An Avast Hardened Mode pop-up let me know it prevented an .EXE file from starting.
The thing is, it’s a file I had just downloaded but I did not try to run it.
I didn’t set any browser settings to auto-execute anything, either.
I only noticed the issue with that file, not with other files.
The file comes from the developer’s site, and Virus Total says it’s clean.
I guess the file is safe but still unknown to Hardened Mode.
What I don’t get, though, is why Avast “prevented it from starting”, while I did not try to start it.
Happens both in Chrome and Firefox.
That’s weird… can you tell us what file is that? (i.e. where you downloaded it from)
Yes, normally only execution should trigger the Hardened mode.
KVRT.exe from hXXp://www.kaspersky.com/antivirus-removal-tool
Not sure if the Hardened Mode (Aggressive), when enabled is triggered by the File System Shield (FSS), as the downloaded file is a new creation that triggers the FSS and subsequently .
If so is it possible that Hardened Mode (Aggressive) would then check the file against the cloud whitelist ?
I don’t see anything in the avast help file that limits Hardened Mode (Aggressive) scanning to execution only.
Even weirder, detection happens randomly. Sometimes yes, sometimes no. I’ve been downloading that same file a number of times in Chrome. Same in FF. Now it triggers the warning, now it doesn’t.
I also tried to disable the Avast extension in Chrome, but the Hardened Mode (Aggressive) pop-up is triggered while the web extension off, too.
I can not reproduce your issue with Hardened mode in Aggressive.
I tried 3 times downloading the file in both Firefox and Opera ( I don’t use Chrome ) and no warning.
Greetz, Red.
Thanks Rednose,
so it might be something about my installation.
It’s Avast IS2015 10.3.2225 on Windows 10 64b (limited user, UAC max, CryptoPrevent), ASUS notebook.
Hardened Mode (Aggressive) ON
DeepScreen ON
Reputation services ON
Scan for PUPs ON
FSS ON
WebShield ON
I’ve noticed another Hardened Mode “anomaly” on my system.
This time, I did run a file,
DiscWizardSetup-1605861.it.exe
from the official Seagate site
hXXp://www.seagate.com/it/it/support/downloads/discwizard/
An Avast pop-up notified that Hardened Mode had prevented it from starting
BUT
it somehow “started” anyway, even though with errors (see screenshots below: the first error window says it could not access the path, the second one is a generic error).
After I run it again and allowed it in Hardened Mode, then it run regularly with no errors.
Happened again with another file, TraktRater_v2.2.0.exe
hXXps://github.com/damienhaynes/TraktRater/releases
I tried and downloaded it again. It didn’t trigger the pop-up the second time or the third time…
but it happened again after 5 or 6 downloads!
So, I don’t know if it actually depends on the files, or it just happens once in while.
I also tried an Avast Repair, to no avail.
Should I open a ticket with Support?
Yes, please do so.
Avast Support said that some files in Avast IS installation might have become corrupted.
They advised that I completely uninstall it (with the uninstall tool) and install it again, which I’ve done.
Let’s see if that fixes it.
Looks like it fixed it. 
So far, no more undue Hardened Mode warnings.
I have had similar issues with Aggressive Hardened Mode. When i was installing Windows10FirewallControl, HM warning popped up. And today it happened with Opera installer. I have the latest Avast Free and Windows 7. Dunno if HM should act like that, but lately it has been very sensitive. And those programs are known to be safe.