It's not flawed if you know the purpose of the test. The test was meant to poke Behavior Shield and it did. That's all it is to it.
Of course it is meant to poke the behavior shield.But IDP needs web shield atleast to work during the test atleast with ransom downloader which downloads the file from a blocked url.
With web shield disabled the payload is downloaded and kind of risk it till the end.With web shield on avast will block the URL and IDP will see the underlying culprit and block it.I have seen this for myself.
What only happens here is IDP blocks the payload but not the downloader thanks to the tester disabling web shield and again if it were the ones I have seen it will keep trying to download the file and all IDP can do is keep blocking whereas the js or the downloader is knocked right away as soon as web shield blocks the URL.
And again the end result will only look bad for avast considering the downloader is still running just because the tester doesn't know how avast works.
This is exactly what I asked for from avast team and I am glad its working in that direction.
Avast just like before is dependent on its shields.
could you please explain how those 3 modules link together? How to isolate behavior shield for testing without depending on the signatures and web shield or other blacklisting methods? Finding undetected samples which haven't been detected by webshield and file shield?
are you 100% sure that IDP and other modules are linked together or are they just separate things?
I have seen IDP and file shield blocking the exact same files. I thought they are separate because file shield should have blocked them first and IDP should not have been touched. Web shield -> file shield (signatures, hardened mode, reputation service, cybercapture,...) -> IDP (last layer) => I don't know how they work, the order, the connections
I have been testing avast's Behavior blocker and BBs of other products. Of course I don't know how they work because I don't know coding but what I can see is that other BBs, some are better, some are worse than IDP in similar testing conditions.
I'm an Avast fanboy. I'm a bit bias towards avast and using it for my whole family and friends
I accept my lack of knowledge about the product but where can I fill it up?