I am new to AVAST so I had a couple of questions about this.
First off - for lack of a better term, the behavior shield module seems a bit “flaky”.
I’ll only bother you with three of my applications, but …
AutoShutdownPro has several settings that affect the registry. AVAST warned me about this and I added the program to the Trusted Programs list and allowed it. However, I still see warnings about Autoshutdown, but less frequently.
WallPaperMaster changes my wallpaper on bootup (as you might guess), and AVAST flagged it. I added it to trusted programs and haven’t seen another message. However, I had rebooted the machine four or five times before I got the first warning, and i should have been doing the same thing each time - so if it were infected, it would probably have spread by now.
I was having problems with Internet Explorer not opening, so I had to re-install it. The installer removed the previous version and AVAST warned me about ie8spuninst.exe wanting to change a registry setting. That was good and what I would expect, but AVAST said PSTrayFactory was trying to make the change running via ie8spuninst.exe - which seemed odd to me.
First question - is this normal for how the Behavior shield should react?
Second Question - is there a way to ignore the status of a disabled component?
I am thinking about if Behavior Shield continues to be annoying …
AVG had an option where you could disable (for example) the E-Mail scan and set a checkbox to ignore the state of the component and it would look fine in the systray but would show as disabled in the User Interface.
It makes sense to me if AVAST wanted to NOT have an option like this, as malware could disable the service and set the flag and the user would not know they were at risk.
For me personally, I’m comfortable with the concepts:
This is a pop-up but it’s about a program that I’ve run for years and it doing something I expect it to do, so I should allow it.
This is a pop-up about a program I’ve never heard of trying to change something out of the blue, so I should disallow it.
However - I’m concerned about allowing it on less computer literate family members computers or when they use the main computer - “Is the PC infected? I don’t know whether I want to allow this or not?”, etc.
I realize when I custom installed AVAST, there were options to install or not install each shield component, so I could do and uninstall/re-install to disable it and have the systray look normal, but that seems a bit cumbersome.
You have to understand the three areas that the behavior shield (see image1), expert settings are enabled by default and how these programs work and how the behavior shield would interact with them.
Certainly by their program names alone I can see them probably changing system settings, etc. and that is one area that is monitored. Whilst the default setting is Auto as for the most part your average user won’t have the knowledge to answer the question and make a decision.
I have mine set to ask, so I know what is going on and that you have also, given you are getting the pop-ups. When you get the pop-up you can easily allow it and add to the trusted processes (image2), but as you say this may not be suitable for inexperienced users. So you have to decide if you should leave it on Auto or uncheck the ‘Monitor the system for unauthorised modifications’ option.
I suggest a rummage through the avastUI, Real-Time Shields settings, etc. and the Help Center/file, to make yourself more familiar with the avast settings and how it may impact how you use it. Avast is the most configurable AV that I have used, so plenty of scope for user configuration rather than uninstalling a component.
I did indeed have AVAST set to ask - I had another AV run and “Scan and automagically fix errors” and spent a week trying to get the system bootable again - but I won’t go into that here.
Unchecking “Monitor the system for unauthorized changes” would be the best settings for non-computer-literate users and for me if behavior shield ends up annoying and a better solution than turning it off also.
I was unable to display the AVAST .chm help module. The left side worked, but the right side was blank - but I am still recovering from the malware attack, so I don’t know if it is the AVAST file or all .chm files that have the problem.
I’m still wondering if my initial results were normal - i.e.:
Once I add AutoShutDownPro to “trusted programs”, I shouldn’t see additional pop-ups about it, should I?
Seems odd that AVAST let WallpaperMaster run about 5 times before sending a pop-up
Seems odd that AVAST said ie8spuninstl.exe was being run by PSTrayFactory.
If you also have other applications that monitor system changes, such as WinPatrol (I have the WinPatrol+ version), then it is fairly reasonable to disable that option.
Just click the Help Center option at the top right of the avastUI, that opens the help file.
I would say based on the avast settings then that would be normal activity for the behavior shield if the programs are touching/changing areas that it is monitoring.
Once you add AutoShutDownPro to “trusted processes” not program, you shouldn’t get any pop-ups from the behavior shield for that process. But if it were to launch other processes that wouldn’t stop it pinging on the other application (if required by the settings and actions), as you are only excluding the actual file and not any subsequent activity by that process.
I don’t find it strange, as like virus definitions the behavior shield rules/filters, etc. will also be updated.
I can’t comment on the “Seems odd that AVAST said ie8spuninstl.exe was being run by PSTrayFactory.” Since I don’t know how you initiated the IE8 uninstall nor what the alert window contained.
So does the behaviour sheld notifies when it blocks anything when set to default i.e auto?
Coz I have 1 thing blocked in the graph today but was not notified.
