Author Topic: Feature suggestion: process blacklisting  (Read 750 times)

0 Members and 1 Guest are viewing this topic.

Offline Evjls

  • Jr. Member
  • **
  • Posts: 96
Feature suggestion: process blacklisting
« on: November 18, 2017, 09:54:48 AM »
I'm an amateur malware tester and I have been a fan of avast for many years. I install avast on every computer I have touched, from my family or my friends

During 2 years of testing avast with several malware packs, I noticed that avast is almost always bypassed by malwares from scripts, powershell and java. This happens every month even with hardened mode aggressive enabled (because HM doesn't support these types of malware)

Therefore, I would like to suggest a simple feature: Process blacklist/disallow
- Every users can add vulnerable processes to the blacklist, prevent them from running or downloading malware payloads.
- Limits the spreading of malware significantly
- Blocking those vulnerable processes also helps to block file-less malwares

Some vulnerable processes
- wscript.exe and cscript.exe
- powershell.exe and powershell_ise.exe
- java.exe and javaw.exe
- mshta.exe and msra.exe
- caution: cmd, conhost -> they are required for many windows tasks so blocking them would cause windows malfunction

I think if users have the ability of blacklist those processes, it would be a great addition and the rate of infection would be much much lower

Process lasso also has this feature and it works great. The screenshot is in the attachment

If avast team plan to add this feature in the future, please have an option to block the process based on their names only without their full path because malware could move these processes to another location and execute them

Thank you for reading this :)
« Last Edit: November 18, 2017, 10:23:08 AM by Evjls »