Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: naren17 on January 01, 2011, 01:07:40 PM

Title: Behaviour Shield
Post by: naren17 on January 01, 2011, 01:07:40 PM
Whats the use of Behaviour Shield if the action is set to allow??? How BS will protect???

Thanxx
Naren
Title: Re: Behaviour Shield
Post by: Tenko on January 01, 2011, 01:12:08 PM
hey and warm welcome to avast forum!

Since BS (behavior shield) is not complete it wont give that much of additional protection. If you want to get alters I recommend you to put it on ask; it will maybe increase the chances of stopping a malware.

I think if you have it on ask and you try to install Malwarebytes it will give ask you if you want to allow the installation.

Enjoy your stay

Regards,
              Tenko
Title: Re: Behaviour Shield
Post by: Vlk on January 01, 2011, 01:20:47 PM
If you set it to Ask, it will alert you a supicious behavior is detected, with the ability to take actions accordingly.

As I already said in one of the other threads:

The Behavior Shield works only in "passive mode", which means that the new sensors will be active but won't be stopping the attacks, just reporting them to our backend infrastructure (unless you have opted out from the avast! community membership). This is to allow us to collect enough data before enabling the protective layers in Q1 2011.

Thanks
Vlk
Title: Re: Behaviour Shield
Post by: spg SCOTT on January 01, 2011, 01:25:14 PM
Vlk,

On one system I have it set on ask, and I have had a few popups. I presume you still get info for the behavior shield when set like this?

The main one I get is when an application tries to connect to the internet, and uses a reg key to do that. With so many applications that do this (as well as malware I understand) will the allowed applications be taken into account as you improve the behavior shield?

Scott
Title: Re: Behaviour Shield
Post by: Lisandro on January 01, 2011, 01:48:24 PM
I presume you still get info for the behavior shield when set like this?
Will the allowed applications be taken into account as you improve the behavior shield?
Scott, I think so.
If not, really, it will be stupid imho.
Title: Re: Behaviour Shield
Post by: RejZoR on January 01, 2011, 01:57:45 PM
Yes, that's why it's set to Allow. It lets everything through for now, but logs all the programs and actions and submits this info to CommunityIQ for further analysis. I'm guessing this is just a preparation for avast! 6.x where it will be set to Block mode by default. Or at least Ask.
Title: Re: Behaviour Shield
Post by: naren17 on January 01, 2011, 01:59:00 PM
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

Thanxx
Naren
Title: Re: Behaviour Shield
Post by: Hexo on January 01, 2011, 02:03:37 PM
Is there a way to test the Behavior Shield?
Title: Re: Behaviour Shield
Post by: Tenko on January 01, 2011, 02:13:56 PM
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

Thanxx
Naren

FP is better than an infection. That's just my opinion.

Take care! :)
Title: Re: Behaviour Shield
Post by: Vlk on January 01, 2011, 02:22:27 PM
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.

Thanks
Vlk
Title: Re: Behaviour Shield
Post by: RejZoR on January 01, 2011, 02:24:15 PM
Is there a way to test the Behavior Shield?


Only way to do that is to use Behavior Shield as the only provider and simply execute programs and malware. Of course in a strictly controlled and isolated environment like VMWare Player...
Title: Re: Behaviour Shield
Post by: naren17 on January 01, 2011, 02:36:45 PM
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.

Thanks
Vlk

So I guess currently its like a light HIPS which asks to allow/block the app in question. BS should only popup when it detects malicious behaviour & not for every apps to ask allow/block like HIPS. Hope when BS is fully functional it will act like a BB & not HIPS, especially when Avast has always implemented the changes in their softwares keeping in mind the majority i.e average users.

Thanxx
Naren
Title: Re: Behaviour Shield
Post by: Vlk on January 01, 2011, 02:48:40 PM
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.


