I wanted to try and get more of an explanation of Behaviour Shield, quite often there is no activity in the shield’s tab whatsoever, however the past few days I’ve been informed of activities which avast is allowing within the NativeImages folders (it often lists 4 behaviors all allowed by Avast! IS). I’ve also had some from Windows Defender Definition Updates (which seems to be a normal thing).
I was just wondering if anyone else with Behavior Shield was getting these NativeImages behaviors appearing for them on Windows 7, to confirm if it’something to not bother about?
I believe the item in question also had system.windows.forms in it’s location description (the nativeimages behaviour that is).
Malwarebytes Anti-Malware tells me there is nothing (quick and full scan) and same goes for Avast! with both scans, this in the past would have normally been enough for me but this who behavior shield thing is giving me added worry.
Nope, I’ve not had any warnings at all… though I still seem to worry. Malwarebytes was clean, Avast was clean, nothing is popping up as “Infected” on the shield. I’m just not really sure of the workings of the Win 7 operating system so not entirely sure what NativeImages are. The internet doesn’t often help my worries as everywhere seems to have pages to whatever I’m looking up saying “Is such-and-such a virus”.
It’s just never really popped up before and it has done the last 3 times I’ve booted up and gone into my account on windows, after an update I might add (which might have something to do with it?).
I’ve been monitoring the Behavior Shield the past weekend and every day there has always been Behavior shield activity, which Avast is noticing but letting through. Since I’ve not really had much activity on the shield besides occasional instances where I know it happens (windows defender updates etc), I can’t help but feel a little concerned.
It appears to be two particular .dll appearing in the Behavior Shield and it seems to be wininet.dll and something in the nativeimages folders which looked something like windows.forms.dll. I was just wondering if anyone else running the behavior shield post this months windows update were experiencing the same thing? Also if anyone with knowledge of windows 7 could perhaps enlighten and reassure me as to what these “behaviors” actually are?
Wininet appears to be something related to an internet process?
I just don’t understand why suddenly these are actually appearing, I’ve gone though months without even noticing a wininet behaviour pop up. Is this something to do with the last windows update? Or maybe something to do with an avast update?
Ah, so you think it’s nothing to bother about? I was just a bit confused as I’d some days not have any behavior hits at all and all of a sudden in the last week I’m usually seeing 2-4 daily which avast just notices and thinks nothing more of it.
The other one popping up (that I didn’t remember the details of the other day) is system.windows.forms.ni.dll, it apparently says it’s something to do with .NET Framework.
This is a commercial site and the idea is for you to use their tools .. A lot of programmes use the net framework, that way they can reduce the download size as the files are already on the computer
When you say programs what do you mean? Currently I have next to nothing on this machine program wise, I’d removed everything prior to be unsure of the process when having a new HDD added (the previous one being faulty).
There was another that came up as 1/0 on the shield, iertutil.dll.
I can confirm though that since about last Tuesday there has been without fail at least 2 every single day when I log in, when before there were none at all, unless something like Windows Defender did definition updates. Also mentioned on another thread about them popping up when I performed the windows disk clean or when doing a scan with malwarebytes.
I can confirm that both avast! IS and malwarebytes, far as I know from scans haven’t detected anything malicious, is that usually a good enough indication that my worries are not needed? I guess I’m just looking for a reason why these processes/things in this thread are appearing only this week every time I sign into windows. Would it be something to do with a windows update? Or maybe one of avasts? which makes the behavior shield notice them when signing in?
Behaviour shield is being improved on a daily basis now so there is the probability that more files are being investigated, especially with the new evo and dyn detections http://blog.avast.com/2012/12/03/new-toy-research-lab/
I don’t think there is a link between Behavior Shield and those backend stuffs. But still, sure improvements on Autosandbox will come as well (hopefully) Behavior Shield improvements.
