Author Topic: NEW: Avast Beta 17.1.2283  (Read 46071 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: NEW: Avast Beta 17.1.2283
« Reply #75 on: January 23, 2017, 03:53:00 PM »
That's certainly strange. I even tried again with new clean VM with same results.
Visit my webpage Angry Sheep Blog

Offline A. User

  • Sr. Member
  • ****
  • Posts: 388
Re: NEW: Avast Beta 17.1.2283
« Reply #76 on: January 23, 2017, 08:55:46 PM »
Hun_Bolt, does selecting "Automatically quarantine known threats" still asks for unknown threats or simply ignores them? Please make it more clear in the UI. I guess that you have known behavior signatures (patterns) and also you have some kind a threshold for taking some actions, is it like that way?

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: NEW: Avast Beta 17.1.2283
« Reply #77 on: January 23, 2017, 10:42:44 PM »
What is considered "known" threats when it comes to behavior analysis? Rules that are very strict and specific and never generate false flags? Or is Behavior Shield also doing some sort of non behavior based scanning of running programs?
Visit my webpage Angry Sheep Blog

Offline Hun_Bolt

  • Avast team
  • Newbie
  • *
  • Posts: 13
Re: NEW: Avast Beta 17.1.2283
« Reply #78 on: January 23, 2017, 10:57:36 PM »
Known threats are threats were the behavioral engine has a very high confidence that the given process is malicious. The default setting is to auto-remove these threats and ask the user for the remaining ones.
I work for Avast. I might be able to help you. Please don't spam me.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: NEW: Avast Beta 17.1.2283
« Reply #79 on: January 24, 2017, 12:22:07 AM »
I've experienced ASK dialog even when I had it set to quarantine detected threats. That was in new AVG though.
Visit my webpage Angry Sheep Blog

REDACTED

  • Guest
Re: NEW: Avast Beta 17.1.2283
« Reply #80 on: January 24, 2017, 11:19:30 AM »
Can you restore a long time before the virus database upgrade voice prompt? Default is off, you can manually open on the line. I think it's coooool!

REDACTED

  • Guest
Re: NEW: Avast Beta 17.1.2283
« Reply #81 on: January 24, 2017, 11:21:24 AM »
sorry my English is so poor

Offline =Snake=

  • Still using Avast Free!
  • Maybe Bot
  • ***
  • Posts: 17412
Re: NEW: Avast Beta 17.1.2283
« Reply #82 on: January 24, 2017, 01:56:40 PM »
sorry my English is so poor

But you can change it like 'learning by doimg'!
 ;)
=Snake=
Desktops: AMD LE1620, W7 ult SP1 [x86] | IP-4, XP pro SP3[x86] | Intel Celeron, W7 ult SP1 [x86] | AMD-Athlon 1800+, XP pro SP3, [x86] in WL |
Laptops:   HP G72 , W10 Home [x64]  v22H2 (Build 19045.2728) | Acer Aspire ES1-131, W10 Home [x64] v1511 (Build 10586.1106)|
Firefox ESR [AOS,NS,uBO,uMatrix],Thunderbird,MCShield,CCleaner,Defraggler,MBAM Free,MBAE, Avast Free Antivirus|

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: NEW: Avast Beta 17.1.2283
« Reply #83 on: January 24, 2017, 04:07:44 PM »
Yup, something is wrong with Behavior Shield. It's just not detecting things AVG is detecting with Software Analyzer. Exact same things. My sample of Vipasana ransomware for example. AVG blocked it no problems, avast! BETA with seemingly identical component for behavior analysis and blocking, got through and encrypted files.

Would also be nice if popup stated "Behavior Shield" somewhere so you know what made this detection... Currently it's just popup with no info about that. Not many people know what IDP means. And even IDP is a bit archaic and outdated name used from AVG's "Identity Protection" module...
Could you please share the hash of the sample you used for testing?

SHA256: E49778D20A2F9B1F8B00DDD24B6BCEE81AF381ED02CFE0A3C9AB3111CDA5F573

Thanks. Quick question, you are testing without network connection right? Or did you change Avast configuration besides turning off File Shield?

Internet connection was active, I was testing with ONLY Behavior Shield enabled. I've also tried with all the other shields removed and also all the shields installed but disabled, to see if that made any difference. From what I can tell, it didn't.

The thing is, avast!'s Behavior Shield didn't get triggered on same things new AVG got triggered by Software Analyzer despite both being the same thing now. Which made me believe there are some Behavior Shield integration issues within avast!.

I tested the sample with Avast Beta and with File Shield turned off it got detected by Behavior Shield.
Visit my webpage Angry Sheep Blog

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118
Re: NEW: Avast Beta 17.1.2283
« Reply #84 on: January 27, 2017, 03:04:46 PM »
Guys, is the "Real Site" limited to certain networks? Because on different Wi-Fi network (4G LTE SIM card via MiFi device) I see the message what "Real Site can't run on this network". Repair or fix it all option does no difference, so I am curious is it my lack of knowledge or is it bug  ;D

Offline A. User

  • Sr. Member
  • ****
  • Posts: 388
Re: NEW: Avast Beta 17.1.2283
« Reply #85 on: January 27, 2017, 03:06:27 PM »
Guys, is the "Real Site" limited to certain networks? Because on different Wi-Fi network (4G LTE SIM card via MiFi device) and I see the message what "Real Site can't run on this network". Repair or fix it all option does no difference, so I am curious is it my lack of knowledge or is it bug  ;D
They said a while ago that this warning was not needed and they will remove it. But they missed to say when. :D

Offline zoli62

  • Newbie
  • *
  • Posts: 16
Re: NEW: Avast Beta 17.1.2283
« Reply #86 on: January 28, 2017, 10:54:28 AM »
I have one question. One of my computer has insufficient RAM. You can turn off safely the behavior shield?

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: NEW: Avast Beta 17.1.2283
« Reply #87 on: January 28, 2017, 11:08:29 AM »
I would say that the behaviour shield, if it is performing in the same way as the AVG version is going to be a powerful defence. When it isn't in use, it won't be consuming resources.

Me, I would be looking at:
1. is it possible to upgrade the RAM on this system.

2. look at the many programs that when installed want to run on boot, when they don't need to be run until needed.

3. Microsoft Windows managers RAM, after all it is there to be used. When it is running low it takes it back from other programs when it is needed by by an active program.

By far the best option is to get more RAM if that is possible.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline zoli62

  • Newbie
  • *
  • Posts: 16
Re: NEW: Avast Beta 17.1.2283
« Reply #88 on: January 28, 2017, 11:49:50 AM »
The behavior shield is useful against potentilly unwanted programs. The question is: it is enough the file protection for known threats?

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: NEW: Avast Beta 17.1.2283
« Reply #89 on: January 28, 2017, 11:53:21 AM »
The behavior shield is useful against potentilly unwanted programs. The question is: it is enough the file protection for known threats?

Actually, Behavior Shield is not all that great against PUP's. I mean, surely, it can detect if they go out of line and do something stupid and malicious, but PUP's in general don't do much. They can be visual annoyance in browser, for example in a form of a toolbar which is otherwise harmless, but users for the most part don't want it there. It most likely won't trigger the behavior sensors, but will still be annoyance to the user. PUP's will for the most part always remain a File Shield and partially Web Shield domain, because you have to match them by digital signature or by pattern signature.
Visit my webpage Angry Sheep Blog