What the heck is up with 1290 update?

[larrym]

I know the answer is probably posted somewhere in here, but, I'm on a very slow dial-up connection (waiting for cable dsl connection, hopefully in a few days, we live way out in the country) so I can't do too much searching.
The new download of avast didn't work. In my user accounts on-access protection would not start. I deleted avast (after a few tries of other things posted on the website) and used a previous download to reload, then did an update. This time everything worked!
My question is why has avast added things to what seemed to be perfectly good antivirus software that I don't understand and I can't find an explanation for in the software namely the file checker or whatever it is that continuosly asks me if I want to open a file or delete a file without telling me what that file is or why I'm opening or deleting some have been in TEMP file or recycled, but some have been in system files. It's called behavior blocker and I know that because it just popped up again.
I have had very few problems with avast, but this one kind of makes me want to give it up, no matter how many good reviews I've read and I got avast because of those reviews and I was all set to purchase the pro version (well my money is kind of funny, but I was thinking about it before this update)
Any help would be appreciated.

[Lisandro]

Did you change the avast default settings for Standard Shield provider?
I suggest you wait some hours (we'll have a program update) and do an installation from the scratch:

1. Uninstall avast from Control Panel first.
2. Boot.
3. Download the latest version of Avast Uninstall and use it for complete uninstallation.
4. Boot.
5. Install again the latest avast! version.
6. Boot.
7. Check and post the results.

[larrym]

Thank you for your help.
What will your answer do for the behavior blocker and info on how to rein it in or control or just what in the heck it does and what are the files it wants me to delete or open?

[Tarq57]

Behavior blocker?
Avast doesn't have a behavior blocker. That's more the realm of a HIPS type program, as used by some firewalls.
What other security software do you have installed, and what OS?

The suggestion by Tech is to ensure that your installation of Avast is as it should be - not corrupted or "broken", and is a good starting point for troubleshooting in the absence of other information.
Perhaps you could post some screenshots of the warning dialogue box next time it pops up.

[DavidR]

What behaviour blocker, avast doesn't have one in version 4.8

If you are getting an avast based question ("the software namely the file checker or whatever it is that continuosly asks me if I want to open a file or delete a file without telling me what that file is or why"), then you have been tweaking the avast settings, see image (default settings).

These are nothing to do with the recent program update, they would be in your existing program settings and a program update wouldn't change those settings but honour them. So someone has been tweaking the avast settings without knowing the impact.

[larrym]

I'm not sure what "avast! behavior blocker event" is, but it certainly showed up, and after my restart I didn't change any settings, I didn't really have a chance to.

I'm using windows xp sp2 (slow connect would take forever), pent. 4, 256m ram, adaware, spybot search and destroy, spywareblaster, belarc, zonealarm, and right now I don't have an anti-virus which I will rectify shortly. I downloaded hijack this a long time ago before I switched from winme to winxp and if needed I will find it and use it.

At the last update (1290) avast worked fine in an admin account but in user accounts on-access protection went down and would not start due to what it said was a rpc error. After a bit I deleted, used a previous download (from around the 1st of the year, thereabouts), and downloaded all of the updates up to 1290 and the update for that day.

Everything went smoothly until restart, avast detected a possible malware infection by heuristics (mrtrate.sys or something like that I have bad crs {can't remember s**t} and I didn't write it down) and asked me to ignore and send to avast without explaining how to send to avast. I clicked ignore and yes to sending, avast said it needed to restart my system and I let it. After restart something called "avast! Behavior Blocker event" (I wrote this down and you guys say there isn't a "behavior blocker", but that's the way it was written in the pop-up window, also in more information it gave a partial address of the file or a whole one depending on length, the folder, and "allow", "allow all" and "deny") popped up and wanted me to open files for writing and if I allowed and whether I allowed or denied, another instance popped up for deleting the file. Some of the files were in system restore and Temp and an old version of norton systemworks (nprotect, protected deleted files) that I still use. I thought this was strange, but maybe something new that avast was trying.

The pop-up window gave no indication of why I was to open the file (except for writing) or why I was to delete. I denied some and allowed some, except for what I percieved to be system files (system32, etc.) or which I took the time to check out over the internet.

When I uploaded some programs from disks, the window popped up fast, quick, and many times. I'm really feeling funny about this so I checked in the forum and I was told that avast doesn't have a "behavior blocker"

Warning! Warning! Danger Will Robinson! The bells went off!

I had already downloaded that file aswClear.exe, but while I was downloading it B Blocker popped up again with internet files it wanted to "open for writing" and then delete, also it wanted to open aswclear for writing.

After I read what one of the forum guys said about avast not having a b blocker, I was about to close my connection, when the b blocker as if -emphasis added- IT DETECTED WHAT I WAS ABOUT TO DO AND NOW WANTED TO OPEN AVAST.COM FOR WRITING AND OPEN ASWCLEAR FOR WRITING. I denied and now the window for mrtrate.sys (whatever) popped and wanted again for me to ignore and send to avast when I denied, again avast wanted to restart my system and run a scan.

I COULDN'T GET THIS THING OFF MY SYSTEM FAST ENOUGH!

I erased avast in safe mode and re downloaded aswClear, went back into safe mode, used aswClear and defragged my C drive.

 I've used avast since the last/first of 2006/2007 and I remembered later having this problem before (sort of, my crs is always acting up and I could be having false deja vu) and my fears being calmed by the forum. Now I'm wondering if my system has been compromised in some way and I'm worried.
Any thoughts, questions, answers, would be greatly appreciated and the answers already given are appreciated, but please don't tell me I didn't read "avast! Behavior Blocker Event" because I wrote it down.

Thank you.

[larrym]

DavidR
I just looked at your gif and now I think I could have done this without thinking about it. After writing all that my problem may only be "operator head space".

[DavidR]

OK on your possible changing of the settings, if you set them back to the defaults as in my image, that should resolve one issue.

However, from your previous post, it could be what you are seeing is avast's self-defence module stopping something (possibly undetected malware) trying to modify either avast files or registry entries, possibly to disable it or hijack it. Or it could be another security program that is a little lax in the way it opens things, instead of opening for reading it tries to open with write permission and avast won't allow that.

Does this image look the same ?
If so by examining the C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log you would see the program trying to access these files for writing. Unfortunately you were a little quick on the draw in uninstalling so we may never know what it was unless it happens again you know where to look.

What other security applications do you have installed ?

[TheSpirit]

larrym,

I believe that you are right about those pop-ups. I have seen the same alerts after experimenting with the blocker settings.

I have searched the user guide and the help file, but they don't seem to have any screen shots of those alerts. This could have convinced DavidR.