Author Topic: DeepScreen & Hardened Mode in Beta 2  (Read 5227 times)

0 Members and 1 Guest are viewing this topic.

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11591
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
DeepScreen & Hardened Mode in Beta 2
« on: September 12, 2013, 11:32:44 PM »
Guys,

As some of you already noticed, neither DeepScreen nor Hardened Mode was really functional in the original beta 2 release. We have identified the issue now (the bug was in aswSP.sys) and actually took this opportunity to test the new "micro-update" mechanism in Avast 2014 to push out an updated version of aswSP.sys that's supposed to fix the problem.

What this means is that if you have beta 2 and DeepScreen / Hardened Mode doesn't work for you, it should now start working after the next reboot... (because the micro-update has likely been already applied, and so the changes in the aswSP driver will become effective right after the next reboot).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1256
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #1 on: September 12, 2013, 11:37:01 PM »
Ah, that explains it. I couldn't find 1 sample that would activate Deepscreen so now I know why.
Windows 7 Home Premium 64-bit • Avast Internet Security 2015 • MBAM Premium (latest) • Google Chrome • CCleaner •

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3534
  • When you think you know, Think Again
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #2 on: September 13, 2013, 02:17:31 AM »
Ah, Nice. :)
**HP Business NB  W8.1.1 PRO 64Bit  8GB Ram          *Dell Inspiron  xpSP4 PRO 32 Bit/ Avast Premier 2015
Layered Security Protection       Backup & Recovery> WD 500GB HD/ Macrium Reflect/ Dropbox
Do not confuse Kindness for Weakness

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 714
  • A Good Old Indian!
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #3 on: September 14, 2013, 06:14:59 PM »
Thanks Vlk and now I am already able to trigger deepscreen detections  8)

Offline spywar

  • Malware Hunter
  • Poster
  • *
  • Posts: 442
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #4 on: September 14, 2013, 06:44:44 PM »
Thanks  ;D

Offline Lord Ami

  • Avast translator
  • Full Member
  • ***
  • Posts: 149
    • My site
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #5 on: September 14, 2013, 06:45:30 PM »
With Hardened mode set to Agressive, I got the proper alert with autosandboxme2.exe but it still opened the window named Status (Success: Sandbox....". Is this normal, or with which file we can test it?

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11591
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #6 on: September 15, 2013, 01:55:02 AM »
With Hardened mode set to Agressive, I got the proper alert with autosandboxme2.exe but it still opened the window named Status (Success: Sandbox....". Is this normal, or with which file we can test it?

Yes this is normal, because we don't actually block the autosandboxme2.exe executable itself, but another executable (called autosandboxme2.exa) that autosandboxme2.exe extracts and runs... so it doesn't block the whole thing, just a part of it.

We will likely prepare another set of test utilities that will be better suited for DeepScreen and Hardened Mode testing.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline True Indian

  • Malware Hunter
  • Advanced Poster
  • **
  • Posts: 714
  • A Good Old Indian!
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #7 on: September 15, 2013, 05:43:57 AM »
Vlk,does this mean avast will now be able to do analysis with the 2 technologies as you mentioned before or that will be further in the beta cycle?

Thanks!

Online RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 8097
  • We are supersheep, resistance is futile!
    • RejZoR's little secrets
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #8 on: September 15, 2013, 06:44:16 AM »
It would be nice if you could remove the "Add to exclusions" button on the Hardened Mode popup without strictly locking up the avast! with password.
For example i want to use Hardened Mode on my sister's laptop, but i don't want to password protect avast! because there is no need to, but i don't want her to add the file to exclusion by mistake (sort of).

So, if everything remains as it is, just add a control to disable or enable "Add to exclusion" option on the Hardened Mode popup.

Offline Justin_22

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 447
  • Free your soul and let it fly
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #9 on: September 15, 2013, 07:29:13 AM »
With Hardened mode set to Agressive, I got the proper alert with autosandboxme2.exe but it still opened the window named Status (Success: Sandbox....". Is this normal, or with which file we can test it?

Yes this is normal, because we don't actually block the autosandboxme2.exe executable itself, but another executable (called autosandboxme2.exa) that autosandboxme2.exe extracts and runs... so it doesn't block the whole thing, just a part of it.

We will likely prepare another set of test utilities that will be better suited for DeepScreen and Hardened Mode testing.

Thanks
Vlk

Does it work this way for all files? Or just files like autosandboxme2.exe?

For example if i way to run aaa.exe would it block that file or just aaa.exa (if that is how the file were to work?

And i believe rejzor has a nice idea in the idea of a switch to add or remove the exclude button. The way they are on the popup could cause some accidental clicks of exclude.
Avast!  2014 beta - Sandboxie - K9 Web Protection

Offline RealNature

  • Poster
  • *
  • Posts: 425
  • Nothing without GOD
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #10 on: September 15, 2013, 03:36:29 PM »
It would be nice if you could remove the "Add to exclusions" button on the Hardened Mode popup without strictly locking up the avast! with password.
For example i want to use Hardened Mode on my sister's laptop, but i don't want to password protect avast! because there is no need to, but i don't want her to add the file to exclusion by mistake (sort of).

So, if everything remains as it is, just add a control to disable or enable "Add to exclusion" option on the Hardened Mode popup.
+1000 to that. This is a good option even for us advanced users.
AsusK53U: W7Pro Sp1x64, WFW, Avast free latest buid, common sense, Mozilla Firefox latest build.

Offline Para-Noid

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5589
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #11 on: September 15, 2013, 10:30:43 PM »
We will likely prepare another set of test utilities that will be better suited for DeepScreen and Hardened Mode testing.
Thanks vlk!

This is what I've been hoping for.
Dell Inspiron, Win7x64 SP1, Comodo Firewall 5.12 w/D+, MalwareBytes Free 2.1--HP Envy Win8.1x64, Private Firewall, MalwareBytes Premium 2.1--Both systems Avast Free v2015.10.2,2215 SP1, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Firefox (latest build), Google Chrome (latest build) and, various browser security tools.

When you do something, do it with a purpose and do it on purpose.

Online Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65764
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #12 on: September 15, 2013, 11:36:13 PM »
We will likely prepare another set of test utilities that will be better suited for DeepScreen and Hardened Mode testing.
Good.
I've tested some AutoIt tools and seems the detection has improved, less false positives.
The best things in life are free.

Online RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 8097
  • We are supersheep, resistance is futile!
    • RejZoR's little secrets
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #13 on: September 15, 2013, 11:53:55 PM »
Best way to test DeepScreen and Hardened Mode activation is program "LockNote". Due to its nature of operation, it modifies itself on every execution and thus activates DeepScreen every single time. It's not meant for this, but i found it as an effective tool to test avast! Autosandbox/DeepScreen.

Online Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65764
Re: DeepScreen & Hardened Mode in Beta 2
« Reply #14 on: September 16, 2013, 01:34:52 PM »
Well, running LockNote more than once, nothing is shown as being DeepScreened right now. Is it working in the actual beta?
The best things in life are free.