seen it checking actions and i've also got blocked actions but i have absolutely no idea what happened. Not even which process caused those blocked events, nothing. I also haven't seen a single malware getting actually blocked by it.
So either i'm observing things in a wrong way or Behavior Shield should be improved in many more ways, detection and interface wise.
+1
We need faith that Behavior Shield is doing something...
-
my opinion and i hate to say it,it doesnt work.
-
Excerpted from Vlk's Softpedia interview (http://news.softpedia.com/news/Softpedia-Exclusive-Interview-avast-5-140693.shtml) on May 1st, 2010...
The Behavior Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.
For now, the Behavior Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits.
With the release of v5.0.545, Vlk noted...
"Improvements in the Behavior Shield (realtime antirootkit part)"
and with the release of (current) v5.0.594, Vlk noted...
"performance improvements in the Behavior Shield"
-
and in 5.0.6xx he will probably write:
hey Behavior Shield actually works!! * improvements to Behavior Shield ;)
-
and in 5.0.6xx he will probably write:
hey Behavior Shield actually works!! * improvements to Behavior Shield ;)
Very helpful input Thanks for the post.
-
The major problem as I see it is that Behaviour can be interpreted in many ways, the same as Heuristics, but the real issue here is what is actually monitored (sensors) by the Behaviour Shield. So if the behaviour shield doesn't comply with your interpretation of what a behaviour shield would do, then you are likely to say it isn't working or isn't working as you think it should be.
The avast behaviour shield isn't like things like threatfire.
So it is still focused in these same areas Vlk mentioned before and will continue to evolve:
- avast! Behaviour Shield, general information from an interview Softpedia - Ondrej Vlcek
Ondrej Vlcek:
The Behaviour Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.
For now, the Behaviour Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits.
So the major improvements in the addition of more sensors behaviour monitoring from the above (in bold) aren't due until avast 5.1. For the most part the improvements in the new build numbers has been one of performance so they don't slow system performance (which many complained of).