Advice Request Avast Hardened Mode/Aggressive -- how reliable is whitelist?

[shmu26]

Does Avast do a good job at keeping malware, adware etc out of the whitelist that governs hardened mode/aggressive?
In addition to enabling Avast hardened mode/aggressive, I have disabled wscript and cscript.
Does this give me an effective default/deny setup?

 

[yigido]

Does Avast do a good job at keeping malware, adware etc out of the whitelist that governs hardened mode/aggressive?
In addition to enabling Avast hardened mode/aggressive, I have disabled wscript and cscript.
Does this give me an effective default/deny setup?

Do they have any "file intelligence" service?
Search with a hash to see the file whitelisted or not, so we can check our samples that site.

(ex. https://file-intelligence.comodo.com/ )

 

[yigido]

Another question, with such feature (Hardened mode).. Avast blocks files if they are not in whitelist.
We submit malwares to blackist...
How can we submit files for whitelisting? Submitting them as false positive work?

 

[shmu26]

one drawback with hardened mode/aggressive is that it relies on cloud connection

 

[yigido]

one drawback with hardened mode/aggressive is that it relies on cloud connection

if there is no connection.. then all files blocked? I do not think so, there must be a local cache for this..

 

[Deleted member 2913]

if there is no connection.. then all files blocked? I do not think so, there must be a local cache for this..

I guess -
1. File run offline - Allowed
2. File run online & blocked by Hardened Mode - if you run the file again offline...blocked by Hardened Mode. Guess cache is not saved i.e after system restart...1 & 2

Test & see...

 

[yigido]

Test & see...

I have no time for Avast

 

[shmu26]

I tested it.
It only blocks if there is internet connection.
after a reboot, it forgets that the file was once blocked, unless internet connection is renewed.

 

[yigido]

I tested it.
It only blocks if there is internet connection.
after a reboot, it forgets that the file was once blocked, unless internet connection is renewed.

while offline, there were no protecion right?

 

[shmu26]

while offline, there were no protecion right?

right.

 

[yigido]

right.

hmm

 

[shmu26]

hmm

and the whitelist is very large. It was hard to find a file that it blocks.

 

[yigido]

and the whitelist is very large. It was hard to find a file that it blocks.

Without a website to check.. I cannot submit files for whitelist..
I assume that too.. their whitelist is so huge because of 200millions of users.. their all unknowns uploaded to Avast servers to check..

 

[shmu26]

hmm

the truth is that if the user will just take responsibility to only run files that he checked out and he knows they are safe, then there is hardly a need for security softs in the first place.

 

[Ink]

For Anti-Adware / PUP / PUA go to Unchecky.com.

 

[Deleted member 178]

more i read about AVs , more i laugh, and keep thinking " im so glad to quit using them ! "

 

[RejZoR]

When avast! is offline, Hardened Mode (Aggressive) still relies on digital signatures and internal whitelists that are supplied via definitions. The extent of these is not known exactly.

 

[Deleted member 2913]

RejzoR,

Hardened Mode only works with .exe, right?
Any info it will work with other extensions too i.e are they working on it?

 

[Azure]

When avast! is offline, Hardened Mode (Aggressive) still relies on digital signatures and internal whitelists that are supplied via definitions. The extent of these is not known exactly.

Do you know if Avast still has this problem(don't know if that is the correct word, since this could be what they wanted)?
Regarding the Avast Aggressive Hardened Mode

 

[RejZoR]

I haven't tested Hardened Mode in such specific details, I suggest that guy talking to avast! team directly on avast! forums (or get Vlk over here).

Aggressive mode is default deny with offline exception apparently (and some problems differentiating behavior online and offline, at least back then).

Moderate mode depends heavily on file characteristics. If file looks suspicious to local recognizer, you'll get a warning, regardless whether you're online or offline. It's why Aggressive, despite the name often actually makes less unnecessary popups.