What characterizes AVG is simplicity for normal use, for all users.
An experienced user can install CIS that offers excellent features but that must be managed and set with knowledge, for example behavioral blocking in interactive mode and this applies to other advanced security configurations.
It is possible to specify the blocking policy stating what behaviors are considered legit and which are not. Whenever a program launches a request to the operating system, behavioral blocking intercepts the request, check the policy, and decide whether to block the request.
This setting gives some false positives and has an impact on productivity because block, in the same way, legitimate apps and malicious one. Also there are few users who fully understand the implication of specific blocks, for example, file access, but how can a average/basic user know which and how many good programs can access to system files and which are effective malicious software?
Expert users analyze entire classes of malicious codes and analyzed their behavior in order to define what are the behaviors they want to block. This causes potentially harmful behaviors may be allowed in some cases while in others should be blocked. For example an expert might know that 80% of malicious code first tries to change the autostart registry entries before access to system files, so he can define a behavior to block what occurs when a code attempts to access system files after making a change to the registry. This leaves less room for false positives that might be generated by legitimate programs.
Knowledge and stay safe.