Author Topic: Hardened Mode  (Read 38710 times)

0 Members and 1 Guest are viewing this topic.

Offline gjgtexas

  • Newbie
  • *
  • Posts: 3
Hardened Mode
« on: December 08, 2013, 04:35:49 PM »
Would someone explain to me what exactly is "hardened mode" and what is its purpose?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40636
  • Dragons by Sasha
    • Malware fixes
Re: Hardened Mode
« Reply #1 on: December 08, 2013, 04:49:47 PM »
Quote
•avast! Hardened Mode brings an option for inexperienced users to further lock down the security of the computer in the avast! 2014 settings. If enabled, users can select between "Aggressive" mode which doesn't allow any non-whitelisted files in avast! file reputation database (e.g. unknown files) to run, and "Moderate" mode which allows any other files except those with low reputation in avast! file reputation database (e.g. low prevalence files) to run.

Basically I have this set to moderate on my system, if I run an unknown file it will ask me if I would like to either block the programme from running or add it to my exception list, so that I am not asked again and it will run as normal

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9225
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Hardened Mode
« Reply #2 on: December 08, 2013, 06:50:02 PM »
I'll go in more detail here.

Hardened Mode is designed to make protection tougher without interfering with the computer usage much.
avast! by default checks suspicious files with DeepScreen within virtual environment to see how they behave. But if you use Hardened Mode, it starts to behave a bit differently.

Hardened Mode: Moderate
Under normal conditions, if avast! decides that some file is too suspicious by various characteristics, it then throws it into the DeepScren for further scanning. But if Moderate Hardened Mode is enabled, avast! automatically blocks files that are detected as suspicious by preliminary analysis.
In most cases DeepScreen checks the file and if it doesn't find obvious malicious problems with it, those files are started automatically after analysis. But Hardened Mode (Moderate) blocks it right there.

Hardened Mode: Aggressive
This mode behaves a bit differently. It actually relies on analysis on a very small scale and mostly relies on a huge whitelist database located in avast! Cloud. If file is located within the cloud and flagged as safe, it will allow to run it. If it's not found or marked as bad, it will block it. So, at least based on my experience, Aggressive Mode is actually much more secure and also a lot less intrusive. Only time that it will cause problems is with some very rare old software or very very new software that isn't used by thousands of users. Usually some very specialized programs used by only few users.
Moderate mode often feels a bit too paranoid (despite its name) because it often blocks safe programs just because they exhibit local suspicious file characteristics that are basically ignored by the Aggressive mode.

Only thing that confuses me is why Moderate mode doesn't rely on the same whitelist to avoid these suspicious blockings. In my case, i prefer to use Aggresssive mode and i have done so on many systems and it worked like charm. No problems, no excessive blocking but with superior protection.
Visit my webpage RejZoR's Flock of Sheep

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5318
  • When you think you know, Think Again
Re: Hardened Mode
« Reply #3 on: December 08, 2013, 07:17:08 PM »
Thanks RejZor, nice analysis.
Information many can use. :)
***HP ENVY 15K LT W10 Pro 64Bit/750GB HD/16GB Ram/Avast Prem.bc/VS/ASB/Mbam/Secureline.b/SANDBOXIE/Prey Project
**HP Compaq 8510p LT W10 Pro 64Bit/1TB HD/8GB Ram/Avast Prem.bc/VS/ASB/Mbam/SecureLine.b/SANDBOXIE/Prey Project 
     
*Dell Inspiron XPsp4 PRO 32Bit/2.5GB Ram/Avast (since 2002) 18.8.2356/OSA/Comodo FW 3.14/Secureline/Comodo IceDragon v.40
<LAYERED SECURITY SOFTWARE PROTECTION on all OS's>

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 80678
  • No support PMs thanks
Re: Hardened Mode
« Reply #4 on: December 08, 2013, 07:30:04 PM »
Absolutely, information I have retained the post's URL for reference, for those seeking more information on the hardened mode.

I would agree about the Moderate setting seeming to be aggressive, I had it on for testing and disabled it again. I never even ventured to test Aggressive mode since I thought Moderate aggressive. Now I will at least try Aggressive mode to see how it responds.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 18.8.2356/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline spywar

  • Malware Hunter
  • Poster
  • *
  • Posts: 441
Re: Hardened Mode
« Reply #5 on: December 08, 2013, 07:36:09 PM »
I'll go in more detail here.

Hardened Mode is designed to make protection tougher without interfering with the computer usage much.
avast! by default checks suspicious files with DeepScreen within virtual environment to see how they behave. But if you use Hardened Mode, it starts to behave a bit differently.

Hardened Mode: Moderate
Under normal conditions, if avast! decides that some file is too suspicious by various characteristics, it then throws it into the DeepScren for further scanning. But if Moderate Hardened Mode is enabled, avast! automatically blocks files that are detected as suspicious by preliminary analysis.
In most cases DeepScreen checks the file and if it doesn't find obvious malicious problems with it, those files are started automatically after analysis. But Hardened Mode (Moderate) blocks it right there.

