I'm an amateur malware tester and I have been a fan of avast for many years. I install avast on every computer I have touched, from my family or my friends
During 2 years of testing avast with several malware packs, I noticed that avast is almost always bypassed by malwares from
scripts, powershell and java. This happens every month even with hardened mode aggressive enabled (because HM doesn't support these types of malware)
Therefore, I would like to suggest a simple feature: Process blacklist/disallow
- Every users can add vulnerable processes to the blacklist, prevent them from running or downloading malware payloads.
- Limits the spreading of malware significantly
- Blocking those vulnerable processes also helps to block file-less malwares
Some vulnerable processes
- wscript.exe and cscript.exe
- powershell.exe and powershell_ise.exe
- java.exe and javaw.exe
- mshta.exe and msra.exe
- caution: cmd, conhost -> they are required for many windows tasks so blocking them would cause windows malfunction
I think if users have the ability of blacklist those processes, it would be a great addition and the rate of infection would be much much lower
Process lasso also has this feature and it works great. The screenshot is in the attachment
If avast team plan to add this feature in the future, please have an option to block the process based on their names only without their full path because malware could move these processes to another location and execute them
Thank you for reading this
