system
1
I find Avast’s FileShield protection average against ZeroDay Malware.
Past 2 weeks I am testing Avast, AVG, Avira, MSE & Comodo AV every alternate days with 30 ZeroDay Malware from malware sites like MDL, malwareblacklist & malc0de. I am testing from past 2 weeks coz its been 2 weeks I decided & installed Avast for protection.
In all the tests Avast detects the least, even counting the malware which were autosandboxed.
I first download & save the malware & then do the tests.
If I test the same malware through browser i.e paste the malware links in the browser & go then in almost all the tests Avast is on the top. Network Shield does a great job.
So the same malware but the protection varies.
So I find Avast provides an excellent protection against malware coming through web but the main shield i.e FileShield’s protection is average. And the same malware which Avast blocked through Network Shield may not be detected by the FileShield if it comes through other channels like pendrive. Coz the shiled provides different protection & this also showed in my tests.
Atleast in my tests I found the FileShield protection average. Compared to the competitive free products mentioned above too.
Thanxx
Naren
igor0
2
And did you actually test the samples coming from a pendrive, or is it just your assumption?
system
3
I guess you didn’t read the post carefully.
I have mentioned that in my test it showed. No need for pendrive. Let me explain in little detail.
The malware link was blocked by NetworkShield i.e malware coming through web was blocked.
Disabled NetworkShield & browsed the same malware link & downloaded & saved the malware. Ran the malware. FileShield didn’t detected it, neither Autosandbox.
FileShield may detect some detected by other shields but not all as I have mentioned in the previous post the protection provided by the shileds are different.
I forgot to mention in my first post, why PUP is not enabled by default? In my test enabling PUP sometimes detected 1-2-3 more malware. Behaviour Shield never reacted.
Thanxx
Naren
The main aim of an AV is protection, so if it does not get on to the system then we win - So unless you disable web shield then file shield can sleep as it is the second line of defence (my assessment ;D )
system
5
WebShield & NetworkShield are great.
FileShield is decent, needs to improve a little especially against ZeroDay malware.
Behaviour Shield never reacts, atleast I have never seen it reacting, needs a lot of improvements.
Autosandbox works, will get better with the time.
Heuristics - How Avast detects with the Heur. I mean whats the term in detection when Heur detects malware. Like does the detection mentions Heur, suspicious or any other term.
Thanxx
Naren
system
6
One should never rely solely on one piece of security software. For instance, I run avast! Free alongside Malwarebytes’ Anti-Malware PRO. You know, a layered approach and all that.
DavidR
7
@ naren17
What version of avast are you using as version 6.0.1270 is in beta, pending release soon ?
See, http://forum.avast.com/index.php?topic=83583.0.
igor0
8
Sorry, but I’m afraid you are wrong - and you generalize a bit too much.
You wrote: “And the same malware which Avast blocked through Network Shield may not be detected by the FileShield if it comes through other channels like pendrive.”
If you really tried that, instead of assuming, you might have found out that the malware actually would be e.g. Autosandboxed if started from a pendrive. (Not sure if in 100% of the cases, but still.)
The thing is that there’s already quite a lot of “context-based” stuff in the detections - so when you start something from your disk, avast! behavior might be different from when you start the same file from a pendrive. If you copied a file on your disk from some other disk (and then executed it), avast! behavior behavior might be different from when you downloaded the same file from web (and then executed it), possibly even depending on where did you downloaded it from - etc.
It’s all not that simple as you imagine 
(Besides, if we know that a particular domain is blocked, not including the samples from that domain might even be an optimization to prevent blowing the virus definitions too much and consuming more CPU and memory - if that specific malware doesn’t normally spread via other channels; I’m not saying it’s really done that way, but the protection is expected to be used fully, the detections are certainly not prepared with the expectation that somebody disables some of the shields, for example).
system
9
I understood your points, well explained. Thanxx for the info.
I will try to do a better test with a good amount of malware & will test those malware against Avast through different channels & see what difference in behaviour Avast shows for the same malware through different channels.
Thanxx
Naren