The default option for the Behaviour Shield is ALLOW. Does Behaviour Shield protect against bad stuff in this case?
Currently the Behaviour Shield is in passive mode, where data gathered during its activity is used by avast community to fine tune its filters and rules, so that when it is active (not passive) they will be more accurate giving a better balance between too strict (possible false positives) and too lax and not catching new malicious activity.
Whilst it is passive the other shields still provide the same level of protection as before.
There is nothing to stop you setting it to Ask, but then you have the dilemma of having to work out if what it is throwing up good or bad. But you would know if something was considered possibly malicious. If you know the item is good you can then allow it and it adds it to the trusted processes in the Behaviour Shield, expert settings.
Thank you. That is just the explanation I needed. The ‘Ask’ option is not too onerous because it doesn’t take too long for the requests from Behaviour Shield to subside when the legitimate processes that trigger Behaviour Shield are all dealt with. It should be reasonably obvious if a process is legitimate or not.
You’re welcome.
Yes, for those with a reasonable knowledge of what is on their system and if it is good or bad it isn’t to onerous, unfortunately for a great many users this isn’t the case and why the default is allow.
Yes, 5.1’s behavioral shield is passive and sometimes annoying with it’s questions…
6.0’s is more inteligent now. I have it setuped as “ask” but it asks only when it’s suspicious or unkown application. It doesn’t ask for safe or other applications. (avast 5.1’s behavioral shield asks every while it was annoying…), avast 6.0 asks me only once for a suspicious app.
It is not that annoying like comodo or OA until now it ask me “hey do you want to allow gigabyte driver for controlling fan speed?” :)and I say"Yep go ahead."
Hey it detect trojans when I throw them to it"not that complex trojans but at least they harm"and I do that with system shield off.
I use it in ask mode.
I am not trying to plug comodo, but it’s D+ is not nearly as annoying as it used to be last time I tried it - it seems to have a much more extensive trusted list built in now.
Because of auto sandboxing in comodo which downgrade the protection provided by comodo a lot,so bye bye comodo and see you later"100 years later I mean".
I know how to disable the sandbox but comodo IS is like a bad made cake a lot of layers but no taste at all.
I have always had the sandbox disabled - it is still almost silent on my (fairly boring) system
I’m using ask mode but avast6 beta
It isn’t annoying at all in 5.1, as by default it is a) passive and b) set to Allow, so no questions. If you are getting questions, then you set it to Ask and shot/annoyed yourself.
My guess why, is it must have also benefited from the millions of users using 5.1 and the data gathered by the behaviour shield and uploaded in the community project to refine/tune the filters and rules in the behaviour shield.
But again the default setting is Allow.
But again the default setting is Allow.Yeah, but again can be changed to Ask ;)
Yes they/you can, but don’t then say the questions are annoying (5.1) when you effectively Ask(ed) for them.
I am talking about avast 6 too :
Does Auto-decide throw an alert?
That would entirely depend on what its decision was ;D
It may decide to Allow or Ask or Block.
Good question. I uninstalled the Behaviour Shield from my Avast 5 installation but reinstalled it after updating to Avast 6 this morning. Auto-decide appears to be the default setting now.
So far the only entry I see in the Behavior Shield report is it Allowing the User Profile Hive Cleanup service when I start the computer.
2/26/2011 11:42:51 AM Modification of: \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack By: D:\Program Files\UPHClean\uphclean.exe Via: D:\Program Files\UPHClean\uphclean.exe -> Action allowed
Well with mine set to Ask (originally my settings were Allow) I have had one for DMR.
25/02/2011 02:08:51 Modification of: \REGISTRY\USER\S-1-5-21-3126928747-2492246226-67290611-1004\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags
By: C:\DMR\DropMyRights.exe
Via: C:\Program Files\Internet Explorer\iexplore.exe
→ Action allowed
I use this to limit user rights in my browsers, so I told it to Allow and remember the decision.
Check your Expert Settings, Trusted processes and see if it also added it to that ?
Mine did because I said to Allow it, I don’t know if that happens with the Auto-Decide function making the decision.
Auto-decide didn’t automatically add uphclean.exe to the trusted processes list. I guess that happens only if it Asks you first. I don’t mind Avast checking uphclean.exe on each system start and silently allowing it. I never execute untrusted software outside of Sandboxie anyway.