Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Another Avast Behavior Blocker vs Ransomware Test
Message
<blockquote data-quote="Alikhan" data-source="post: 680377" data-attributes="member: 43696"><p>The behaviour shield is linked with the File Shield in some aspects. I can't go into much detail but I'll give an example. Most of the time zero day malware is already classified in the cloud (old malware is also classified in the cloud). Now here comes the important bit, malware is executed and IDP (behaviour shield) checks the cloud and gets a result that the file is classified as malicious but IDP does this check "asynchronously". This means that the behaviour shield would not block the malware immediately since the File Shield which does the check "synchronously" would have already removed the threat before IDP got involved. File Shield does this query synchronously, e.g. it will block the malware process creation immediately while the query result gets back from the cloud. This is why sometimes some files get encrypted by ransomware before IDP reacts. This happens alot with Petya based sample if File Shield is disabled.</p><p></p><p>I'm not saying that the behaviour shield is a silver bullet since nothing is 100% but it would be nice to see a video with the File Shield enabled.</p><p></p><p>The file shield is also linked to whitelisting to hardened mode. Hardened mode also only targets exe files.</p></blockquote><p></p>
[QUOTE="Alikhan, post: 680377, member: 43696"] The behaviour shield is linked with the File Shield in some aspects. I can't go into much detail but I'll give an example. Most of the time zero day malware is already classified in the cloud (old malware is also classified in the cloud). Now here comes the important bit, malware is executed and IDP (behaviour shield) checks the cloud and gets a result that the file is classified as malicious but IDP does this check "asynchronously". This means that the behaviour shield would not block the malware immediately since the File Shield which does the check "synchronously" would have already removed the threat before IDP got involved. File Shield does this query synchronously, e.g. it will block the malware process creation immediately while the query result gets back from the cloud. This is why sometimes some files get encrypted by ransomware before IDP reacts. This happens alot with Petya based sample if File Shield is disabled. I'm not saying that the behaviour shield is a silver bullet since nothing is 100% but it would be nice to see a video with the File Shield enabled. The file shield is also linked to whitelisting to hardened mode. Hardened mode also only targets exe files. [/QUOTE]
Insert quotes…
Verification
Post reply
Top