Hardened Mode: Aggressive
This mode behaves a bit differently. It actually relies on analysis on a very small scale and mostly relies on a huge whitelist database located in avast! Cloud. If file is located within the cloud and flagged as safe, it will allow to run it. If it's not found or marked as bad, it will block it. So, at least based on my experience, Aggressive Mode is actually much more secure and also a lot less intrusive. Only time that it will cause problems is with some very rare old software or very very new software that isn't used by thousands of users. Usually some very specialized programs used by only few users.
Moderate mode often feels a bit too paranoid (despite its name) because it often blocks safe programs just because they exhibit local suspicious file characteristics that are basically ignored by the Aggressive mode.

Only thing that confuses me is why Moderate mode doesn't rely on the same whitelist to avoid these suspicious blockings. In my case, i prefer to use Aggresssive mode and i have done so on many systems and it worked like charm. No problems, no excessive blocking but with superior protection.
Many thanks for those detailed informations about the Hardened mode  ;)
I will set it up to agressive on some friends PC who are using avast!.

Online Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3639
Re: Hardened Mode
« Reply #6 on: December 08, 2013, 07:53:19 PM »
Be careful with that spywar, it gives some false positives.
SAMSUNG Galaxy S7 Edge, Android 8.0, Sophos Mobile Security

Offline George Yves

  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 4152
  • Help you I can
Re: Hardened Mode
« Reply #7 on: December 08, 2013, 08:56:58 PM »
RejZoR
Thank you for the info. I have translated your text into Russian: http://forum.avast.com/index.php?topic=142183.0
May the FOSS be with you!

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2092
Re: Hardened Mode
« Reply #8 on: December 09, 2013, 12:34:39 AM »
Friday, I turned on Hardened Mode to Agressive on my WinXP desktop.  Saturday, WinPatrol v29.1.2013.1 was released.  As I attempted overinstalling to update, Hardened Mode prevented the install.  I disabled Hardened Mode and completed the install, and allowed WinPatrol to restart.  I then restarted Windows.

I then turned Hardened Mode back on with WinPatrol running and logged out.  When I returned to the machine several hours later, WinPatrol was no longer running.  When I tried restarting WinPatrol, Hardened Mode would not allow it.  I tried rebooting a couple of times, and then turned off Hardened Mode.  After reading this thread today, I tried again after enabling Hardened Mode.  The only was for WinPatrol to run was to set an exclusion for it in Hardened Mode.

Either I misunderstand how Hardened Mode should work, or Avast has not yet updated the Whitelist database for the newest version of WinPatrol.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: AIS 18.8.2356, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 63.0.3, MBam Free, MCShield, CCleaner

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 80678
  • No support PMs thanks
Re: Hardened Mode
« Reply #9 on: December 09, 2013, 12:44:05 AM »
Hardened Mod should give a popup to let you know the program intercepted and crucially there is an Add an exclusion link at the bottom.

Unfortunately the popup doesn't stay up long (for me), so why it doesn't follow the timings for alert popups I don't know. You have to be quick to notice it, read the file involved and if it should be allowed (excluded) to do al this in a couple of seconds. I normally have to run the program again Hardened Mode normally intercepts and I'm waiting to click add an exclusion.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 18.8.2356/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2092
Re: Hardened Mode
« Reply #10 on: December 09, 2013, 12:52:10 AM »
The Hardened Mode popup is how I set the exclusion for WinPatrol.  That part worked as expected.  I was expecting Avast to whitelist WinPatrol.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: AIS 18.8.2356, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 63.0.3, MBam Free, MCShield, CCleaner

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3195
  • Avast shall conquer the whole world
Re: Hardened Mode
« Reply #11 on: December 09, 2013, 05:26:24 AM »
Thanks for sharing by explaining in details RejZoR as I've set my Hardened Mode to 'Aggresssive' and yes it does work like charm ;)
ASUS G75VX-T4153H - Avast Premier v18.8.2356 - W8.1 64bit - Avast Secure Browser - Firefox 64bit - Thunderbird - MBAM Premium - Adguard Premium - CryptoPrevent Premium - Privacy Eraser - MCShield - WinPatrol PLUS - Macrium Reflect Home Edition

Offline Starfighter

  • Sr. Member
  • ****
  • Posts: 309
  • They only let me use pencils, not pens!
Re: Hardened Mode
« Reply #12 on: November 14, 2014, 04:43:18 AM »
I use a program from Bitsum known as "Process Lasso."  Can I please request that Avast put Process Lasso on the whitelist for the Hardened Mode?  When the Avast! Hardened Mode is set at Aggressive, it blocks the installation program for Process Lasso from working properly (gives an error), as well as the actual Process Lasso program if I do manage to run it after it's installed (it crashes).  Thank you....

Details: Windows XP Pro, SP3, latest visual C++ installed (2005, 2008, 2010).
I use avast! because it's the best.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6713
  • Trust only what you test yourself!
Re: Hardened Mode
« Reply #13 on: November 14, 2014, 04:48:34 PM »
Since Hardened Mode relies on the cloud, if a software is deemed safe it's automatically whitelisted.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 80678
  • No support PMs thanks
Re: Hardened Mode
« Reply #14 on: November 14, 2014, 04:58:38 PM »
Since Hardened Mode relies on the cloud, if a software is deemed safe it's automatically whitelisted.

That is an assumption that isn't necessarily correct - whitelisting, e.g. is only for certain known files and or those that are digitally signed in order to make it into the Persistent cache (essentially white listed).

Others may fall into the Transient cache, not whitelisted as any change in the system status, reboot or receipt of an update and or change in the file - would result in its being scanned again if active.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 18.8.2356/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/