Ransomware Shield only blocking modifications or also access to data?

[RejZoR]

I was wondering, is Ransomware Shield only blocking unknown programs from modifying protected files or will it also prevent reading of those files even if they aren't being modified at all? Coz while modification (encryption) is super annoying and unwanted, stealing said data without modification can also be an issue. How is that handled by Ransomware Shield?

[Claudiu7]

is that handled by Ransomware Shield?

Also I want to know if Ransomware Shield, beyond doing what its name says, can cook, clean and wash dishes....

[RejZoR]

I'm asking in all seriousness, because if it also prevents reading of files, not just modifications, it can be used to reinforce security on certain things, like browser for example and preventing rogue apps from stealing its data, like password storage file of the browser etc

[DavidR]

I was wondering, is Ransomware Shield only blocking unknown programs from modifying protected files or will it also prevent reading of those files even if they aren't being modified at all? Coz while modification (encryption) is super annoying and unwanted, stealing said data without modification can also be an issue. How is that handled by Ransomware Shield?

As I have said before I'm not even sure if it is protecting the folders I entered manually and I know no way to test this.

I put on were my downloads, images and data folders (not default locations), have come .pdf, various image formats and .txt file types.

It doesn't stop me opening them, nor does it stop me deleting them.  As far as text and image files go it allows them to be edited with a text or image editor.

[RejZoR]

That's how Smart Mode works, it allows whitelisted apps to manipulate protected files, but not unknown ones. Which is why I'm asking, it's almost impossible to test with legit apps. Controlled Folder Access in Windows Defender was suppose to work this way, yet their whitelist is absolute worthless garbage for some reason. And it's Microsoft, they should've had the best whitelist...

[Asyn]

...will it also prevent reading of those files even if they aren't being modified at all? Coz while modification (encryption) is super annoying and unwanted, stealing said data without modification can also be an issue.

Hi, there's a separate shield for this in Premium.
-> https://support.avast.com/en-ww/article/39/

[Asyn]

...it can be used to reinforce security on certain things, like browser for example and preventing rogue apps from stealing its data, like password storage file of the browser etc

Another function that is available in Premium.
https://support.avast.com/en-ww/article/Use-Antivirus-Password-Protection/

[Asyn]

As I have said before I'm not even sure if it is protecting the folders I entered manually and I know no way to test this.

Hi Dave, for testing purpose you could blacklist an app, it should get blocked then.

[DavidR]

As I have said before I'm not even sure if it is protecting the folders I entered manually and I know no way to test this.

Hi Dave, for testing purpose you could blacklist an app, it should get blocked then.

Thanks for that.

Though the more I'm seeing of this, I feel with the major differences (which weren't particularly clear), this seems to be a hook to purchase the Premium version.  As the Smart Scan still mentions files at risk even though I have the Ransomware Shield enabled.  In which case i will probably disable/remove it completely and go to my fallback a robust backup and recovery strategy.

[Asyn]

1. Though the more I'm seeing of this, I feel with the major differences (which weren't particularly clear), this seems to be a hook to purchase the Premium version.
2. As the Smart Scan still mentions files at risk even though I have the Ransomware Shield enabled.  In which case i will probably disable/remove it completely and go to my fallback a robust backup and recovery strategy.

1. Tbh, I don't think so. Afaik, there are no differences (Free/Premium) regarding Ransomware Shield.
2. Most probably because the FAQ/Ads haven't been adjusted/updated yet, this usually takes a while.

[DavidR]

1. Though the more I'm seeing of this, I feel with the major differences (which weren't particularly clear), this seems to be a hook to purchase the Premium version.
2. As the Smart Scan still mentions files at risk even though I have the Ransomware Shield enabled.  In which case i will probably disable/remove it completely and go to my fallback a robust backup and recovery strategy.

1. Tbh, I don't think so. Afaik, there are no differences (Free/Premium) regarding Ransomware Shield.

2. Most probably because the FAQ/Ads haven't been adjusted/updated yet, this usually takes a while.

Unfortunately I don't have the same confidence when details are lacking.  The FAQs and Ads really should have been given an update before release so they too can be updated at the same time.

Perhaps the fact that I really don't need the cover provided (doesn't help), having made my own backup and recovery provision.

[NON]

With Strict mode enabled, even Windows Explorer got blocked by Ransomware shield.
And as long as I can see Ransom shield only blocks modifications, not access.

[DougCuk]

The Ransomware Shield by design only blocks changes to files (edits, renames, deletion, encryption) but it doesn't block read access.

In Avast Free v20.5 the Ransomware Shield definitely works in "Strict Mode" - but you would have to list all your own Apps as allowed and also things like Windows Explorer and the Command Prompt to avoid being queried every time you tried to alter your own data.

However I have yet to prove that the default "Smart Mode" is actually protecting anything. The oldest and least known editing program I could find was a 20 year old Hex Editor with no digital signature and from a random author (not a named company) and was able to freely change file contents without triggering a response. So I am not sure what criteria Avast is using as to its internal list of Trusted Apps. Has anyone found an program that "Smart Mode" does block?

[Asyn]

Has anyone found an program that "Smart Mode" does block?

Yes, example in screenshot, I had to whitelist it manually.

[DougCuk]

Was that a particularly old version of that file?
I have just tested with v15.2 of that file (7zG.exe) dated Nov 2015 and can't get a reaction when adding files to a 7z archive that is supposedly protected by the Ransomware Shield under Smart Mode. I tested both the x86 and x64 versions and both are ignored by the Shield under Smart Mode - that version has no digital signature on the files.

If I activate "Strict Mode" the action is blocked with a red Avast popup warning and if I blacklist 7zG.exe I get a Windows error popup saying Access Denied. So the system is active but doesn't consider my version of 7zG.exe a threat under Smart Mode.

If the Shield doesn't react to a 20 year old Hex Editor from a random author with no digital signature then I am not sure what would qualify as a non-trusted app.