Why Avast "Hardened mode" is faulty!

[Venustus]

I just tried installing the new Avast R4 Beta,and as usual I tried installing over the top of the existing version,as suggested on the forums and in the Avast forum!
"Hardened mode" was on in the previous version, set to moderate
This is what I get:

In other words "Avast Hardened mode" in my eyes at least, cannot discern correctly when a program is safe or not with a default block policy!
I know I can setup an exclusion but I don't think this is an acceptable option!
Any opinions from other members appreciated!

 

[FreddyFreeloader]

Yeah, it's a love/hate relationship with Avast.

 

[Venustus]

Yeah, it's a love/hate relationship with Avast.

I agree!
I really dont know the mechanics behind hardened mode as I only installed it to give it a shake up!
But at least we should get some indication as to why a program is blocked in terms of what threat it presents if any to the user!

 

[Dubseven]

Behavioral blockers are harder to determinate the type of malware.
A worm can execute codes like a trojan, a trojan also can execute codes like a rogue.
It's harder to defin a "threat" type..

The best config, is the normal config

 

[Littlebits]

The same point I brought up recently. At its current state, Hardened Mode is useless.

Enjoy!!

 

[Deleted member 21043]

Behavioral blockers are harder to determinate the type of malware.
A worm can execute codes like a trojan, a trojan also can execute codes like a rogue.
It's harder to defin a "threat" type..

The best config, is the normal config

I just have to agree with Dubsevens' post.

 

[Venustus]

Behavioral blockers are harder to determinate the type of malware.
A worm can execute codes like a trojan, a trojan also can execute codes like a rogue.
It's harder to defin a "threat" type..

The best config, is the normal config

Thanks for the reply but I bet if I turned Avast hardened mode off and ran some malware the computer would be compromised?!

 

[Venustus]

The same point I brought up recently. At its current state, Hardened Mode is useless.

Enjoy!!

Yes, I just saw your post!!

 

[Cats-4_Owners-2]

Thanks for the reply but I bet if I turned Avast hardened mode off and ran some malware the computer would be compromised?!

Heavy is the hand that bears the finger that 'turns Avast's hardened mode off' only to find one's computer compromised to malware...

 

[Littlebits]

Don't get me wrong Avast is an excellent AV, but just like with any AV if you download and run infected files sooner or later you will get infected. Just always download files from safe sources. Hopefully they will eventually make improvements to Hardened Mode.

Thanks.

 

[Cowpipe]

One my my pet hates with the more aggressive behaviour analysis is that there is no attempt to analyse the context. So legitimate programs get blocked (just to be safe).

Good example a few years back when I used Avast, it blocked a legitimate java update with normal config, no information displayed, just the filename, and a link to a page for 'more information' which basically told me 'files that are blocked are potentially malicious and could harm your computer'.. Yup. Oh hello Avast, yep block file (could be malicious), bye bye java update.. Oh hello java drive by...

 

[Striker]

I just tried installing the new Avast R4 Beta,and as usual I tried installing over the top of the existing version,as suggested on the forums and in the Avast forum!
"Hardened mode" was on in the previous version, set to moderate
This is what I get:

In other words "Avast Hardened mode" in my eyes at least, cannot discern correctly when a program is safe or not with a default block policy!
I know I can setup an exclusion but I don't think this is an acceptable option!
Any opinions from other members appreciated!

u need to switch to aggressive..it use a cloud whitelist from known programs. u dont get that popup on aggressive mode..

 

[Venustus]

u need to switch to aggressive..it use a cloud whitelist from known programs. u dont get that popup on aggressive mode..

Okay I will try that!
Thanks!

 

[Littlebits]

u need to switch to aggressive..it use a cloud whitelist from known programs. u dont get that popup on aggressive mode..

It doesn't seem to change anything still a lot of safe programs are blocked, it is using a whitelist it must be really small.

Thanks.

 

[Venustus]

Switched to "aggressive" same effect!

 

[Cowpipe]

I like how it says "If you're sure you want to run the program" on a mode intended for inexperienced users... I could name far too many people whose reaction to that (on any file) would be "of course I'm bloody sure I want to run it, that's why I opened it, stupid thing. Exclude"...

 

[Venustus]

I like how it says "If you're sure you want to run the program" on a mode intended for inexperienced users... I could name far too many people whose reaction to that (on any file) would be "of course I'm bloody sure I want to run it, that's why I opened it, stupid thing. Exclude"...

Indeed there is no indication as to WHY the file is being blocked!
As a Kaspersky user I will get a block and an indication as to why it was blocked>>>trojan etc

 

[Cowpipe]

Indeed there is no indication as to WHY the file is being blocked!
As a Kaspersky user I will get a block and an indication as to why it was blocked>>>trojan etc

And what are the bets that if there were some 'computer psychic' who could actually talk to Avast and ask it why the file was blocked, it would reply, with a raspy wisdom... "Signature 0X27CB was matched"... Ah ok, now I know it's safe, thanks for the help Avast.

 

[Manzai]

Avast Hardened Mode ? Ransomware

http://malwaretips.com/threads/avast-free-antivirus-hardened-mode-vs-malware-pack.28436/

 

[avast! Protection]

I will try to explain how avast! Hardened works and why it behaves differently.

By default, avast! checks suspicious files which are not yet known by putting them in a sandbox environment to see how they behave (DeepScreen). If the antivirus finds nothing suspicious in files' behaviour, it automatically starts the application after analysis. The Hardened mode works a bit differently.

As you are aware of, the Hardened mode has two settings - Moderate and Aggressive. By my opinion, the two options should swap their names as I find the Aggressive mode less-intrusive and safer.

I will explain you why:

Moderate Setting: When the moderate setting is turned on, avast! automatically blocks files that are detected as suspicious by initial analysis. As I explained above, avast! puts the potential threats in sandbox and if nothing found, starts it automatically. On the other hand, the Moderate hardened mode stops suspicious files' execution right there.

Aggressive: The Aggressive mode analyses if the file is included in avast!'s white-list database located in avast! Cloud. If the file is present in the white-list (flagged as safe), avast! allows it to be executed.

I think that the Hardened mode with white-listing check has a potential in the future as the number of malware threats grows every second and AV vendors may come to a point where it will be easier to check if a given application is white-listed, rather than heavily relying on the heuristic analysis of 0-day threats as a day may come when the number of threats will be bigger than legitimate software packages releases for a given time frame. Of course, this solution may lead to lots of headaches for software developers but there greater minds than me who will find a solution for it as well.