What is Behavior Blocker?

Tom172

New Member
Feb 11, 2011
1,010
34
It's a component of an Anti-Virus product, or a standalone product (Eg. ThreatFire) which analyses what an application is doing on your system. If the application appears to be doing something which it shouldn't be, the behavior blocker will take action against the application.
 

MrExplorer

Level 28
Verified
Nov 15, 2012
1,763
3,056
Tom172 said:
It's a component of an Anti-Virus product, or a standalone product (Eg. ThreatFire) which analyses what an application is doing on your system. If the application appears to be doing something which it shouldn't be, the behavior blocker will take action against the application.

Does all Product has Behavior Blocker
 

Tom172

New Member
Feb 11, 2011
1,010
34
Unknown said:
Tom172 said:
It's a component of an Anti-Virus product, or a standalone product (Eg. ThreatFire) which analyses what an application is doing on your system. If the application appears to be doing something which it shouldn't be, the behavior blocker will take action against the application.

Does all Product has Behavior Blocker

Not every product. Usually it will say if it does or not on the products website.
 
P

Plexx

As Tom explained, behavior blocker is a component that constantly monitors file activities, preventing certain modifications or actions to the operating system or related files, such as registry entries. I know not all Behavior Blockers allow a complete control like HIPS but some do allow manual rules editing etc.

Products that have Behavior Blockers:
Emsisoft Anti-Malware (has Emsisoft Mamutu incorporated);
AVG Antivirus Free (Identity Protection)
avast! (Behaviour Shield)
Panda Cloud Antivirus
Norton Antivirus (via SONAR Behavioral Protection & Live 24x7 Threat Monitoring)
BitDefender (I am not 100% if it has some form of BB).

Stand alone Behavior Blockers:
Emsisoft Mamutu (shareware)
ThreatFire (for link you will need to ask ZOU1) (see comments below - no longer active*)
NovaShield Anti-Malware (32 bits architecture only like DefenseWall (HIPS) that is only for 32 bits arctitecture) (shareware)
AVG Identity Protection - was standalone before being incorporated within the AV product but not sure if it still has any download links available.

TeaTimer and the other component from the old Spybot Search and Destroy used Behavior Blocking technology to monitor Real Time changes and provide protection in terms or registry keys modification etc.

As for ThreatFire, although it is known as a Behavior Blocker, from what I gathered when I tested and used, it was still host based and allow rules control (much like Mamutu) so technically speaking ThreatFire can be considered a Host Intrusion Prevention System up to a certain degree.
 

madyrocksin

New Member
Jul 30, 2012
510
1
BB is like HIPS with Brain,
they are designed to be less interactive make their own decision like allow or block certain changes or modifications unlike HIPS where the user has to choose most actions
You can look here may not be the best explanation but you will understand it
http://antivirus.about.com/od/antivirussoftwarereviews/a/hips_behavior.htm
 

Gnosis

New Member
Apr 26, 2011
2,781
237
Unknown,

Here is one of the few, if not the only, links for Threatfire BB standalone if you want to try it out:

http://www.scanwith.com/download/ThreatFire.htm

Information and debates/Q&A pertinent to Threatfire: http://malwaretips.com/Thread-ThreatFire-Level-5

Test video of Threatfire (Level 5) in action: http://malwaretips.com/Thread-ThreatFire-v4-7-0-53-Level-5-Custom-Test-biozfear14
 
P

Plexx

ZOU would be the best person to ask questions about TF since to my knowledge he is the only user here who uses it, unless others use it but never said a word :)
 

Gnosis

New Member
Apr 26, 2011
2,781
237
ZOU would be the best person to ask questions about TF since to my knowledge he is the only user here who uses it, unless others use it but never said a word

Besides the fact that I am OBSESSED with it. LOL :)

@Unknown:

Know that every "allow" or "deny" will take a bit of reading, investigation and other research. Let solid intel lead you, not panic and uncertainty. The beauty of HIPS and BB's is that YOU are in the driver's seat.

NOTE: It would be a good thing to have Killswitch, or some other process explorer that you are familiar with, to investigate processes that are simply listed as "PUP's". Other than those TF is pretty simple and shows you details you can trust about suspicious behavior. When I trained Malware Defender (HIPS), it was quite tedious compared to training TF, eventhough Malware Defender is equipped with a learning mode.
 
P

Plexx

ZOU1 said:
ZOU would be the best person to ask questions about TF since to my knowledge he is the only user here who uses it, unless others use it but never said a word

Besides the fact that I am OBSESSED with it. LOL :)

You would probably like Mamutu. But then again since you have already configured TF, you have a hell of a head start against new users to TF.
 

Gnosis

New Member
Apr 26, 2011
2,781
237
I seriously considered Mamutu, but when I finally made up my mind to install it, I saw that the free version would not allow me to quarantine anything, so I passed. That is when I went on to Malware Defender.

IMHO, TF is pretty darn wicked. I noticed that Symantec/PC Tools still uses "Threatfire technology" in PC Tools AV. There is a good reason for that based on my experiences with TF, and esp. your review, and McLovin's review.
 

Littlebits

Retired Staff
May 3, 2011
3,902
3,058
Biozfear said:
As Tom explained, behavior blocker is a component that constantly monitors file activities, preventing certain modifications or actions to the operating system or related files, such as registry entries. I know not all Behavior Blockers allow a complete control like HIPS but some do allow manual rules editing etc.

Products that have Behavior Blockers:
Emsisoft Anti-Malware (has Emsisoft Mamutu incorporated);
AVG Antivirus Free (Identity Protection)
avast! (Behaviour Shield)
Panda Cloud Antivirus
Norton Antivirus (via SONAR Behavioral Protection & Live 24x7 Threat Monitoring)
BitDefender (I am not 100% if it has some form of BB).

