Author Topic: avast! 5.1.864 Behavior Settings  (Read 6814 times)

0 Members and 1 Guest are viewing this topic.

Tgell

  • Guest
avast! 5.1.864 Behavior Settings
« on: January 01, 2011, 03:25:35 AM »
Hello,
I have noticed that there are now Behavior Setting under Expert Settings. Listed are


Monitor the system for low-level rootkits
Monitor the system for malware-like behavior
Monitor the system for unauthorized modifications

Under Action my default was "Allow"

Shouldn't this be "Ask" or "Block"?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86140
  • No support PMs thanks
Re: avast! 5.1.864 Behavior Settings
« Reply #1 on: January 01, 2011, 03:49:39 AM »
For the time being anyway the behaviour shield will be running in passive mode, so making any change as far as I'm concerned could be a moot point. If you are part of the avast community then that data will be sent to avast, the idea being so that they can gather information and tweak the filters/rules to prevent poor detections.

If you took part in the beta trial you would have seen that many who change it to Ask suffered many problems (system freeze), as some of the detections/decisions could be happening early in the windows boot. Whilst this issue was largely resolved in the beta testing, personally I really don't want to be potentially interrupting the boot and suffer any problem at all.

I also don't believe you should go tweaking avast within an inch of its life  and find you have gone an inch too far until you have got more used to the program settings as they are in the default. I fee the avast developers are much cleverer than I in these matters, so I tend to leave the default settings unless I know exactly what any change is going to do.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: avast! 5.1.864 Behavior Settings
« Reply #2 on: January 01, 2011, 03:51:37 AM »
Tgell, the BeS is on "passive" mode, just collecting data to the release of version 6, expected to February.
You can set it to "ask" if you want :)

P.S. David posted first.
The best things in life are free.

Tgell

  • Guest
Re: avast! 5.1.864 Behavior Settings
« Reply #3 on: January 01, 2011, 03:52:21 AM »
Thanks for the heads up guys.  :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86140
  • No support PMs thanks
Re: avast! 5.1.864 Behavior Settings
« Reply #4 on: January 01, 2011, 04:07:26 AM »
You're welcome, Happy New Year (it is hear).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mitchell64

  • Guest
Re: avast! 5.1.864 Behavior Settings
« Reply #5 on: January 01, 2011, 05:22:06 AM »
Thank you Tgell for posting this question & DavidR & Tech for your responses it pretty much covered my queries.

I was just wondering if there is any published information explaining the behaviour shield? i expect there probably isn't as it is still early days.

Best wishes for the new year everyone

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: avast! 5.1.864 Behavior Settings
« Reply #6 on: January 01, 2011, 01:55:56 PM »
You're welcome Mitchell.
Happy New Year!
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86140
  • No support PMs thanks
Re: avast! 5.1.864 Behavior Settings
« Reply #7 on: January 01, 2011, 04:12:00 PM »
You're welcome Mitchell.

Unfortunately not, even in the avast Help Center, there is this basic information posted by one Avast Team:

- avast! Behaviour Shield, general information from an interview Softpedia - Ondrej Vlcek
Quote
Ondrej Vlcek: The Behaviour Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.

For now, the Behavior Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits.

There may well be some more snippets in the forums, but there is no collated information on it.

A Happy New Year to you too.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: avast! 5.1.864 Behavior Settings
« Reply #8 on: January 01, 2011, 05:37:58 PM »
The future of avast: http://forum.avast.com/index.php?topic=64382.msg546016#msg546016
At the first post of that thread I've mentioned the wish/necessity of having a better 0-day protection.
The best things in life are free.

mitchell64

  • Guest
Re: avast! 5.1.864 Behavior Settings
« Reply #9 on: January 01, 2011, 08:52:06 PM »
 :) Thanks again you have both been most helpful i appreciate it

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86140
  • No support PMs thanks
Re: avast! 5.1.864 Behavior Settings
« Reply #10 on: January 01, 2011, 09:57:34 PM »
No problem, glad I could help.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline danny96

  • Malware Fighter
  • Advanced Poster
  • **
  • Posts: 668
  • No-malware!
Re: avast! 5.1.864 Behavior Settings
« Reply #11 on: January 01, 2011, 10:08:12 PM »
"What may be of special interest, also, is that this is how it's going to work even in the free version (which means that the core functionality of the sandbox will likely be moved to the free AV)."

i very like this sentence!

sandbox in free version, nice!
Real-time protection and Firewall: COMODO Internet Security 12.0.0.6810 -- Additional Protection: Web Of Trust, Ublock, NoScript, Malwarebytes Premium, Avast! Online Security, Hitman Pro -- OS: Windows 10

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86140
  • No support PMs thanks
Re: avast! 5.1.864 Behavior Settings
« Reply #12 on: January 01, 2011, 10:12:16 PM »
That doesn't mean what you think it means, it won't be the same as the process virtualisation in the Pro and AIS versions.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: avast! 5.1.864 Behavior Settings
« Reply #13 on: January 02, 2011, 02:54:39 PM »
DavidR noted above the "problems" people encountered when changing from the default ALLOW to ASK.

I tested things myself... while not having an actual "problem", I was indeed subject to several prompts for permissions:

I receieved two BeS warnings (when set to ASK) about my Wireless Connector:

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

One about my firewall:
C:\Program Files\Comodo\Firewall\cmdagent.exe

and one more about my clock-synchronization:
C:\Program Files\D4\D4.exe

At that point, I switched back to the default of ALLOW... and will be leaving it that way.
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86140
  • No support PMs thanks
Re: avast! 5.1.864 Behavior Settings
« Reply #14 on: January 02, 2011, 03:11:05 PM »
I also qualified that point, that this was during the beta trials. What I do is monitor the BehaviourShield.txt file that contains what would probably be the same applications as if you had set it to Ask.

C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\BehaviourShield.txt (for XP)

Then I add these applications into the Behaviour Shield, Expert Settings, Trusted processes section. Once that is one they shouldn't feature in the report again.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security