Author Topic: Hardened Mode (Read 54709 times)

gjgtexas · « **on:** December 08, 2013, 04:35:49 PM »

Would someone explain to me what exactly is "hardened mode" and what is its purpose?

essexboy · « **Reply #1 on:** December 08, 2013, 04:49:47 PM »

Quote

•avast! Hardened Mode brings an option for inexperienced users to further lock down the security of the computer in the avast! 2014 settings. If enabled, users can select between "Aggressive" mode which doesn't allow any non-whitelisted files in avast! file reputation database (e.g. unknown files) to run, and "Moderate" mode which allows any other files except those with low reputation in avast! file reputation database (e.g. low prevalence files) to run.

Basically I have this set to moderate on my system, if I run an unknown file it will ask me if I would like to either block the programme from running or add it to my exception list, so that I am not asked again and it will run as normal

RejZoR · « **Reply #2 on:** December 08, 2013, 06:50:02 PM »

I'll go in more detail here.

Hardened Mode is designed to make protection tougher without interfering with the computer usage much.
avast! by default checks suspicious files with DeepScreen within virtual environment to see how they behave. But if you use Hardened Mode, it starts to behave a bit differently.

Hardened Mode: Moderate
Under normal conditions, if avast! decides that some file is too suspicious by various characteristics, it then throws it into the DeepScren for further scanning. But if Moderate Hardened Mode is enabled, avast! automatically blocks files that are detected as suspicious by preliminary analysis.
In most cases DeepScreen checks the file and if it doesn't find obvious malicious problems with it, those files are started automatically after analysis. But Hardened Mode (Moderate) blocks it right there.

Hardened Mode: Aggressive
This mode behaves a bit differently. It actually relies on analysis on a very small scale and mostly relies on a huge whitelist database located in avast! Cloud. If file is located within the cloud and flagged as safe, it will allow to run it. If it's not found or marked as bad, it will block it. So, at least based on my experience, Aggressive Mode is actually much more secure and also a lot less intrusive. Only time that it will cause problems is with some very rare old software or very very new software that isn't used by thousands of users. Usually some very specialized programs used by only few users.
Moderate mode often feels a bit too paranoid (despite its name) because it often blocks safe programs just because they exhibit local suspicious file characteristics that are basically ignored by the Aggressive mode.

Only thing that confuses me is why Moderate mode doesn't rely on the same whitelist to avoid these suspicious blockings. In my case, i prefer to use Aggresssive mode and i have done so on many systems and it worked like charm. No problems, no excessive blocking but with superior protection.

schmidthouse · « **Reply #3 on:** December 08, 2013, 07:17:08 PM »

Thanks RejZor, nice analysis.
Information many can use.

DavidR · « **Reply #4 on:** December 08, 2013, 07:30:04 PM »

Absolutely, information I have retained the post's URL for reference, for those seeking more information on the hardened mode.

I would agree about the Moderate setting seeming to be aggressive, I had it on for testing and disabled it again. I never even ventured to test Aggressive mode since I thought Moderate aggressive. Now I will at least try Aggressive mode to see how it responds.

spywar · « **Reply #5 on:** December 08, 2013, 07:36:09 PM »

Quote from: RejZoR on December 08, 2013, 06:50:02 PM

I'll go in more detail here.

Hardened Mode is designed to make protection tougher without interfering with the computer usage much.
avast! by default checks suspicious files with DeepScreen within virtual environment to see how they behave. But if you use Hardened Mode, it starts to behave a bit differently.

Hardened Mode: Moderate
Under normal conditions, if avast! decides that some file is too suspicious by various characteristics, it then throws it into the DeepScren for further scanning. But if Moderate Hardened Mode is enabled, avast! automatically blocks files that are detected as suspicious by preliminary analysis.
In most cases DeepScreen checks the file and if it doesn't find obvious malicious problems with it, those files are started automatically after analysis. But Hardened Mode (Moderate) blocks it right there.

Hardened Mode: Aggressive
This mode behaves a bit differently. It actually relies on analysis on a very small scale and mostly relies on a huge whitelist database located in avast! Cloud. If file is located within the cloud and flagged as safe, it will allow to run it. If it's not found or marked as bad, it will block it. So, at least based on my experience, Aggressive Mode is actually much more secure and also a lot less intrusive. Only time that it will cause problems is with some very rare old software or very very new software that isn't used by thousands of users. Usually some very specialized programs used by only few users.
Moderate mode often feels a bit too paranoid (despite its name) because it often blocks safe programs just because they exhibit local suspicious file characteristics that are basically ignored by the Aggressive mode.

Only thing that confuses me is why Moderate mode doesn't rely on the same whitelist to avoid these suspicious blockings. In my case, i prefer to use Aggresssive mode and i have done so on many systems and it worked like charm. No problems, no excessive blocking but with superior protection.

Many thanks for those detailed informations about the Hardened mode

I will set it up to agressive on some friends PC who are using avast!.

Secondmineboy · « **Reply #6 on:** December 08, 2013, 07:53:19 PM »

Be careful with that spywar, it gives some false positives.

George Yves · « **Reply #7 on:** December 08, 2013, 08:56:58 PM »

RejZoR
Thank you for the info. I have translated your text into Russian: http://forum.avast.com/index.php?topic=142183.0

Gopher John · « **Reply #8 on:** December 09, 2013, 12:34:39 AM »

Friday, I turned on Hardened Mode to Agressive on my WinXP desktop. Saturday, WinPatrol v29.1.2013.1 was released. As I attempted overinstalling to update, Hardened Mode prevented the install. I disabled Hardened Mode and completed the install, and allowed WinPatrol to restart. I then restarted Windows.

I then turned Hardened Mode back on with WinPatrol running and logged out. When I returned to the machine several hours later, WinPatrol was no longer running. When I tried restarting WinPatrol, Hardened Mode would not allow it. I tried rebooting a couple of times, and then turned off Hardened Mode. After reading this thread today, I tried again after enabling Hardened Mode. The only was for WinPatrol to run was to set an exclusion for it in Hardened Mode.

Either I misunderstand how Hardened Mode should work, or Avast has not yet updated the Whitelist database for the newest version of WinPatrol.

DavidR · « **Reply #9 on:** December 09, 2013, 12:44:05 AM »

Hardened Mod should give a popup to let you know the program intercepted and crucially there is an Add an exclusion link at the bottom.

Unfortunately the popup doesn't stay up long (for me), so why it doesn't follow the timings for alert popups I don't know. You have to be quick to notice it, read the file involved and if it should be allowed (excluded) to do al this in a couple of seconds. I normally have to run the program again Hardened Mode normally intercepts and I'm waiting to click add an exclusion.

Gopher John · « **Reply #10 on:** December 09, 2013, 12:52:10 AM »

The Hardened Mode popup is how I set the exclusion for WinPatrol. That part worked as expected. I was expecting Avast to whitelist WinPatrol.

SpeedyPC · « **Reply #11 on:** December 09, 2013, 05:26:24 AM »

Thanks for sharing by explaining in details RejZoR as I've set my Hardened Mode to 'Aggresssive' and yes it does work like charm

REDACTED · « **Reply #12 on:** November 14, 2014, 04:43:18 AM »

I use a program from Bitsum known as "Process Lasso." Can I please request that Avast put Process Lasso on the whitelist for the Hardened Mode? When the Avast! Hardened Mode is set at Aggressive, it blocks the installation program for Process Lasso from working properly (gives an error), as well as the actual Process Lasso program if I do manage to run it after it's installed (it crashes). Thank you....

Details: Windows XP Pro, SP3, latest visual C++ installed (2005, 2008, 2010).

Para-Noid · « **Reply #13 on:** November 14, 2014, 04:48:34 PM »

Since Hardened Mode relies on the cloud, if a software is deemed safe it's automatically whitelisted.

DavidR · « **Reply #14 on:** November 14, 2014, 04:58:38 PM »

Quote from: Para-Noid on November 14, 2014, 04:48:34 PM

Since Hardened Mode relies on the cloud, if a software is deemed safe it's automatically whitelisted.

That is an assumption that isn't necessarily correct - whitelisting, e.g. is only for certain known files and or those that are digitally signed in order to make it into the Persistent cache (essentially white listed).

Others may fall into the Transient cache, not whitelisted as any change in the system status, reboot or receipt of an update and or change in the file - would result in its being scanned again if active.

Author Topic: Hardened Mode (Read 54709 times)

gjgtexas

Hardened Mode

essexboy

Re: Hardened Mode

RejZoR

Re: Hardened Mode

schmidthouse

Re: Hardened Mode

DavidR

Re: Hardened Mode

spywar

Re: Hardened Mode

Secondmineboy

Re: Hardened Mode

George Yves

Re: Hardened Mode

Gopher John

Re: Hardened Mode

DavidR

Re: Hardened Mode

Gopher John

Re: Hardened Mode

SpeedyPC

Re: Hardened Mode

REDACTED

Re: Hardened Mode

Para-Noid

Re: Hardened Mode

DavidR

Re: Hardened Mode