My questions, suggestions about avast!

Hi, I really want to know some things which are actually unkown to me

  1. How does Avast! shields cooperate? That’s like a WS scans a file you have just downloaded so the FS won’t scan it cuz other shield did?
  2. How does FileRep cooperate with shields? The file is first scanned by WS and when WS doesn’t find anything but the file has low reputation then a FileRep will popup?
  3. Why there are Program updaters and VDB updaters when Program updater updates also VDB? Why Program updater does not update only program as itself without VDB? And why there is not only one update button anyway? Maybe easier will be to have one update button and above it will be two checkboxes (Update program, Update VDB) similary like in AVG.
  4. Why network shield has no advanced options? Why has no “shield log” button in its tab ?
  5. Script shield, behavior shield and network shield has not changable heuristics? I can’t see it in settings anywhere.
    6) Autosandbox feature everytime ends with “We couldn’t find enought evidence to identify file as malware”. Can It says “it has enought evidence” or It’s still WorkInProgress?
  6. I don’t understand functionality of BS. I have it set Auto-decide mode but when it find suspicious file then weird “Suspicious file found” popup and you have to choose action. (I think it’s BS I found it on one youtube video and guy said its popup of BS)
    8 ) Does script shield scanning only in browsers or it does scanning scripts on FS too? So shouldn’t it be part of Browser protection?

I have suggestions here as well

  1. How about to bring some settings into new protection status tab? For example turning all shields off from settings. Or change all shield’s heuristics.
  2. Make site blocking as part of WS (move it to web shield advanced settings - Like it was in AVAST 4)
  3. Make one extra button for simply adding exclusions for all scans and for all shields
  4. Make one extra button for simply making PUP detection to be set for all scans and for all shields simply with one button (because it’s weird when the resident shields detect PUP but scan doesn’t)

Thanks for answers.

3) Why there are Program updaters and VDB updaters when Program updater updates also VDB? Why Program updater does not update only program as itself without VDB? And why there is not only one update button anyway? Maybe easier will be to have one update button and above it will be two checkboxes (Update program, Update VDB) similary like in AVG.
There are those that only want to update the signatures...but does not want to move to a new program version...... maybe there is a problem with a new version and they want to wait
6) Autosandbox feature everytime ends with "We couldn't find enought evidence to identify file as malware". Can It says "it has enought evidence" or It's still WorkInProgress?
i guess when there is enought evidence you will have a "Malware detected, in file XXXXXX detected as W32/xxxxxx [trj]

have you looked in avast help file for info on shields…top right corner?
also see here http://en.wikipedia.org/wiki/Avast!

Yes I was studying manual really long time . But I couldn’t find these things.
Also I want to know why I can’t run file in autosandbox … It everytime terminate it in ~15 seconds. That’s limit of free version, right?

No, it doesn’t work that way, there’s no such cooperation. A process (e.g. a browser) downloading a file from web, and the same process creating a file somewhere… they are two separate actions and it would be rather hard to connect them, i.e. to make sure that the created file contains the same data as the network stream supplied. (Sure, the content can be compared, but it’s a similar action to scanning the file).
In specific cases, there are some data persisted from one scan that can be used in another one, but it’s not that simple as “WS scanned the file already, FS doesn’t have to”.

FileRep doesn’t really “cooperate” with shields - FileRep is a subsystem the scanner may use. So, when a scan is being performed, the scanner may say “I would like to know the reputation of this file, let’s ask the cloud”, the request is performed, and the scanner uses that information somehow.
In the special case of WebShield, the information about the reputation is propagated up to the program - and yes, when the ordinary scan didn’t find any infection, but the reputation is low, the warning is shown.

The virus definitions cannot be older than the program - that’s something we rely on internally. So, program update always updates the virus definitions, and always will - to prevent the “bad situation” from happening. (Besides, I don’t know why anybody might want to update the program, but not the virus definitions).

The program update generally requires a reboot of the computer, which might not be wanted in every situation, the automatic program update is spread into a much wider time range, people might want to have virus definition updates on automatic but program updates on manual… those two have to be separate.

Why doesn’t it have any advanced options? Well, because it doesn’t have any… should we have there an empty window? ;D
Shield’s log… well, it could be there, but if all scanned connections were to be logged, it would be rather huge and hard to read (and possibly slowing things down).

No, there’s no heuristic settings for those.
I suppose the might be for the Script Shield.

Yes, it certainly can say that the file is malicious.

I’m not sure what you are trying to say, but anyway - the main thing the Behavior Shield does is provide context information for other shields (mainly FileSystem Shield), i.e. making many of the heuristic detections work (i.e. something invisible, but important performed on background).

Script Shield is just a module to deliver the script from the browser to the scanner (just like FileSystem Shield is a module to catch filesystem operations and deliver the accessed files to the scanner) - the scanning part is the same in all cases.

Hey Igor, what happens if the Behavior Shield of Avast 7 is not installed? Is Avast still able to do all the heuristic detections/tests? or maybe just some of them?

Thank you in advance.

No, certainly not all the heuristics. Some of them, yes.
Besides, I believe that the Script Shield doesn’t work (or only to a very limited extent) without Behavior Shield.

Thank you for your answer, Igor.

EDIT
Quote: Yes, it certainly can say that the file is malicious.

If so, there will be actions - MOVE TO CHEST or something?

Also I’d like to know why I can’t run file forever in autosandbox … It everytime terminate it in ~15 seconds. That’s limit of free version? I think there should be option after analyzing program to keep running program in autosandbox. Because no one can identify if this is harmful app in 10 seconds.

1 more q
Does on-demand scanner check registry?

Thanks again, Igor. I will add Behavior and Script Shields to my current Avast installation.
Last question: if I have a program (a HIPS software) added to the File System Shield exclusions, is it already excluded from the Behavior Shield scanning? I mean, in this scenario, would adding that program also in the Behavior Shield exclusions be redundant for the Behavior Shield scanning itself?

@danny96: I’m sorry if I have somehow hijacked your thread