Author Topic: Behaviour Shield  (Read 7606 times)

0 Members and 1 Guest are viewing this topic.

Offline naren17

  • Sr. Member
  • ****
  • Posts: 261
Behaviour Shield
« on: January 01, 2011, 01:07:40 PM »
Whats the use of Behaviour Shield if the action is set to allow??? How BS will protect???

Thanxx
Naren

Offline Tenko

  • Sr. Member
  • ****
  • Posts: 205
  • Download only known security software.
Re: Behaviour Shield
« Reply #1 on: January 01, 2011, 01:12:08 PM »
hey and warm welcome to avast forum!

Since BS (behavior shield) is not complete it wont give that much of additional protection. If you want to get alters I recommend you to put it on ask; it will maybe increase the chances of stopping a malware.

I think if you have it on ask and you try to install Malwarebytes it will give ask you if you want to allow the installation.

Enjoy your stay

Regards,
              Tenko
« Last Edit: January 01, 2011, 01:14:16 PM by Tenko »
WMware:
OS: OpenSUSE 11.3

OS: Win 7
Security: Avast free with OA (onlinearmor)

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Behaviour Shield
« Reply #2 on: January 01, 2011, 01:20:47 PM »
If you set it to Ask, it will alert you a supicious behavior is detected, with the ability to take actions accordingly.

As I already said in one of the other threads:

The Behavior Shield works only in "passive mode", which means that the new sensors will be active but won't be stopping the attacks, just reporting them to our backend infrastructure (unless you have opted out from the avast! community membership). This is to allow us to collect enough data before enabling the protective layers in Q1 2011.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4130
  • There is no magic, only lost physics
    • spg SCOTT
Re: Behaviour Shield
« Reply #3 on: January 01, 2011, 01:25:14 PM »
Vlk,

On one system I have it set on ask, and I have had a few popups. I presume you still get info for the behavior shield when set like this?

The main one I get is when an application tries to connect to the internet, and uses a reg key to do that. With so many applications that do this (as well as malware I understand) will the allowed applications be taken into account as you improve the behavior shield?

Scott
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67269
Re: Behaviour Shield
« Reply #4 on: January 01, 2011, 01:48:24 PM »
I presume you still get info for the behavior shield when set like this?
Will the allowed applications be taken into account as you improve the behavior shield?
Scott, I think so.
If not, really, it will be stupid imho.
The best things in life are free.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9267
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Behaviour Shield
« Reply #5 on: January 01, 2011, 01:57:45 PM »
Yes, that's why it's set to Allow. It lets everything through for now, but logs all the programs and actions and submits this info to CommunityIQ for further analysis. I'm guessing this is just a preparation for avast! 6.x where it will be set to Block mode by default. Or at least Ask.
Visit my webpage RejZoR's Flock of Sheep

Offline naren17

  • Sr. Member
  • ****
  • Posts: 261
Re: Behaviour Shield
« Reply #6 on: January 01, 2011, 01:59:00 PM »
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

Thanxx
Naren

Offline Hexo

  • Full Member
  • ***
  • Posts: 131
    • Blog
Re: Behaviour Shield
« Reply #7 on: January 01, 2011, 02:03:37 PM »
Is there a way to test the Behavior Shield?
Main PC: Windows 7 64bit, Core I5 2500K, F-Secure IS2012
Notebook: Dell XPS 1530, Windows 7 64bit, Kaspersky IS 2012
Second PC: Windows XP 32bit, F-Secure IS2011 | Asus Eee PC 1000H: Windows XP 32bit, avast! IS

Offline Tenko

  • Sr. Member
  • ****
  • Posts: 205
  • Download only known security software.
Re: Behaviour Shield
« Reply #8 on: January 01, 2011, 02:13:56 PM »
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

Thanxx
Naren

FP is better than an infection. That's just my opinion.

Take care! :)
WMware:
OS: OpenSUSE 11.3

OS: Win 7
Security: Avast free with OA (onlinearmor)

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Behaviour Shield
« Reply #9 on: January 01, 2011, 02:22:27 PM »
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9267
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Behaviour Shield
« Reply #10 on: January 01, 2011, 02:24:15 PM »
Is there a way to test the Behavior Shield?


Only way to do that is to use Behavior Shield as the only provider and simply execute programs and malware. Of course in a strictly controlled and isolated environment like VMWare Player...
Visit my webpage RejZoR's Flock of Sheep

Offline naren17

  • Sr. Member
  • ****
  • Posts: 261
Re: Behaviour Shield
« Reply #11 on: January 01, 2011, 02:36:45 PM »
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.

Thanks
Vlk

So I guess currently its like a light HIPS which asks to allow/block the app in question. BS should only popup when it detects malicious behaviour & not for every apps to ask allow/block like HIPS. Hope when BS is fully functional it will act like a BB & not HIPS, especially when Avast has always implemented the changes in their softwares keeping in mind the majority i.e average users.

Thanxx
Naren
« Last Edit: January 01, 2011, 02:38:55 PM by naren17 »

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Behaviour Shield
« Reply #12 on: January 01, 2011, 02:48:40 PM »
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.


So I guess currently its like a light HIPS which asks to allow/block the app in question. BS should only popup when it detects malicious behaviour & not for every apps to ask allow/block like HIPS. Hope when BS is fully functional it will act like a BB & not HIPS, especially when Avast has always implemented the changes in their softwares keeping in mind the majority i.e average users.

It's not like a HIPS even now... Set it to Auto and you'll see...
On a typical system, it doesn't really ask anything at all.


Thanks
Vlk

If at first you don't succeed, then skydiving's not for you.

Offline naren17

  • Sr. Member
  • ****
  • Posts: 261
Re: Behaviour Shield
« Reply #13 on: January 01, 2011, 02:54:35 PM »
I guess now setting it to ask will give lots of FP's i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.


So I guess currently its like a light HIPS which asks to allow/block the app in question. BS should only popup when it detects malicious behaviour & not for every apps to ask allow/block like HIPS. Hope when BS is fully functional it will act like a BB & not HIPS, especially when Avast has always implemented the changes in their softwares keeping in mind the majority i.e average users.

It's not like a HIPS even now... Set it to Auto and you'll see...
On a typical system, it doesn't really ask anything at all.


Thanks
Vlk



Set it to auto means the default allow, right??

Thanxx
naren

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4130
  • There is no magic, only lost physics
    • spg SCOTT
Re: Behaviour Shield
« Reply #14 on: January 01, 2011, 02:55:57 PM »
I'd say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That's because there's already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you'll see.

Thanks
Vlk

I have had a few, mostly from trying to connect to the internet (e.g. hitting F1 for help) I have added some to the trusted list.
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman