Behavior Shield on Ask

I had been running with the Behavior Shield on Ask to try it out. I just switched back to Auto-Decide because it got too annoying and HIPS like. I updated my video driver yesterday and got 3 warnings during the process. It’s a signed driver from AMD so it shouldn’t do that in my opinion. I had also gotten 4 or 5 other alerts about safe applications. I can confirm now that the Behavior Shield indeed does work but it’s too aggressive in my humble opinion.

Yeah, whatever “magic pill” makes for effective behavior protection without being too aggressive, they have not found it.

I had pretty much the same results when set on Ask, it seems to be pretty much HIPS-like, it alerts on everything (or at least most things) it scans and defers action to the user.

my behaviour shield is set on ask and i find it tooo silent :confused: btw how does the behaviour shield work when you set it on auto-decide?

It pretty much allows everything on auto-decide. I never had it question or block anything. I prefer a totally silent security product.

here is trouble with that its weakness is with rasomeware or if you are unlucky a rootkit if Behavior Shield doesn’t tell you

btw please don’t get rid of this post because sick and tried you guys getting in my life

so we shud put it on all block?

put it on ask

I say leave it on auto-decide unless you want to keep getting annoyed and interrupted by alerts for things that are perfectly safe. That kind of behavior was what made me move away from Comodo and anything else with a HIPS component. Avast just needs to improve heuristics and the behavior shield to the point where it only alerts for actual malware. If that’s even possible. It should be as silent as Norton is and just as effective.

im sorry thats going to be the way of the future

I’m not sure what you mean. Which way is in the future in your opinion?

It’s definitely a matter of preference.
For me personally, if there is any question, I prefer to lean towards stronger control (hands on security) and less convenience.
I changed from ‘auto decide’ to ‘Ask’
Just my preference. :wink:

HIPS software runs in two modes; trusted publisher and manual - trust nothing.

When you install new software in trusted publisher mode, you ar trusting the publisher’s certificate that the software is malware free and legit. No one trusts certificates anymore since too many have been stolen or hacked.

That leads manual mode which will give numerous alerts on any protected area activity. How do you stop that? You install drivers and trusted software in what is called “training mode.” Usually envolves one mouse click for most HIPS’s.

I would assume the procedure in Avast would be to set behavior shield to auto decide when installing and then turn it back to ask when the installation is complete. This sure doesn’t seem a lot of effort to me and is much more secure that leaving it always in auto decide mode. I am with the camp that found they never once recieved an alert with bevaior shield set to auto-decide.

I’ve finally gotten around to upgrading avast from v6 to v7.

In terms of “first impressions”, like several people in this thread, I’ve found the behavior shield “overly chatty” when set to ASK. I had it set to ASK when using v6, and about the only time v6 ever prompted me was when downloading/installing DotNet updates. But now, under v7, it indeed appears very HIPS-like, questioning just about everything I try to do. While in general, I prefer to let avast allow me to decide what to do when a problem is found (i.e., I have ALL its other shields set to ASK), I have reluctantly set the behavior shield back to auto-decide.

Given that this thread has had no entries in about 2 1/2 months, I was wondering what other people were experiencing (or have learned) about how best to set the behavior shield. (If it makes any difference, I’m working under XP/SP3… remaining security per my signature.)

I have behavior shield set to “ask” on both computers.
I do not get asked to often to allow anything.
What i have noticed is if you have Microsoft Netframewok installed, i change behavior shield back to Auto-Decide for any updates or installing Microsoft Netframewok etc otherwise you get lots of pop ups which you have to click Allow. That is the only time i change the setting in behavior shield.

Cheers :slight_smile:

I too have it on Ask and rarely get asked, but I have unchecked the “Monitor the system for unauthorised modifications” as WinPatrol Plus and my Firewall also monitor that area.

I’m on Ask as well and never ever got asked about anything.
But this is because of D+, which jumps in first and never gives the BHS a chance to ask me. :wink:

DavidR,
Your suggestion/usage, to set the Behavior Shield to ASK, but to UNcheck “Monitor the system for unauthorised modifications”, looks like it may work as an optimal solution for me. I am testing it now, and hope to keep that setting (unless I see some adverse results in the future).
[Like you, I have WinPatrol (PLUS)… but in contrast, I’m only using the built-in Windows firewall.]

Well for me it is a very workable solution as I have that area well covered, whilst you should be OK, I would certainly be looking at getting a third party firewall. The reason the XP firewall has ZERO outbound protection and for me that is a weakness.

Yes, I realize the XP firewall offers only inbound protection… which is why I specifically pointed it out as a key difference between our setups (and the rationale used in making your choice).

The problem for me here is that, if I leave the “unauthorized modifications” box checked, the behavior shield is questioning lots of things ; for example, when something in Firefox activates its “plug-in container”. Granted, I guess I can “train” the behavior shield (like one would train an outgoing firewall or other HIPS program), but I’m debating if it’s really worth it. As noted, the behavior shield set to ASK in v6 never really bothered me, except when installating DotNet updates [when it went berserk]. So I’m trying to figure out what Avast did to it in v7. It’s fascinating to read how some here find ASK “too noisy”, while other say it’s not doing enough! Guess there’s no way to satisfy everyone.

By the way, how would you compare the relative security levels of:
Behavior Shield set to ASK, with “unauthorized modifications” UNchecked; vs:
Behavior Shield set to AUTO-DECIDE, with “unauthorized modifications” CHECKED ??
These seem to be the “practical alternatives” for me to pick between (unless I want to put up with “noise”, or train the shield).

Ky331

I can not answer about the Firefox plugin since I barely use FF, but as I told you before I have BhS in " Ask " and I had given trusted status to a half dozen progs so now my BhS is quite.

I also found out that it is better to switch BhS to auto-decide for Microsoft Thusday updates. This is only if one is running XP and there are DotNet updates availables.

Myself, like Asyn, I am running D+ and Comodo alerts are faster and a few more than Avast! so I do not notice if Avast! is realy noisy or not.