In my experience, if left on auto-decide, you will get no alerts/notifications. There might be exceptions to this rule, but I have never seen one personally. AIS firewall works this way also. Meant to be as low-profile as possible, do most of the thinking for you.
I would look in the log as I don’t think it was blocked, but considered suspicious (If you were looking at the graph I don’t think that is too accurate), e.g. Last suspicious event:
Are you sure that this is every couple of weeks as the frequency isn’t anywhere close to that figure.
Over the last 5 months or so I have seen a ‘Summer Offer’ 22 July, an avast AIS 15 day trial 11 September and one for the new password protection program (EasyPass) 28 October.
The registration for Avast Free is “free”, but still requested / required once a year or so, after the first 30 days from installation date. See Avast main GUI → Maintenance → registration.
The forums posting dates aren’t any good guide as they would differ from person to person as they aren’t all going to receive the things at the same time.
One of them the Upgrade to Pro/AIS offer would only come at a point in time when you have X months/Days of the free registration remaining. So you could see lots of occurrences like this but the time frame relates to a users re-registration dates.
As a new avast user, if you hadn’t registered avast, that may generate a reminder to register and possibly an offer to upgrade.
@ady4um - That isn’t the problem, AVAST Free is registered. I’m getting messages similar to what DavidR posted about the free trial of the premium version.
@DavidR - You misunderstood my comment on the forum posting dates. “I” posted this thread initially on 12Oct11. That was when I was confused on how Avast works, so I had only been using it for a couple of days at that time. So my total time running it is around 3 one month or so.
Anyway - another Google search brought up this 13-page thread on the topic.
Not a lot of info there - except that a suggestion somewhere else of blocking AVASTui.exe on the firewall doesn’t seem to make a difference.
Personally, I’m just going to agree with comments in the other thread. Ideally I would prefer to see a main menu setting for “Show/Block Special offers from AVAST”. If that doesn’t happen, I’d like to see a registry setting or .ini file setting to block this.
Since neither seems very likely - at least there seems to be an option in settings to limit the time that pop-ups are displayed for.
Again - I appreciate the assistance and allowing me to voice my thoughts on the issue.
I’m going to be “inaccurate”, to say the least (and I really don’t like to be so).
“Something sounds wrong”. As DavidR said, such amount of “ads” is not typical. Although Avast is showing some ads from time to time (including offers to upgrade to Pro or to AIS), I have never seen such frequency as you described (or at least, as much as my impression of your posts). The only place Avast shows such messages frequently is inside the main GUI itself, and only if you open the main GUI → Summary page.
Other security tools indeed implement such “adware” techniques with an abusive frequency IMO, but I haven’t seen Avast in such “extreme” situation.
If this would be happening in my system, I would had ran the removal utility for Avast http://www.avast.com/uninstall-utility under Windows Safe Mode and would had re-install Avast Free (not trial) latest stable version ANEW. But that’s just me :).
I believe the free (not trial) version is what I initially installed.
Playing devil’s advocate, I don’t think it was MORE than two pop-ups and it might have been one for Pro and one for AIS. Perhaps long-time users get them spaced out over six-months and new users get them every two weeks since they haven’t seen them before.
For now, I’m just going to reduce the pop-up duration and monitor the situation - unless there are other suggestions.
@ Tiger-Heli
The link which you gave was all about the first one mentioned in my post ‘about the Summertime offer’ and I think that particular horse was well and truly thrashed in the 13 pages…
I too rather doubt that they are going to include functionality to block offers or periodic ads (it is the nature of the beast), as the other topic thrashed out avast hadn’t previously used these (unlike other free AVs), so it was more of a surprise for me than anything else.
If the ads are unobtrusive like the small toaster style pop-up, that aren’t massive, centre screen and steal focus, or overly frequent then I feel people aren’t going to be overly concerned and be looking for a way to block.
I agree the horse is pretty well-trampled in the other thread.
That said - The “umbrella” AV got a pretty bad rap for similar behavior - but basically all you had to do with it was uncheck “Install the Ask Toolbar and change my homepage to Ask.com” in the initial install and then change the group policies to prevent AVnotify.exe from running. I admit most casual users won’t know that, but once done, it was free of advertisements. (I’m not getting into a discussion of features as I prefer the way AVAST works overall.)
Also - no offense, but if people weren’t overly concerned or looking for a way to block the pop-ups, the linked thread wouldn’t have run to 13 pages, would it? (OTOH, if the fix requires more work than changing a registry line or blocking a particular program (like if you had to reverse engineer AVAST to prevent it), I agree virtually nobody will bother).
(OTOH, if the fix requires more work than changing a registry line or blocking a particular program (like if you had to reverse engineer AVAST to prevent it), I agree virtually nobody will bother).