Author Topic: Behavior Shield ?  (Read 5595 times)

0 Members and 1 Guest are viewing this topic.

AJ Bucini

  • Guest
Behavior Shield ?
« on: December 20, 2010, 04:41:21 PM »
Hey all I new here I just installed Avast! Free on 2 of my PC's, I have a Quick quesetion about the Behavior Shield Feature What dose this exactly do?

Dose it acctualy block programs when they do certain things that are suspect?

I have had like 5 hits on it over the last 4 Days at times when the syetem is Idle, also is there any way to view what file or program caused the detection in the Behavior Shield?

Please help I am running Windows XP and Avast program VER 5.0.677

Thanks

Hermite15

  • Guest
Re: Behavior Shield ?
« Reply #1 on: December 20, 2010, 04:47:39 PM »
on 5.0, the BS is just a report tool, analyzing systems and reporting their behavior to Avast. They've done that for a year now. OK this being said 5.1 is being tested at the moment, and it includes a new version of the behavior shield that has a setting panel now and offers the option to allow/block detected unusual processes. It's not very stable yet. You're better off waiting until the final version of 5.1 is out in a few days or a weeks... I suppose. In the meantime if you do feel like testing go visit this thread:
http://forum.avast.com/index.php?topic=67766.msg570056#msg570056

... at your own risk ;) (avoid setting the BS on "ask" mode though, there are issues...)

stxNTrm06

  • Guest
Re: Behavior Shield ?
« Reply #2 on: December 20, 2010, 10:19:51 PM »
Quote
" ...Quick quesetion about the Behavior Shield Feature What dose this exactly do?... "

Quick Answer: it does just nothing but displaying useless and nagging pop-ups.



1. Does not show the full path to the file. What to delete or ignore ? What to submit for analysis ?
2. No copy option and no recording in log file.
3. There are two options: Ignore and Delete and none of them does anything and the pop-ups continue displaying.

And it seems this issue will exist in the new version of Avast as no one bothers to do something about it.

Thanks.  ::)

spg SCOTT

  • Guest
Re: Behavior Shield ?
« Reply #3 on: December 20, 2010, 10:23:21 PM »
That alert, I believe is not part of the Behavior shield, but the antirootkit scan:
http://forum.avast.com/index.php?topic=67718.msg569792#msg569792

The behavior shield alerts that I have seen (when using the 5.1.xx beta, are orange...

Also there is a report file for the antirootkit scan, but that is for your other thread, which you have left to disappear in the forum...
« Last Edit: December 20, 2010, 10:25:19 PM by spg SCOTT »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Behavior Shield ?
« Reply #4 on: December 20, 2010, 11:05:21 PM »
Seems a false positive of TuneUp Utilities.
Scott is right in his assumptions.
The best things in life are free.

spg SCOTT

  • Guest
Re: Behavior Shield ?
« Reply #5 on: December 20, 2010, 11:41:22 PM »
Thanks for confirming Tech

To answer the other questions, like Logos said, in the beta version it is improved.

Quote
Dose it acctualy block programs when they do certain things that are suspect?
Yes, more so in the beta version...
One example I have seen is alerts on the modification of:
Code: [Select]
\REGISTRY\USER\S-1-5-21-749254142-602152416-2417861921-1000\Software\Microsoft\Internet Explorer\MainWhich I am reliably informed is a method of connecting to the internet without opening Internet Explorer

Although I have found that a few of my programs use this...so it could become tiresome...but that is why avast! is introducing it bit by bit...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Behavior Shield ?
« Reply #6 on: December 21, 2010, 12:38:12 AM »
Scott is right in his assumptions.
Probably a false positive of TuneUp Utilities.
The best things in life are free.

stxNTrm06

  • Guest
Re: Behavior Shield ?
« Reply #7 on: December 21, 2010, 08:48:02 AM »
Quote
" ...That alert, I believe is not part of the Behavior shield, but the antirootkit scan... "

The alert is not part of antirootkit scan, there is no such thing like "antirootkit scan" it is included in the general scan. There is no "antirootkit scan" log. Avast! logs are located in the following directory:

C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\

and none of those logs (including BehaviorShield.txt) contains the alert recorded.

You cannot discover rootkits by heuristic / behaviour methods.
You cannot clean rootkits using CCleaner or other "cleaners". It's not serious.

I already discovered the alerted file using technics which are special and not to recommend to others.

The alert is part of Avast half-developed, half-debugged and doing nothing feature called "Behaviour Shield".

Thanks.  ::)

Offline CraigB

  • Avast √úberevangelist
  • Serious Graphoman
  • *****
  • Posts: 11241
  • No support PM's thanks
Re: Behavior Shield ?
« Reply #8 on: December 21, 2010, 09:01:55 AM »
Quote
" ...That alert, I believe is not part of the Behavior shield, but the antirootkit scan... "

The alert is not part of antirootkit scan, there is no such thing like "antirootkit scan" it is included in the general scan. There is no "antirootkit scan" log. Avast! logs are located in the following directory:

C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\

and none of those logs (including BehaviorShield.txt) contains the alert recorded.

You cannot discover rootkits by heuristic / behaviour methods.
You cannot clean rootkits using CCleaner or other "cleaners". It's not serious.

I already discovered the alerted file using technics which are special and not to recommend to others.

The alert is part of Avast half-developed, half-debugged and doing nothing feature called "Behaviour Shield".

Thanks.  ::)
What version of avast are you running? that popup has nothing to do with the behaviour shield.
« Last Edit: December 21, 2010, 09:04:07 AM by craigb »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Behavior Shield ?
« Reply #9 on: December 21, 2010, 11:31:14 AM »
stxNTrm06, that popup is from antirootkit on demand scanning.
It is not related to Behavior Shield.
The best things in life are free.

spg SCOTT

  • Guest
Re: Behavior Shield ?
« Reply #10 on: December 21, 2010, 12:08:29 PM »
The alert is not part of antirootkit scan, there is no such thing like "antirootkit scan" it is included in the general scan. There is no "antirootkit scan" log. Avast! logs are located in the following directory:

C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\

and none of those logs (including BehaviorShield.txt) contains the alert recorded.
The antirootkit scan runs about 8 mins after boot.
There is but since you have surely rebooted since the incident, it would have been overwritten. (aswboot.txt)sorry that was wrong. C:\ProgramData\Alwil Software\Avast5\log\aswAr.log

Quote
You cannot discover rootkits by heuristic / behaviour methods.
You cannot clean rootkits using CCleaner or other "cleaners". It's not serious.
That was only relevant to that thread in which the alert was on a temp file...

Quote
The alert is part of Avast half-developed, half-debugged and doing nothing feature called "Behaviour Shield".
That alert has been there longer that avast! 5 has existed, and therefore longer than the behavior shield has...
http://forum.avast.com/index.php?topic=41094.msg344780#msg344780

But what would I or anyone else that has spent a little time on the forum know... ::)

This will be my last post in this thread, I'm not up for wasting my time anymore...
« Last Edit: December 21, 2010, 12:53:09 PM by spg SCOTT »

Hermite15

  • Guest
Re: Behavior Shield ?
« Reply #11 on: December 21, 2010, 12:28:41 PM »
@stxNTrm06 : your intervention is completely off topic in this thread, absolutely not behavior shield related ::)

ps: and who said that CCleaner could clean rootkits here, who, where ??? the idea is indeed ridiculous but I only see it mentioned in one comment, yours.
« Last Edit: December 21, 2010, 12:30:28 PM by Logos »