Advice Request Avast Hardened Mode/Aggressive -- how reliable is whitelist?

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Does Avast do a good job at keeping malware, adware etc out of the whitelist that governs hardened mode/aggressive?
In addition to enabling Avast hardened mode/aggressive, I have disabled wscript and cscript.
Does this give me an effective default/deny setup?
 
Y

yigido

Does Avast do a good job at keeping malware, adware etc out of the whitelist that governs hardened mode/aggressive?
In addition to enabling Avast hardened mode/aggressive, I have disabled wscript and cscript.
Does this give me an effective default/deny setup?
Do they have any "file intelligence" service?
Search with a hash to see the file whitelisted or not, so we can check our samples that site.

(ex. https://file-intelligence.comodo.com/ )
 
Y

yigido

Another question, with such feature (Hardened mode).. Avast blocks files if they are not in whitelist.
We submit malwares to blackist...
How can we submit files for whitelisting? Submitting them as false positive work?
 
D

Deleted member 2913

if there is no connection.. then all files blocked? I do not think so, there must be a local cache for this..
I guess -
1. File run offline - Allowed
2. File run online & blocked by Hardened Mode - if you run the file again offline...blocked by Hardened Mode. Guess cache is not saved i.e after system restart...1 & 2

Test & see...
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I tested it.
It only blocks if there is internet connection.
after a reboot, it forgets that the file was once blocked, unless internet connection is renewed.
 
D

Deleted member 2913

RejzoR,

Hardened Mode only works with .exe, right?
Any info it will work with other extensions too i.e are they working on it?
 
  • Like
Reactions: Venustus

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
I haven't tested Hardened Mode in such specific details, I suggest that guy talking to avast! team directly on avast! forums (or get Vlk over here).

Aggressive mode is default deny with offline exception apparently (and some problems differentiating behavior online and offline, at least back then).

Moderate mode depends heavily on file characteristics. If file looks suspicious to local recognizer, you'll get a warning, regardless whether you're online or offline. It's why Aggressive, despite the name often actually makes less unnecessary popups.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top