Stand alone Behavior Blockers:
Emsisoft Mamutu (shareware)
ThreatFire (for link you will need to ask ZOU1) (see comments below - no longer active*)
NovaShield Anti-Malware (32 bits architecture only like DefenseWall (HIPS) that is only for 32 bits arctitecture) (shareware)
AVG Identity Protection - was standalone before being incorporated within the AV product but not sure if it still has any download links available.

TeaTimer and the other component from the old Spybot Search and Destroy used Behavior Blocking technology to monitor Real Time changes and provide protection in terms or registry keys modification etc.

As for ThreatFire, although it is known as a Behavior Blocker, from what I gathered when I tested and used, it was still host based and allow rules control (much like Mamutu) so technically speaking ThreatFire can be considered a Host Intrusion Prevention System up to a certain degree.

You forgot WinPatrol, it uses the same behavior block technology of others. It monitors all system startup locations, system registry entries (more can be manually added), system services and drivers, file type associations, IE helpers and Active X controls. It checks all processes with cloud technology for digital signatures, file hashes, etc. All of the main locations that are effected by malware.

There is also System Security Guard from the same developer as System Explorer.
It appears to be a very good product.

Thanks.:D
 
P

Plexx

Thought Winpatrol was more towards some form of HIPS as opposed to a BB.

Did not know about SSG. Worth checking it out.

Anyone know if it works on x64 or is it like DW/Novashield limitation to x84?
 

Littlebits

Retired Staff
May 3, 2011
3,902
3,058
Biozfear said:
Thought Winpatrol was more towards some form of HIPS as opposed to a BB.

Did not know about SSG. Worth checking it out.

Anyone know if it works on x64 or is it like DW/Novashield limitation to x84?

According to Softpedia it supports 64-bit. I'm not sure if it has full support. I only briefly tried it.

WinPatrol fits into many categories. Since they added cloud-technology that checks system changes, it also can be considered as a BB. When I get a notice from Avast's Behavioral Shield or Auto-sandbox , I also get notifications from WinPatrol for the same thing.

ZoneAlarm Free also has a behavior blocker on its DefenseNet under Application Control.

Thanks.:D
 
P

Plexx

Littlebits said:
According to Softpedia it supports 64-bit. I'm not sure if it has full support. I only briefly tried it.

WinPatrol fits into many categories. Since they added cloud-technology that checks system changes, it also can be considered as a BB. When I get a notice from Avast's Behavioral Shield or Auto-sandbox , I also get notifications from WinPatrol for the same thing.

ZoneAlarm Free also has a behavior blocker on its DefenseNet under Application Control.

Thanks.:D

WinPatrol is indeed a good application nevertheless.
I will give the other tool a try sometime soon.

As for ZA Free, wasn't aware that had a behavior blocker. To be honest, I have not touched ZA for years. Probably will revisit that software. Does it usually conflict with games? Not sure if you are a gamer, but any feedback is appreciated.

KelvinW4 said:
Mamutu Free version? Since when?

I believe he means the trial of 30 days. Mamutu is a Shareware or Trialware product. Unless it was different in the past.


On a side note: I got used to Comodo HIPS but I also like Behavior Blockers.

However since there are free x64 behavior blockers such as ZA Firewall component as mentioned by Littlebits, my choices of considering Mamutu are more free:)
 

Littlebits

Retired Staff
May 3, 2011
3,902
3,058
As for ZA Free, wasn't aware that had a behavior blocker. To be honest, I have not touched ZA for years. Probably will revisit that software. Does it usually conflict with games? Not sure if you are a gamer, but any feedback is appreciated.

ZA has a Game Mode on the taskbar icon right click menu.
I'm not a gamer because I couldn't say how good it works with games.
If the games have digitally signed files then ZA's DefenseNet shouldn't mess with them since that is the first thing it checks, it also has a very large cloud base which should include most of the popular games.

Enjoy!!:D
 

MrExplorer

Level 28
Verified
Nov 15, 2012
1,763
3,056
Biozfear said:
As Tom explained, behavior blocker is a component that constantly monitors file activities, preventing certain modifications or actions to the operating system or related files, such as registry entries. I know not all Behavior Blockers allow a complete control like HIPS but some do allow manual rules editing etc.

Products that have Behavior Blockers:
Emsisoft Anti-Malware (has Emsisoft Mamutu incorporated);
AVG Antivirus Free (Identity Protection)
avast! (Behaviour Shield)
Panda Cloud Antivirus
Norton Antivirus (via SONAR Behavioral Protection & Live 24x7 Threat Monitoring)
BitDefender (I am not 100% if it has some form of BB).

Stand alone Behavior Blockers:
Emsisoft Mamutu (shareware)
ThreatFire (for link you will need to ask ZOU1) (see comments below - no longer active*)
NovaShield Anti-Malware (32 bits architecture only like DefenseWall (HIPS) that is only for 32 bits arctitecture) (shareware)
AVG Identity Protection - was standalone before being incorporated within the AV product but not sure if it still has any download links available.

TeaTimer and the other component from the old Spybot Search and Destroy used Behavior Blocking technology to monitor Real Time changes and provide protection in terms or registry keys modification etc.

As for ThreatFire, although it is known as a Behavior Blocker, from what I gathered when I tested and used, it was still host based and allow rules control (much like Mamutu) so technically speaking ThreatFire can be considered a Host Intrusion Prevention System up to a certain degree.

ESET does have BB or Not
 
Top