This is a completely pointless poll because the OP obviously doesn't understand how the behavior shield works. The behavior shield in avast 5 is _not_ what is usually referred to as a "behavior blocker" or HIPS... It is an expert system based on rules, created by real people here in the lab.
An example: in a classic BB/HIPS, you get an alert like this:
Application abc.exe is trying to install global window CBT hook on session 2. Allow/deny?
Now, behavior shield in avast 5 has a definition file (similar to the normal detection engine) that may contain rules like this:
IF
- application is located in Windows directory, AND
- application is packed, AND
- the application is not signed by a trusted publisher, AND
- parent process is NOT xyz.exe, AND
- the last API calls are api1, api2, api3, api4, AND
- the application recently dropped a file called *.dll into the Windows directory, AND
- the dll is now being installed as a global window CBT hook
THEN block the application and submit the associated exe and dll files for analysis to the virus lab.
Thanks
Vlk