What does the behaviour shield do in Avast 7 Free?
A few more questions:
Does the B-Shield have pop-up window if anything is detected? When set to Auto/Ask? (*)
Since I was always under the assumption that the B-Shield was part of the Auto-Sandbox, if I don’t install the B-Shield will the Auto-Sandbox still function, and how?
(*) I asked this because someone on another forum did mention it.
Quote from igor (Avast! team): the main thing the Behavior Shield does is provide context information for other shields (mainly FileSystem Shield), i.e. making many of the heuristic detections work (i.e. something invisible, but important performed on background)
note that without behaviour shield, script shield does not function at all
But frankly, from my experience, even when provoking it intentionally with actual malware, you will NEVER see it do anything for as long as it’s set to Auto Decide (Ask mode doesn’t really count as it’s way too noisy). In all the time, i haven’t seen a single detection by the Behavior Shield. Context or not, from my point of view it doesn’t do much. I’d prefer a proper full featured Behavior Blocker like i’ve seen them years ago (Cyberhawk/ThreatFire) comes to mind. Or the older Kaspersky PDM which still seems to do remarkably well. Oh well…
I have the Behavior Shield set to Auto-decide. Since powering up just over 3 hours ago, it’s currently showing 68 items scanned. In it’s history, the count for the past week is 6021.
This past week’s history says that 3 items were blocked. My grandsons were using the computer to play games over the internet, so they likely stumbled into something. Avast and MalwareBytes full scan afterwards found no infections. They weren’t logged into the only admin account on this machine.
if you want it to show alerts when it blocks any malicious programs… you would have to change settings to block so that it will detect and deny every suspicious events recorded in auto-decide mode
Even the “red line” event doesn’t mean anything was actually blocked. It just means something triggered Behavior Shield, but since it always allows everything on Auto-Decide, it won’t actually block anything. So seeing supposedly detected itsems means nothing.