Behaviour Shield

Avast Free Antivirus / Premium Security
1

Whats the use of Behaviour Shield if the action is set to allow??? How BS will protect???

Thanxx
Naren

2

hey and warm welcome to avast forum!

Since BS (behavior shield) is not complete it wont give that much of additional protection. If you want to get alters I recommend you to put it on ask; it will maybe increase the chances of stopping a malware.

I think if you have it on ask and you try to install Malwarebytes it will give ask you if you want to allow the installation.

Enjoy your stay

Regards,
Tenko

3

If you set it to Ask, it will alert you a supicious behavior is detected, with the ability to take actions accordingly.

As I already said in one of the other threads:

The Behavior Shield works only in “passive mode”, which means that the new sensors will be active but won’t be stopping the attacks, just reporting them to our backend infrastructure (unless you have opted out from the avast! community membership). This is to allow us to collect enough data before enabling the protective layers in Q1 2011.

Thanks
Vlk

4

Vlk,

On one system I have it set on ask, and I have had a few popups. I presume you still get info for the behavior shield when set like this?

The main one I get is when an application tries to connect to the internet, and uses a reg key to do that. With so many applications that do this (as well as malware I understand) will the allowed applications be taken into account as you improve the behavior shield?

Scott

5

Scott, I think so.
If not, really, it will be stupid imho.

6

Yes, that’s why it’s set to Allow. It lets everything through for now, but logs all the programs and actions and submits this info to CommunityIQ for further analysis. I’m guessing this is just a preparation for avast! 6.x where it will be set to Block mode by default. Or at least Ask.

7

I guess now setting it to ask will give lots of FP’s i.e number of popups. So not recommended atleast for average users, right?? Lets see how it functions when it will be fully functional in V6.

Thanxx
Naren

8

Is there a way to test the Behavior Shield?

9

FP is better than an infection. That’s just my opinion.

Take care! :slight_smile:

10

I’d say that even now, if you set it to Ask, the number of popups will actually be fairly low. Typically very low actually. That’s because there’s already some intelligence behind this that is making certain decisions on its own.

Try it for yourself, and you’ll see.

Thanks
Vlk

11

Only way to do that is to use Behavior Shield as the only provider and simply execute programs and malware. Of course in a strictly controlled and isolated environment like VMWare Player…

12

So I guess currently its like a light HIPS which asks to allow/block the app in question. BS should only popup when it detects malicious behaviour & not for every apps to ask allow/block like HIPS. Hope when BS is fully functional it will act like a BB & not HIPS, especially when Avast has always implemented the changes in their softwares keeping in mind the majority i.e average users.

Thanxx
Naren

13

It’s not like a HIPS even now… Set it to Auto and you’ll see…
On a typical system, it doesn’t really ask anything at all.

Thanks
Vlk

14

Set it to auto means the default allow, right??

Thanxx
naren

15

I have had a few, mostly from trying to connect to the internet (e.g. hitting F1 for help) I have added some to the trusted list.

16

Well, not that many indeed. Few.

Well, there is not auto right now. There are ask, block and allow.
But I think I understand what you’re asking. Default right now is passive, allow all.

17

Is this from the release version, or from a previous beta?

Thanks
Vlk

18

Well Vlk mentioned auto thats why I asked.

Thanxx
Naren

19

The beta versions (I installed over) but I did delete a couple, and they still gave an alert. Should I try deleting them all and see which ones give the alert again

20

I think just for the sake of understanding the situation, it would be useful.

Thanks
Vlk