CyberCapture or Hardened Mode?

  • CyberCapture

    Votes: 2 5.3%
  • Hardened Mode - Aggressive

    Votes: 29 76.3%
  • Hardened Mode - Moderate

    Votes: 7 18.4%
  • Total voters
    38
O

Omnipotent

What would be better against zero day malware? Cyber Capture or Hardened Mode set to Aggressive? I've read that Hardened Mode is very similar if not the same as a HIPS program so if i were to enable this would i not need an additional HIPS program?
 

XhenEd

Level 27
Verified
Trusted
Content Creator
CyberCapture isn't working properly yet (as expected of Avast :D ).

I would say that Hardened Mode is better protection.
As for what kind of Hardened Mode, I think Moderate is better. Someone correct me if I'm wrong, if I remember correctly, Moderate immediately blocks unknown files, while Aggressive only blocks suspicious files, that is, files that trigger sandbox analysis.

But, really, there should be no comparison against each other, since CyberCapture complements Avast's overall protection through improved detection.


Edit: Better explanation about Hardened Mode: Hardened Mode
 
Last edited:

Spawn

Administrator
Verified
Staff member
Use both settings, layered protection is your only reassurance against emerging threats.

upload_2016-7-16_15-44-17.png


(i) CyberCapture analyses unrecognised, defends and warns you about new threats, and help keeps your system secure.
(i) Use the Avast Hardened Mode to further lock down the security of this computer. This is recommended for inexperienced users.
 
O

Omnipotent

Use both settings, layered protection is your only reassurance against emerging threats.

View attachment 108954

(i) CyberCapture analyses unrecognised, defends and warns you about new threats, and help keeps your system secure.
(i) Use the Avast Hardened Mode to further lock down the security of this computer. This is recommended for inexperienced users.
Oh, so i can use both settings without conflict?
 
L

LabZero

CyberCapture allows to isolate the unknown files on the system, preventing that they can do damage.
The potentially malicious file is transferred to the cloud, on the Avast servers and at the same time blocked on the user's system until the conclusion of the analysis, so it should be specific against 0-day but as @XhenEd says, It isn't working properly yet.
 

jamescv7

Level 61
Verified
Trusted
Let's isolate the issue of CyberCapture but still the Hardening Mode concept totally kills everything.

Hardening Mode works well even in offline so already automatic to determine unknown files immediately compare to CyberCapture that will rely on Cloud to determine if its been rated.

But for protection purpose both can be enabled, let CyberCapture continue to improve since it is still considered premature.
 
O

Omnipotent

Let's isolate the issue of CyberCapture but still the Hardening Mode concept totally kills everything.

Hardening Mode works well even in offline so already automatic to determine unknown files immediately compare to CyberCapture that will rely on Cloud to determine if its been rated.

But for protection purpose both can be enabled, let CyberCapture continue to improve since it is still considered premature.
So having them both enabled will allow CyberCapture to detect malware missed by Hardened Mode, or is it the other way around?
 

XhenEd

Level 27
Verified
Trusted
Content Creator
So having them both enabled will allow CyberCapture to detect malware missed by Hardened Mode, or is it the other way around?
I think it's the other way around.

Hardened Mode is a "lock down" kind of protection suitable for inexperienced users and/or advanced users, while CyberCapture is for improved detection of malware. I think that, if CyberCapture only works against malware that is ran by the user, then Hardened Mode steps in first, making CyberCapture not to work. I'm not sure of this, though, as avast team might have implemented a dynamics between them and other components.


Edit: Or maybe, this is how it would work: When Hardened Mode blocks something suspicious or unknown, CyberCapture picks it up and upload the file(s) for cloud analysis.
 
Last edited:

jamescv7

Level 61
Verified
Trusted
@xCharbz : I think in other way around, but CyberCapture is easily bypass if the file is not rated to be unknown; so signatures/heuristics/generic detection must be the next case for inspection.

The problem for Avast Cloud is like more on reference basis, where the final verdict goes on traditional techniques through signatures, heuristics and generic detections.
 

Alikhan

Level 2
CyberCapture isn't working properly yet (as expected of Avast :D ).

I would say that Hardened Mode is better protection.
As for what kind of Hardened Mode, I think Moderate is better. Someone correct me if I'm wrong, if I remember correctly, Moderate immediately blocks unknown files, while Aggressive only blocks suspicious files, that is, files that trigger sandbox analysis.
That explanation is correct in some areas and wrong in some.

Hardened Mode: Moderate
Under normal conditions, if avast! decides that some file is too suspicious by various characteristics, it then throws it into the DeepScren for further scanning. But if Moderate Hardened Mode is enabled, avast! automatically blocks files that are detected as suspicious by preliminary analysis.
In most cases DeepScreen checks the file and if it doesn't find obvious malicious problems with it, those files are started automatically after analysis. But Hardened Mode (Moderate) blocks it right there.

Hardened Mode: Aggressive
This mode behaves a bit differently. It actually relies on analysis on a very small scale and mostly relies on a huge whitelist database located in avast! Cloud. If file is located within the cloud and flagged as safe, it will allow to run it. If it's not found or marked as bad, it will block it. So, at least based on my experience, Aggressive Mode is actually much more secure and also a lot less intrusive. Only time that it will cause problems is with some very rare old software or very very new software that isn't used by thousands of users. Usually some very specialized programs used by only few users.
Moderate mode often feels a bit too paranoid (despite its name) because it often blocks safe programs just because they exhibit local suspicious file characteristics that are basically ignored by the Aggressive mode.

Regarding having Hardened Mode and CyberCapture enabled at the same time - there are no issues.

For example, if you have Aggressive Hardened mode enabled, if the file is not in Avast cloud whitelist, it won't be allowed to run meaning CyberCapture wouldn't be invoked.

However, if it's in moderate mode and the file isn't suspicious and not triggered by DeepScreen then CyberCapture will be invoked (assuming the file comes from a http(s) source).
 
D

Deleted member 2913

Hardened Mode - Aggressive is better compared to Moderate...both protection & usability wise.

Cybercapture - It replaced Deepscreen in a way. If I am correct, any hardened mode enabled, deepscreen was not invoked. Dont know if it has changed with cybercapture or not?