Author Topic: Behaviour Shield found 2 infected - where can I see?  (Read 7451 times)

0 Members and 1 Guest are viewing this topic.

malko

  • Guest
Behaviour Shield found 2 infected - where can I see?
« on: August 05, 2010, 06:44:30 PM »
Hello

I went to the Behaviour Shield part of Avast 5. I clicked on "Show traffic history" and I see two infected items in the red part.
Now I want to see what the two infected are. I did a full scan, nothing was found. A boot time scan will be done later today.

I tried to open "Show Report File" but it says nothing there.

Thanks


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #1 on: August 05, 2010, 07:14:03 PM »
Quote
Now I want to see what the two infected are
what did avast do with the items ?
have you checked the chest / quarantine ?

malko

  • Guest
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #2 on: August 05, 2010, 07:20:53 PM »
Yes I have checked the chest.

I just want to see what Avast caught that it says 2 infected items.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #3 on: August 05, 2010, 07:24:18 PM »
Unfortunately the Behaviour Shield log is worse than useless as it doesn't record detection information like the other resident shields. Why this is the case I don't know, but simply recording when it starts and stops every day, which is pretty useless other than to see if it was running.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Snagglegrain

  • Sr. Member
  • ****
  • Posts: 221
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #4 on: August 05, 2010, 07:28:13 PM »
Plenty of info for you on this thread, all of it amounting to others having experienced what you have, and wondering when it will be fixed.

SafeSurf

  • Guest
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #5 on: August 05, 2010, 11:16:40 PM »
Unfortunately the Behaviour Shield log is worse than useless as it doesn't record detection information like the other resident shields. Why this is the case I don't know, but simply recording when it starts and stops every day, which is pretty useless other than to see if it was running.
Now you can join the crowd with the rest of us in that larger thread.  ;D  That is why I made my last comment in that thread.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #6 on: August 05, 2010, 11:29:57 PM »
Well I have never had a Behaviour Shield detections, so no personal experience.

I don't have to join the crowd, I have already posted a few times in that topic.

Are there no details in the Behaviour Shields Report file ?
If not this is a failing that should be rectified in a program or engine update, so that detection information is recorded as it is in the file system shield, etc. etc.

That is what I'm dropping a hint about, the developers need to enter data into the behaviour shield report file on detection otherwise it is worse than useless.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #7 on: August 06, 2010, 07:54:59 AM »
I'm not quite sure if Behavior Shield is even useful at all. I've seen it checking actions and i've also got blocked actions but i have absolutely no idea what happened. Not even which process caused those blocked events, nothing. I also haven't seen a single malware getting actually blocked by it.
So either i'm observing things in a wrong way or Behavior Shield should be improved in many more ways, detection and interface wise.
Visit my webpage Angry Sheep Blog

SafeSurf

  • Guest
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #8 on: August 06, 2010, 08:01:48 AM »
This is the original thread that started the topic: http://forum.avast.com/index.php?topic=61342.0.

That's why we're trying to make a point that the devs. need to take a look at this and make some changes to this particular shield. 

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #9 on: August 06, 2010, 11:10:51 PM »
I'm not quite sure if Behavior Shield is even useful at all. I've seen it checking actions and i've also got blocked actions but i have absolutely no idea what happened. Not even which process caused those blocked events, nothing. I also haven't seen a single malware getting actually blocked by it.
So either i'm observing things in a wrong way or Behavior Shield should be improved in many more ways, detection and interface wise.
+1
We need faith that Behavior Shield is doing something...
The best things in life are free.

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 699
  • U.S.A
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #10 on: August 07, 2010, 06:03:54 AM »
my opinion and i hate to say it,it doesnt work.

Offline Snagglegrain

  • Sr. Member
  • ****
  • Posts: 221
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #11 on: August 08, 2010, 07:34:18 AM »
Excerpted from Vlk's Softpedia interview on May 1st, 2010...
Quote
The Behavior Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.

For now, the Behavior Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits.

With the release of v5.0.545, Vlk noted...

"Improvements in the Behavior Shield (realtime antirootkit part)"

and with the release of (current) v5.0.594, Vlk noted...

"performance improvements in the Behavior Shield"
 

silviucc

  • Guest
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #12 on: August 08, 2010, 02:09:08 PM »
and in 5.0.6xx he will probably write:

hey Behavior Shield actually works!!  * improvements to  Behavior Shield ;)

Offline Snagglegrain

  • Sr. Member
  • ****
  • Posts: 221
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #13 on: August 08, 2010, 04:05:14 PM »
and in 5.0.6xx he will probably write:
hey Behavior Shield actually works!!  * improvements to  Behavior Shield ;)
Very helpful input  Thanks for the post.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Behaviour Shield found 2 infected - where can I see?
« Reply #14 on: August 08, 2010, 04:16:24 PM »
The major problem as I see it is that Behaviour can be interpreted in many ways, the same as Heuristics, but the real issue here is what is actually monitored (sensors) by the Behaviour Shield. So if the behaviour shield doesn't comply with your interpretation of what a behaviour shield would do, then you are likely to say it isn't working or isn't working as you think it should be.

The avast behaviour shield isn't like things like threatfire.

So it is still focused in these same areas Vlk mentioned before and will continue to evolve:
Quote
- avast! Behaviour Shield, general information from an interview Softpedia - Ondrej Vlcek
Ondrej Vlcek:
The Behaviour Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.

For now, the Behaviour Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits.

So the major improvements in the addition of more sensors behaviour monitoring from the above (in bold) aren't due until avast 5.1. For the most part the improvements in the new build numbers has been one of performance so they don't slow system performance (which many complained of).
« Last Edit: August 08, 2010, 04:18:42 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security