So I guess currently its like a light HIPS which asks to allow/block the app in question. BS should only popup when it detects malicious behaviour & not for every apps to ask allow/block like HIPS. Hope when BS is fully functional it will act like a BB & not HIPS, especially when Avast has always implemented the changes in their softwares keeping in mind the majority i.e average users.

It's not like a HIPS even now... Set it to Auto and you'll see...
On a typical system, it doesn't really ask anything at all.


Thanks
Vlk

Title: Re: Behaviour Shield
Post by: naren17 on January 01, 2011, 02:54:35 PM
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.


So I guess currently its like a light HIPS which asks to allow/block the app in question. BS should only popup when it detects malicious behaviour & not for every apps to ask allow/block like HIPS. Hope when BS is fully functional it will act like a BB & not HIPS, especially when Avast has always implemented the changes in their softwares keeping in mind the majority i.e average users.

It's not like a HIPS even now... Set it to Auto and you'll see...
On a typical system, it doesn't really ask anything at all.


Thanks
Vlk



Set it to auto means the default allow, right??

Thanxx
naren
Title: Re: Behaviour Shield
Post by: spg SCOTT on January 01, 2011, 02:55:57 PM
I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.

Thanks
Vlk

I have had a few, mostly from trying to connect to the internet (e.g. hitting F1 for help) I have added some to the trusted list.
Title: Re: Behaviour Shield
Post by: Lisandro on January 01, 2011, 03:01:15 PM
I guess now setting it to ask will give lots of FP's i.e number of popups.
Well, not that many indeed. Few.

Set it to auto means the default allow, right??
Well, there is not auto right now. There are ask, block and allow.
But I think I understand what you're asking. Default right now is passive, allow all.
Title: Re: Behaviour Shield
Post by: Vlk on January 01, 2011, 03:07:20 PM
I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.

Thanks
Vlk

I have had a few, mostly from trying to connect to the internet (e.g. hitting F1 for help) I have added some to the trusted list.


Is this from the release version, or from a previous beta?


Thanks
Vlk
Title: Re: Behaviour Shield
Post by: naren17 on January 01, 2011, 03:07:39 PM
I guess now setting it to ask will give lots of FP's i.e number of popups.
Well, not that many indeed. Few.

Set it to auto means the default allow, right??
Well, there is not auto right now. There are ask, block and allow.
But I think I understand what you're asking. Default right now is passive, allow all.

Well Vlk mentioned auto thats why I asked.

Thanxx
Naren
Title: Re: Behaviour Shield
Post by: spg SCOTT on January 01, 2011, 03:11:14 PM

Is this from the release version, or from a previous beta?


Thanks
Vlk
The beta versions (I installed over) but I did delete a couple, and they still gave an alert. Should I try deleting them all and see which ones give the alert again
Title: Re: Behaviour Shield
Post by: Vlk on January 01, 2011, 03:13:58 PM
I think just for the sake of understanding the situation, it would be useful.

Thanks
Vlk
Title: Re: Behaviour Shield
Post by: Lisandro on January 01, 2011, 03:14:51 PM
Should I try deleting them all and see which ones give the alert again
I think you can. I've done it :)
Title: Re: Behaviour Shield
Post by: spg SCOTT on January 01, 2011, 03:26:18 PM
Geany, Pidgin, and Thunderbird so far have generated an alert. Happens when I hit F1 for help.

All were alerts on
Code: [Select]
01/01/2011 14:22:39 Modification of: \REGISTRY\USER\S-1-5-21-749254142-602152416-2417861921-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
EDIT: and evernote
Title: Re: Behaviour Shield
Post by: Hexo on January 01, 2011, 04:04:54 PM
Mhh.
I have reinstall avast! because i missed the "sandbox icon (@)" in the browser while the browser is virtualized.
After the reinstall the Behaviour Shield scanned nothing more (see screenshot).
Before i reinstalled it, the Behavior Shield scanned about 17 files.

I think it´s not working correct on my main PC.