Author Topic: Hardened Mode Exclusions Management?  (Read 4327 times)

0 Members and 1 Guest are viewing this topic.

dallas7

  • Guest
Hardened Mode Exclusions Management?
« on: October 15, 2013, 11:35:57 PM »
I used the resident updater in v8 Free (Win7x64sp1) and all went well.  2014 is running great. Good job, folks!!

I set Hardened Mode to Moderate and subsequently found exceptions were needed for several applications including three for Java.

I looked under the Hardened mode tab in Exclusions and there's nothing in there and assume that's there only for users to add exclusions manually.

Where then are popup exclusions stored and how are they managed?  Is it possible to "un-exclude"?

Thank you.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89643
  • No support PMs thanks
Re: Hardened Mode Exclusions Management?
« Reply #1 on: October 16, 2013, 01:03:39 AM »
Yes users can add their own exclusions there, but personally ones added via the pop-up add to exclusions 'should be added.' To my way of thinking this is a bug, 'Add an exclusion...' means just that and how do you know it has been added if you can't see it displayed in the list.

Also if something was added by mistake without it being in the list, how do you reverse the decision.

I suspect that there might well be an ini file somewhere that may have these, otherwise subsequent runs of files that triggered the Hardened Mode would trigger it again when run.

EDIT: Found it exclusions.ini in the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast (XP location or probably C:\ProgramData\AVAST Software\Avast later OSes.

Looks like it just doesn't store the file name but also the sha256 hash for the file, see image2. But I think these should be displayed in the UI, so that corrections can be made.
« Last Edit: October 16, 2013, 01:15:39 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7168
  • When you think you know, Think Again
Re: Hardened Mode Exclusions Management?
« Reply #2 on: October 16, 2013, 03:34:28 AM »
Yes users can add their own exclusions there, but personally ones added via the pop-up add to exclusions 'should be added.' To my way of thinking this is a bug, 'Add an exclusion...' means just that and how do you know it has been added if you can't see it displayed in the list.

Also if something was added by mistake without it being in the list, how do you reverse the decision.

I suspect that there might well be an ini file somewhere that may have these, otherwise subsequent runs of files that triggered the Hardened Mode would trigger it again when run.

EDIT: Found it exclusions.ini in the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast (XP location or probably C:\ProgramData\AVAST Software\Avast later OSes.

Looks like it just doesn't store the file name but also the sha256 hash for the file, see image2. But I think these should be displayed in the UI, so that corrections can be made.

+1
Good Idea. Definitely needs further development !
« Last Edit: October 16, 2013, 03:46:17 AM by schmidthouse »

dallas7

  • Guest
Re: Hardened Mode Exclusions Management?
« Reply #3 on: October 16, 2013, 06:26:56 AM »
@DavidR
Thanks for that info.  Sure enough, there are my popup exclusions.  Among them Zemana AntiLogger, a DynDNS client, SumatraPDF, Java's jp2launcher and java.exe and javacpl, Pale Moon's plugincontainer...  And that's just in Moderate.

And my password manager.  It's all backed up and easily recovered but the wait was still disturbing.

As for them not populating the Hardened tab in the GUI, maybe a bug.  Maybe not.  It's irrelevant as I've disabled the mode.  It's way, way too chatty. 

If anything slips by avast, I'm also running Online Armor Premium, Zemana AL Pro and Malwarebytes Pro in parallel.

While I'm thinking about it, how is that Hardened Mode supposed to be for the "inexperienced user"?  Like he/she would know what to do about plugincontainer.  ???

Cheers.
« Last Edit: October 16, 2013, 06:30:56 AM by dallas7 »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89643
  • No support PMs thanks
Re: Hardened Mode Exclusions Management?
« Reply #4 on: October 16, 2013, 01:43:57 PM »
You're welcome.

I too have the same feeling about inexperienced users and essentially asking them questions they may not be able to answer and what are they likely to do answer Yes (which could be worse).   I too enabled it just to see the impact, as personally I don't need it, outpost firewall pro does a good job in this area also and WinPatrol Plus.

I though the general consensus at avast was to make avast transparent and not have to ask the user to make decisions.

Even on my well established system (with some old applications) Moderate has generated quite a few pop-ups, god knows what aggressive would be like.

I think that there needs to be some sort of leveling/weighting in the early days of its use, e.g. how long has this been on the system and possibly the use of in-cloud checking of the file name and hash. Otherwise it could scare the pants of some users, should they even manage to find the option and enable it.

For me the real value of this tool is for new programs to provide a higher level of protection without the hassle on old programs on the system. Most 3rd party firewalls have some form of Learn/Training period (a week in the case of my firewall) and that allows some grace to get used to what you have installed and how you use your system.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.8.6127 (build 24.8.9372.870) UI 1.0.818/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

iroc9555

  • Guest
Re: Hardened Mode Exclusions Management?
« Reply #5 on: October 17, 2013, 03:06:32 AM »
I do not understand. I thought there were no alerts for hardened mode. All the readings state this is a feature to help novice users. It will not let a program with poor reputation to run. So what is the deal with the alerts. If a novice user or someone with less understanding of computers or security program gets an alert, what does it do ? I bet he is going to click " Add to exclutions ". So why this is better for novice users ? I would even say it is dangerous.

In Moderate Mode in an old XP it is as chatty as old Comodo HIPS.

BTW the exclution tab for Hardened mode is registering the files.

Again the exclutions are made in what was known as the global exclutions in the old avast!. This exclutions, to me, are too risky because it also exclude the files or programs from future manual scannings.

... I think that there needs to be some sort of leveling/weighting in the early days of its use, e.g. how long has this been on the system and possibly the use of in-cloud checking of the file name and hash. Otherwise it could scare the pants of some users, should they even manage to find the option and enable it.

For me the real value of this tool is for new programs to provide a higher level of protection without the hassle on old programs on the system. Most 3rd party firewalls have some form of Learn/Training period (a week in the case of my firewall) and that allows some grace to get used to what you have installed and how you use your system.

+1 Agree completely DavidR