Advice Request Avast Hardened Mode/Aggressive -- how reliable is whitelist?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

motox781

Level 10
Verified
Well-known
Apr 1, 2015
483
I love Avast's whitelist. I use Avast business free on a small company I monitor. They use odd programs sometimes. I noticed when programs do get blocked and I can't get around to add an exception right away...the next day Avast already added it to the whitelist automatically. I've used it personally over the years and have noticed that there are very few false positives.

In my opinion, it works way better than Kaspersky TAM mode.

Avast Hardened mode agressive:

Pros:
- instant lock. No scans
- Great whitelist. Very little false positives.
- Password protect-able.

Cons:
- Relies on internet connection. Doesn't matter to me that much.
- I've read it only works on exes, not scripts. Not sure how big of a deal this is though.

Kapersky's TAM mode:

Cons:
- Scan to lock. Sometimes take awhile.
- Whitelist acutally doesn't seem as big. Could be a good or bad thing depending on how you look at it.
- I don't think it is password protect-able. Might be wrong. (this is a big one for me...why Kaspersky?!).
- Once an exe is added to the exception lists, you are sometimes bombarded with more TAM popups on installation. In Avast, you are not.
- 2017 version, I am noticing slow downs with TAM enabled on two diff PCs.

Overall, Avast hardened mode aggressive just works flawlessly.
 
Last edited:

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
@motox781

1. I agree that analysis takes awhile to complete.
2. Its whitelist is big, as it is in the cloud, and Kaspersky is known to be superior infrastructure-wise.
3. I agree. I think it doesn't have a password.
4. I don't understand this one. What do you mean by that? As long as a file is "unknown" it will be blocked by TAM. If this is the case, you need to allow the launch manually.
5. I agree.
 
D

Deleted member 2913

not regular Av detection, but file blocking due to aggressive/hardened mode.
Yeah Hardened Mode blocks new, not well-known, not used by majority kinda software.
I find it good for average users, good protection with low FPs...average users software like popular, well-known, used by majority kinda software will be there in Avast whitelist But sometimes updates/upgrades of the software may be blocked if the updates/upgrades are fairly new & not in Avast whitelist.
 
D

Deleted member 2913

As per RajzoR, Moderate Hardened Mode has local behavior analysis & works offline too.

I think they should simply have Hardened Mode instead of Aggressive/Moderate And Hardened Mode should work with everything Whitelist/Behavior Analysis, etc...

Hardened Mode should work like -
File will be checked against Whitelist (Allowed if found in Whitelist), if not found in Whitelist will be checked with Behavior Analysis (On detection, block with "Suspicious" on alert), if no detection by Behavior Analysis then block as it does now.

This will be better & Hardened Mode will work both Online/Offline.
 

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
Aggressive. I frankly don't even understand the point of Moderate mode. It's just annoying because it triggers Hardened Mode popup on anything suspicious, but doesn't seem to utilize Aggressive's whitelist for some reason. I was getting Hardened mode popups on files that otherwise never even trigger Hardened Mode when using Aggressive mode. Which is bizarre and stupid to say the least. Maybe it was a bug since it has been a while since I've tested it this way, but that's what I've observed.

Moderate mode would only make sense if it also utilized whitelist, allowing known clean stuff to be executed freely even if it has suspicious characteristics. Because currently, it just doesn't, it always triggers Hardened Mode warning on suspicious looking files. Which is the point of Moderate mode, but not without the whitelist. I might talk to avast! team about it. Not sure what kind of changes they plan for avast!+AVG merger and how it'll affect certain features...
 
D

Deleted member 2913

Either Hardened Mode is little buggy or quite a few times cloud glitch or prob.

I have 3 programs that are not in Avast whitelist & generate Hardened Mode (Aggressive) alert.
Programs are Microsoft PID checker - MyDigitalLife forum member software.
SecureMyBit - Our very own frd/MT member JM Security software.
RecoverPasswords - Recover Passwords. Recover your lost passwords

Internet Connected...Cloud Connected...Internet working fine
Time to time I check with the above mentioned software And I have noticed that quite a few times programs run fine & no Hardened Mode alert.

And Avast password protection too is little buggy.
Open GUI, enter password, navigate a little & close GUI & reopen GUI...sometimes when you reopen GUI, its still accessible i.e password is not asked.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Either Hardened Mode is little buggy or quite a few times cloud glitch or prob.

Internet Connected...Cloud Connected...Internet working fine
Time to time I check with the above mentioned software And I have noticed that quite a few times programs run fine & no Hardened Mode alert.
do you mean that you installed them on a new system, and did not get an alert?
Because on the same system, you should not get an alert a second time. It is supposed to remember that you trusted the program.

by the way, nice software collection you have!
 
  • Like
Reactions: Deleted member 2913
D

Deleted member 2913

do you mean that you installed them on a new system, and did not get an alert?
Because on the same system, you should not get an alert a second time. It is supposed to remember that you trusted the program.

by the way, nice software collection you have!
You should get alert everytime, if internet is connected & programs are not in HM exclusion & Avast whitelist.

PID checker & RecoverPasswords, I haven't added to Hardened Mode exclusion.
SMB, I have added to HM exclusion But sometimes to check if its added in Avast whitelist or not, I remove it from exclusion, restart the system & check.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top