Hey all I new here I just installed Avast! Free on 2 of my PC’s, I have a Quick quesetion about the Behavior Shield Feature What dose this exactly do?
Dose it acctualy block programs when they do certain things that are suspect?
I have had like 5 hits on it over the last 4 Days at times when the syetem is Idle, also is there any way to view what file or program caused the detection in the Behavior Shield?
Please help I am running Windows XP and Avast program VER 5.0.677
Thanks
on 5.0, the BS is just a report tool, analyzing systems and reporting their behavior to Avast. They’ve done that for a year now. OK this being said 5.1 is being tested at the moment, and it includes a new version of the behavior shield that has a setting panel now and offers the option to allow/block detected unusual processes. It’s not very stable yet. You’re better off waiting until the final version of 5.1 is out in a few days or a weeks… I suppose. In the meantime if you do feel like testing go visit this thread:
http://forum.avast.com/index.php?topic=67766.msg570056#msg570056
… at your own risk 
(avoid setting the BS on “ask” mode though, there are issues…)
" ...Quick quesetion about the Behavior Shield Feature What dose this exactly do?... "
Quick Answer: it does just nothing but displaying useless and nagging pop-ups.
http://i381.photobucket.com/albums/oo253/mxtvmn271208/pic_02.jpg
And it seems this issue will exist in the new version of Avast as no one bothers to do something about it.
Thanks. :
That alert, I believe is not part of the Behavior shield, but the antirootkit scan:
http://forum.avast.com/index.php?topic=67718.msg569792#msg569792
The behavior shield alerts that I have seen (when using the 5.1.xx beta, are orange…
Also there is a report file for the antirootkit scan, but that is for your other thread, which you have left to disappear in the forum…
Seems a false positive of TuneUp Utilities.
Scott is right in his assumptions.
Thanks for confirming Tech
To answer the other questions, like Logos said, in the beta version it is improved.
Dose it acctualy block programs when they do certain things that are suspect?Yes, more so in the beta version... One example I have seen is alerts on the modification of:
\REGISTRY\USER\S-1-5-21-749254142-602152416-2417861921-1000\Software\Microsoft\Internet Explorer\Main
Which I am reliably informed is a method of connecting to the internet without opening Internet Explorer
Although I have found that a few of my programs use this…so it could become tiresome…but that is why avast! is introducing it bit by bit…
Scott is right in his assumptions.
Probably a false positive of TuneUp Utilities.
" ...That alert, I believe is not part of the Behavior shield, but the antirootkit scan... "
The alert is not part of antirootkit scan, there is no such thing like “antirootkit scan” it is included in the general scan. There is no “antirootkit scan” log. Avast! logs are located in the following directory:
C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\
and none of those logs (including BehaviorShield.txt) contains the alert recorded.
You cannot discover rootkits by heuristic / behaviour methods.
You cannot clean rootkits using CCleaner or other “cleaners”. It’s not serious.
I already discovered the alerted file using technics which are special and not to recommend to others.
The alert is part of Avast half-developed, half-debugged and doing nothing feature called “Behaviour Shield”.
Thanks. :
What version of avast are you running? that popup has nothing to do with the behaviour shield.
stxNTrm06, that popup is from antirootkit on demand scanning.
It is not related to Behavior Shield.
The antirootkit scan runs about 8 mins after boot.
There is but since you have surely rebooted since the incident, it would have been overwritten. s[/s]sorry that was wrong. C:\ProgramData\Alwil Software\Avast5\log\aswAr.log
You cannot discover rootkits by heuristic / behaviour methods. You cannot clean rootkits using CCleaner or other "cleaners". It's not serious.That was only relevant to that thread in which the alert was on a temp file...
The alert is part of Avast half-developed, half-debugged and doing nothing feature called "Behaviour Shield".That alert has been there longer that avast! 5 has existed, and therefore longer than the behavior shield has... http://forum.avast.com/index.php?topic=41094.msg344780#msg344780
But what would I or anyone else that has spent a little time on the forum know… :
This will be my last post in this thread, I’m not up for wasting my time anymore…
@stxNTrm06 : your intervention is completely off topic in this thread, absolutely not behavior shield related :
ps: and who said that CCleaner could clean rootkits here, who, where ??? the idea is indeed ridiculous but I only see it mentioned in one comment, yours.