On windows 10, I receive the message from Avast ‘your program is acting strangely’ (or similar), in reference to a portable mozilla browser (Cyberfox) running from a usb stick, which is otherwise clean. The warning pops up whenever I start the program.
I believe it is in relation to the Avast behaviour shield. A similar message also occurs with ‘DesktopOK’ which automatically saves the location of desktop items for startup to prevent misplacement.

Scanning their folders does not give any questionable results, everything is ok. I can find nothing else on the system in relation to the browser as expected eg within AppData, ProgramData etc. A scan also gives me no warning messages. I won’t post links, but if you want to test these programs, for the former I go to 8specxstudios and choose the 32 bit portable zip which is intel compatible (the program is on sourceforge). DesktopOK 64-bit is available from SoftwareOK (this is updated most frequently). The Avast ‘your program is acting strangely’ warning itself is rather vague, and after a full scan with no issues, a user may be left not knowing what to do.
I understand that it is up to the user as to whether they want to take any risk. It would be good if Avast was able to give more information as to why they are suspect or a likely level of safety judging by it’s actions.

Thanks for any info if possible (opinion regarding these two programs)

You may upload and test the program file at www.virustotal.com

running from a usb stick, which is otherwise clean.

Cyberfox has two similar executables, one in the root folder to start it up and one in the App folder (obviously relating to the main program).

Only the second ‘Cyberfox.exe’ gives one single warning:
https://www.virustotal.com/#/file/9a1cd95377073fe392595f2a1d25f01b1279ae71eb7a5db55dee9ac355628db2/detection

DesktopOK:
https://www.virustotal.com/#/file/21677ffef8566c6773aa68fcb8e41e7e8dd5658492bfe9f7f6d37461a0ebac42/detection

So as you can see if the links work, they more or less pass (as they do within Avast upon scanning).
Even though I will often have to ‘exclude’ them for their suspect activity reported by Avast, if I want to run them for the first time.
In relation to your sticky at the bottom of your post, I’ve noticed MCShield is suggested a lot. I assume the company or developer is in some way related to Avast. I might give it a go regardless. Thanks

I've noticed MCShield is suggested a lot. I assume the company or developer is in some way related to Avast.

MCShield is not a AV, it is designed to capture those malware types that try to jump from disk to disk and it ONLY target those types and doing so by behaviour not signature

More info here >> https://forum.avast.com/index.php?topic=196168.0

PDF info doc here >> http://www.mcshield.net/download/Doc/MCShield_Help_EN.pdf