Behavior shield log: How to interpret?

Avast Free Antivirus / Premium Security
1

Greetings eveyone,

 I have pasted below the Behavior Shield log.  I would appreciate some help in how to interpret what it is showing.  The real-time Behavior Shield graph has indicated two points within the past 24 hours where "suspicious activity" was noted, but I received no alert from Avast!

Thank you for your time and any help!

[BehaviorShield]
Action=4
MonitorLowLevelRootkits=1
MonitorMalwareLikeBehavior=1
MonitorUnauthorizedModifications=1
TrustedProcessed=

2

That isn’t the behavior shield log, looks like an extract of the ini files, which only shows the settings.

Using notepad open the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\BehaviorShield.txt, which is the report file on any activity and the action taken, which would appear to have been Allow.

3

Hi again David,

 I've pasted the info you requested below for your review.

Thanks very much again for your help!

===============================================================================

  • Started on: Tuesday, August 30, 2011 3:53:46 PM

8/30/2011 3:54:09 PM Modification of: \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
By: C:\Program Files\QuickTime\QTTask.exe
Via: C:\Program Files\QuickTime\qttask.exe
→ Action allowed
8/30/2011 9:11:41 PM Modification of: \REGISTRY\USER\S-1-5-21-1957994488-343818398-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Run\POP Peeper
By: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\12E9H9HK\POPPeeper-Install[1].exe
Via: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\12E9H9HK\POPPeeper-Install[1].exe
→ Action allowed
8/30/2011 9:31:44 PM Modification of: \REGISTRY\USER\S-1-5-21-1957994488-343818398-1606980848-500\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
By: C:\Program Files\POP Peeper\POPPeeper.exe
Via: C:\Program Files\Internet Explorer\IEXPLORE.EXE
→ Action allowed
8/31/2011 12:32:46 PM Modification of: \Registry\Machine\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
By: C:\Program Files\Poker for Dummies\Uninstall.exe
Via: C:\Program Files\Poker for Dummies\Uninstall.exe
→ Action allowed
*

  • avast! Real-time Shield Scan Report
  • This file is generated automatically
  • Started on: Wednesday, August 31, 2011 12:37:08 PM

8/31/2011 12:37:37 PM Modification of: \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
By: C:\Program Files\QuickTime\QTTask.exe
Via: C:\Program Files\QuickTime\qttask.exe
→ Action allowed

4

Honestly there is nothing to review, under the various settings of the behaviour shield some applications will be checked before being allowed to run or to be blocked, in which case you would get a notification.

The key area these are likely to fall into is that they are able to make changed to the system e.g.

MonitorMalwareLikeBehavior=1 MonitorUnauthorizedModifications=1

What they actually do would be analysed and also checked against any known good applications before being allowed to run or be blocked.

5

That seems to make some sense to me!

Once again…I thank you for taking the time to provide me some enlightenment!

6

You’re welcome.