Behavior Shield alert

So this morning after I rebooted computer to instal the newest Avast version, I got alert from new Behavior Shield that said one of my programs was behaving suspiciously showing a process path of apparently a network system component and calling out “IDP.generic”. Went and tried “Fix automatically” (since only options were that and “Ignore”) before taking a screenshot, but the notification reappeared after a while and I selected the option again. After that I haven’t got Behavior Shield notifications even after rebooting my computer once and either MBAM 3.0.6 premium (trial version) or new Avast have found anything. I already wrote small topic about this to Viruses & worms subforum, but since I was dumb and didn’t realize to take a screenshot no one didn’t seem to know how to help :-[

So since I don’t have experience with new Avast, I’m not sure how to react or deal with Behavior Shield alerts.

Without knowing the path and file name of the detected file, it’s hard to say. Can you check in Virus Chest if it’s by any chance in there? Though I think Behavior Shield doesn’t quarantine files…

Yes, it does that by default :

The Main Settings screen allows you to specify what action to take if a threat is detected:
  • Always ask: sends you a notification when a threat is detected and provides options for further action. You can decide to move the file to the Virus Chest, remove the file completely, or ignore the detection.

  • Automatically move detected threats to Chest: moves all detected threats to the Virus Chest automatically.

  • Automatically move known threats to Chest (enabled by default): moves only known threats to the Virus Chest automatically. This setting only applies to files which are verified as dangerous and included in the virus definitions database.

Greetz, Red.

The only options I had were either to try to fix the file automatically or ignore the alert. ???

Rednose is right. “Fix automatically” means “Move to Virus Chest”. Right click avast! icon next to Windows clock and select Virus Chest. Tell us what is the file name and where it was detected. That will give us general clue what we are dealing with.

Virus Chest appears to be empty… But since I remember the file name being possibly some kind of system network(profile?) directory I guess it couldn’t put it in Chest? Nonetheless, I did a scn with FArbar and inserted the logs into my topic at Vriuses and Works subforum to see if anyone could help to check out possible gremlins.

Are you sure it was a Bahavior Shield alert, and not a File System Shield one ?

That said, be patient for help in " Viruses and worms " as only qualified Malware Analysts are allowed to help you there.

Greetz, Red.

It said “Behavior Shield” in the upper bar of the alert window. Also when I got it, I couldn’t click “Show last popup” option by right-clicking Avast icon next to Windows clock after recieving the alert.