Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Avast BB + Ransomware Shield Test
Message
<blockquote data-quote="Alikhan" data-source="post: 654077" data-attributes="member: 43696"><p>I still don't understand why they don't test with all the components enabled.</p><p></p><p>The behaviour shield is actually linked with the File Shield in some aspects. I can't go into much detail but I'll give an example. Most of the time zero day malware is already classified in the cloud (old malware is also classified in the cloud). Now here comes the important bit, malware is executed and IDP (behaviour shield) checks the cloud and gets a result that the file is classified as malicious but IDP does this check "asynchronously". This means that the behaviour shield would not block the malware immediately since the File Shield which does the check "synchronously" would have already removed the threat before IDP got involved. File Shield does this query synchronously, e.g. it will block the malware process creation immediately while the query result gets back from the cloud. This is why sometimes some files get encrypted by ransomware before IDP reacts.</p><p></p><p>Another example would be CyberCapture being linked to the Web Shield.</p><p></p><p>I'll need to see why the Ransomware Shield didn't react, did the person making the video reboot after enabling the ransomware shield? It could also be the case that it's run under a virtual environment rather than Shadow Defender ? The default mode for Ransomware Shield is "smart" mode so any trusted applications which are trusted via the cloud will be allowed to make changes such as Word etc. Any unknown programs will require user intervention.</p></blockquote><p></p>
[QUOTE="Alikhan, post: 654077, member: 43696"] I still don't understand why they don't test with all the components enabled. The behaviour shield is actually linked with the File Shield in some aspects. I can't go into much detail but I'll give an example. Most of the time zero day malware is already classified in the cloud (old malware is also classified in the cloud). Now here comes the important bit, malware is executed and IDP (behaviour shield) checks the cloud and gets a result that the file is classified as malicious but IDP does this check "asynchronously". This means that the behaviour shield would not block the malware immediately since the File Shield which does the check "synchronously" would have already removed the threat before IDP got involved. File Shield does this query synchronously, e.g. it will block the malware process creation immediately while the query result gets back from the cloud. This is why sometimes some files get encrypted by ransomware before IDP reacts. Another example would be CyberCapture being linked to the Web Shield. I'll need to see why the Ransomware Shield didn't react, did the person making the video reboot after enabling the ransomware shield? It could also be the case that it's run under a virtual environment rather than Shadow Defender ? The default mode for Ransomware Shield is "smart" mode so any trusted applications which are trusted via the cloud will be allowed to make changes such as Word etc. Any unknown programs will require user intervention. [/QUOTE]
Insert quotes…
Verification
Post reply
Top