Behavior-based protection is failing

Hello

I just run HijackThis 1.99 and Avast allowed run while being a unknown application.

This is a risky behavior in case of malware.

Avast needs to be improved.

Thanks

What is a “known application”?
Are you saying that avast! should warn basically about everything? I’m sure the users would hardly like that…

double post ::slight_smile:
http://forum.avast.com/index.php?topic=75859.msg643464#msg643464

I know this is like HiJacking a little i think… but I would like to see that avast popups and says something like “Hey The Program You Are downloading Might be unsafe”
And have avast put a reminder like in the popup that says remember .exe filetypes can have viruses in them.

It would be nice like if a user clicks Woah wait i change my mind i don’t want to download this the program… then avast would delete it. Its more security online. It would stop a virus. :slight_smile:

Has unknown application that Avast question before being executed.

But in the case of HijackThis 1.99 Avast only question after run.

This seems to be a dangerous bug of Avast.

Imagine if HijakThis were a virus…

What can I say…
Yes, of course, that’s exactly what we’re doing, millions times every day.
On the other hand, we obviously don’t want to alert on any non-malware files (i.e. we don’t want to generate any false positives).

It seems to me that the OP would actually want us to increase the FP rates. Or I’m completely missing something.

“Imagine if XXX was a virus” - can be said about any executable (and not only executables, actually).
Sorry, but if you’re looking for a whilelisting solution (i.e. something that allows you to run only programs you already allowed, and no other), then it’s not avast!.

I’m referring to protection by behavior of Avast and not its detection.

Please running HijakThis 1.99 and prove what I say.

that’s just another case of users taking the behavior shield and/or the auto-sandbox for what they were never meant to be.

Off Topic

@Vlk And @Ignore* Did you see my idea? Message me telling me what you think please? :slight_smile:

2Mommy: http://forum.avast.com/index.php?topic=76650.0

I just did a test.

I created an exe file with notepad and recorded on a CD.

I also created an autorun.inf and recorded on the same CD.

When testing the autorun CD in the system, Avast was not manifested allowing your execution.

Are you perhaps looking for a HIPS in effect?

Yes, yes

But I’ve been reflecting and I concluded that I am wrong.

The protection is by behavior and not by check sum.

I’m sorry to all for opening this topic.

Thanks

No need to apologize - it’s a forum for discussion!