App Review Another Avast Behavior Blocker vs Ransomware Test

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

boredog

Level 9
Verified
Jul 5, 2016
416
After I left the page and came back, I was able to play the video. I do however see this often. Aso with Edge I have been getting not able to play this video and ot not being able to reach pages. This happens a lot. Win 10 64 latest insider update.
 

Alikhan

Level 2
Verified
Oct 14, 2015
66
So, this means that in that other test file shield was indeed disabled? If that's the case and Avast BB still worked. Then that means that Avast behavior blocker doesn't need the File Shield.

That depends on your definition of needs. The behavior shield doesn't need the File Shield if you want to risk the sample being detected late (once it gets classification from the cloud). I've previously asked one of the behaviour shield devs and they've stressed that if you want a fair result, the file shield should be enabled, the behavior shield is last line of defense. Most of the behaviour shields detections are moved to the cloud so the File Shield would query synchronously whereas the behavior shield wouldn't but that's not to say the behaviour shield can not detect on its own.

If you look at Cruelsisters test, you will see the behaviour shield did detect but it was often far too late. If the FIle Shield was enabled there, would those samples have executed and queried immediately?
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
i support your opinion try the test again with shield enabled @cruelsister
The malware used in the test will be blocked first by the File Shield (not 0-day ransomware).
You could avoid this by disabling the Internet connection and use the old local signatures with File Shield enabled. But, this will be possible only with an older Avast version installed with disabled Internet connection.
 
  • Like
Reactions: Sunshine-boy

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
I was just trying to recreate the test of the Avast BB that was posted last week and which gave a false impression (the hardened Mode was active because I would have been criticized for not using it).

Although I actually think that Avast has made great strides in the past 9 months and is currently quite a good product (sad that it recently refuses to play nice with CF!), my primary concern is that Avast users are not misled by not well designed tests. Any of the ransomware that bypassed the Avast BB in this test can be easily morphed to a true zero day, and running into one of these even with File Shield active will result in Unnumbered Tears.
Oh no. What antivirus would you recommend people now with CF if Avast doesn't work with it and 360 has ads?
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
I was just trying to recreate the test of the Avast BB that was posted last week and which gave a false impression (the hardened Mode was active because I would have been criticized for not using it).

Although I actually think that Avast has made great strides in the past 9 months and is currently quite a good product (sad that it recently refuses to play nice with CF!), my primary concern is that Avast users are not misled by not well designed tests. Any of the ransomware that bypassed the Avast BB in this test can be easily morphed to a true zero day, and running into one of these even with File Shield active will result in Unnumbered Tears.
Right, I knew what you were swinging for there, that's why I commented the way I did.
Thanks CS for the clarification :)
 
  • Like
Reactions: Sunshine-boy

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Hi- the last time I tried Avast with CF was about 1 month or so ago, and there were issues on the Avast side of things. Current versions of Avast may have (as 59er notes) resolved things. If not either Qhoo Security Essentials (God Damn ads!) of Kaspersky AV Free (God Damn Commies!) may be indicated.
 

Orion

Level 2
Verified
Apr 8, 2016
83
I was just trying to recreate the test of the Avast BB that was posted last week and which gave a false impression (the hardened Mode was active because I would have been criticized for not using it).

Although I actually think that Avast has made great strides in the past 9 months and is currently quite a good product (sad that it recently refuses to play nice with CF!), my primary concern is that Avast users are not misled by not well designed tests. Any of the ransomware that bypassed the Avast BB in this test can be easily morphed to a true zero day, and running into one of these even with File Shield active will result in Unnumbered Tears.

Hi CS and others,
TI again.So @Alikhan and I have been talking about the delay in detection by BB for ransomware specifically.The principal developer of IDP from AVG said that this is due to cloud where if you disable file shield the cloud is not being queried which results in delay of detection.So some part of IDP relies on file shield and cloud to make decision in time.Also you are forgetting the usual chain my dear friend.If avast can block the source there is no way a binary will get dropped.While this is not a excuse there is a proper reason for the delay since there is cloud involvement in the decisions being made any new or old ransom malware may get a delayed detection.File shield also has cybercapture,deepscreen,filerep and evo-gen built into it so disabling it effectively cuts off avast means to fight against unknown malware.You can read Ali's post here:
Video Review - Another Avast Behavior Blocker vs Ransomware Test

Please keep this in mind guys before basing conclusions because each product has a different way to protect its users without knowing that there is no proper test bed to replicate real world scenario's..


Btw,i have a twitter for malware research too.Follow @avman1995
 

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Orion- The Cloud will not afford protection against true zero-day malware. It cannot detect what it has never seen before (my cat Ophelia just drools for those that think the Cloud is enough...)
 
  • Like
Reactions: simmerskool

Orion

Level 2
Verified
Apr 8, 2016
83
Orion- The Cloud will not afford protection against true zero-day malware. It cannot detect what it has never seen before (my cat Ophelia just drools for those that think the Cloud is enough...)

Sorry If i didn't make it clear.It doesn't matter if its new or old.If you keep file shield off there will be a delay in detection by IDP due to the absence of the file shield with its additional rings and bells.Also,you miss on a lot of other stuff that are used to detect unknown malware.File shield also has cybercapture,deepscreen,filerep and evo-gen built into it so disabling it effectively cuts off avast means to fight against unknown malware.

Also if it was truely "zero day" dont you think it would be purpose built to slip most most products like flame or stuxnet were under the radar before kaspersky found the samples.

It would probably be a better idea to test it with file shield on against samples that aren't detected.Its not that difficult to find such samples.I send undetected samples to avast so i gather quite a lot of samples that are missed by file shield and cloud.If you want to test feel free!

thanks,
true indian.
 
Last edited:
  • Like
Reactions: Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top