Hardened Mode

Would someone explain to me what exactly is “hardened mode” and what is its purpose?

•avast! Hardened Mode brings an option for inexperienced users to further lock down the security of the computer in the avast! 2014 settings. If enabled, users can select between "Aggressive" mode which doesn't allow any non-whitelisted files in avast! file reputation database (e.g. unknown files) to run, and "Moderate" mode which allows any other files except those with low reputation in avast! file reputation database (e.g. low prevalence files) to run.

Basically I have this set to moderate on my system, if I run an unknown file it will ask me if I would like to either block the programme from running or add it to my exception list, so that I am not asked again and it will run as normal

I’ll go in more detail here.

Hardened Mode is designed to make protection tougher without interfering with the computer usage much.
avast! by default checks suspicious files with DeepScreen within virtual environment to see how they behave. But if you use Hardened Mode, it starts to behave a bit differently.

Hardened Mode: Moderate
Under normal conditions, if avast! decides that some file is too suspicious by various characteristics, it then throws it into the DeepScren for further scanning. But if Moderate Hardened Mode is enabled, avast! automatically blocks files that are detected as suspicious by preliminary analysis.
In most cases DeepScreen checks the file and if it doesn’t find obvious malicious problems with it, those files are started automatically after analysis. But Hardened Mode (Moderate) blocks it right there.

Hardened Mode: Aggressive
This mode behaves a bit differently. It actually relies on analysis on a very small scale and mostly relies on a huge whitelist database located in avast! Cloud. If file is located within the cloud and flagged as safe, it will allow to run it. If it’s not found or marked as bad, it will block it. So, at least based on my experience, Aggressive Mode is actually much more secure and also a lot less intrusive. Only time that it will cause problems is with some very rare old software or very very new software that isn’t used by thousands of users. Usually some very specialized programs used by only few users.
Moderate mode often feels a bit too paranoid (despite its name) because it often blocks safe programs just because they exhibit local suspicious file characteristics that are basically ignored by the Aggressive mode.

Only thing that confuses me is why Moderate mode doesn’t rely on the same whitelist to avoid these suspicious blockings. In my case, i prefer to use Aggresssive mode and i have done so on many systems and it worked like charm. No problems, no excessive blocking but with superior protection.

Thanks RejZor, nice analysis.
Information many can use. :slight_smile:

Absolutely, information I have retained the post’s URL for reference, for those seeking more information on the hardened mode.

I would agree about the Moderate setting seeming to be aggressive, I had it on for testing and disabled it again. I never even ventured to test Aggressive mode since I thought Moderate aggressive. Now I will at least try Aggressive mode to see how it responds.

Many thanks for those detailed informations about the Hardened mode :wink:
I will set it up to agressive on some friends PC who are using avast!.

Be careful with that spywar, it gives some false positives.

RejZoR
Thank you for the info. I have translated your text into Russian: http://forum.avast.com/index.php?topic=142183.0

Friday, I turned on Hardened Mode to Agressive on my WinXP desktop. Saturday, WinPatrol v29.1.2013.1 was released. As I attempted overinstalling to update, Hardened Mode prevented the install. I disabled Hardened Mode and completed the install, and allowed WinPatrol to restart. I then restarted Windows.

I then turned Hardened Mode back on with WinPatrol running and logged out. When I returned to the machine several hours later, WinPatrol was no longer running. When I tried restarting WinPatrol, Hardened Mode would not allow it. I tried rebooting a couple of times, and then turned off Hardened Mode. After reading this thread today, I tried again after enabling Hardened Mode. The only was for WinPatrol to run was to set an exclusion for it in Hardened Mode.

Either I misunderstand how Hardened Mode should work, or Avast has not yet updated the Whitelist database for the newest version of WinPatrol.

Hardened Mod should give a popup to let you know the program intercepted and crucially there is an Add an exclusion link at the bottom.

Unfortunately the popup doesn’t stay up long (for me), so why it doesn’t follow the timings for alert popups I don’t know. You have to be quick to notice it, read the file involved and if it should be allowed (excluded) to do al this in a couple of seconds. I normally have to run the program again Hardened Mode normally intercepts and I’m waiting to click add an exclusion.

The Hardened Mode popup is how I set the exclusion for WinPatrol. That part worked as expected. I was expecting Avast to whitelist WinPatrol.

Thanks for sharing by explaining in details RejZoR as I’ve set my Hardened Mode to ‘Aggresssive’ and yes it does work like charm :wink:

I use a program from Bitsum known as “Process Lasso.” Can I please request that Avast put Process Lasso on the whitelist for the Hardened Mode? When the Avast! Hardened Mode is set at Aggressive, it blocks the installation program for Process Lasso from working properly (gives an error), as well as the actual Process Lasso program if I do manage to run it after it’s installed (it crashes). Thank you…

Details: Windows XP Pro, SP3, latest visual C++ installed (2005, 2008, 2010).

Since Hardened Mode relies on the cloud, if a software is deemed safe it’s automatically whitelisted.

That is an assumption that isn’t necessarily correct - whitelisting, e.g. is only for certain known files and or those that are digitally signed in order to make it into the Persistent cache (essentially white listed).

Others may fall into the Transient cache, not whitelisted as any change in the system status, reboot or receipt of an update and or change in the file - would result in its being scanned again if active.

@David R

i saw problem of very brief popups from hardened mode when using avast 9. set info popups to 7 seconds or above solved that problem. apparently hardened mode relies on info popups. not using hardened mode on v.10, so don’t know if this still works.
give it a try.

hope it works for you
skinnypops

@ skinnypops
Thanks, I suspected that might be the case, I have my info popup set at 2 sec, for the most part that is what you want. Though I’m surprised that avast would have considered Hardened Mode popups as informative, rather than something more severe.

Now that the Add an exclusion option works, it isn’t to much of an issue, if you are quick, hover the mouse over the window/popup it doesn’t close.

Just a question about Hardened Mode: after you set an exclusion (in the pop-up), can you revoke it later, in case you change your mind?

Yes. Just open Avast > SETTINGS > General > Exclusions > Hardened mode > Look for the excluded file and delete.

Thanks! I was looking in the wrong place (Settings - General - Hardened Mode)! :-[