venustus

Level 47
Verified
Trusted
Content Creator
I just tried installing the new Avast R4 Beta,and as usual I tried installing over the top of the existing version,as suggested on the forums and in the Avast forum!
"Hardened mode" was on in the previous version, set to moderate
This is what I get:


In other words "Avast Hardened mode" in my eyes at least, cannot discern correctly when a program is safe or not with a default block policy!
I know I can setup an exclusion but I don't think this is an acceptable option!
Any opinions from other members appreciated!:)
 

venustus

Level 47
Verified
Trusted
Content Creator
Behavioral blockers are harder to determinate the type of malware.
A worm can execute codes like a trojan, a trojan also can execute codes like a rogue.
It's harder to defin a "threat" type..

The best config, is the normal config :p
Thanks for the reply but I bet if I turned Avast hardened mode off and ran some malware the computer would be compromised?!:)
 

Littlebits

Retired Staff
Don't get me wrong Avast is an excellent AV, but just like with any AV if you download and run infected files sooner or later you will get infected. Just always download files from safe sources. Hopefully they will eventually make improvements to Hardened Mode.

Thanks. :D
 

Cowpipe

New Member
One my my pet hates with the more aggressive behaviour analysis is that there is no attempt to analyse the context. So legitimate programs get blocked (just to be safe).

Good example a few years back when I used Avast, it blocked a legitimate java update with normal config, no information displayed, just the filename, and a link to a page for 'more information' which basically told me 'files that are blocked are potentially malicious and could harm your computer'.. Yup. Oh hello Avast, yep block file (could be malicious), bye bye java update.. Oh hello java drive by...:D
 

Striker

New Member
I just tried installing the new Avast R4 Beta,and as usual I tried installing over the top of the existing version,as suggested on the forums and in the Avast forum!
"Hardened mode" was on in the previous version, set to moderate
This is what I get:


In other words "Avast Hardened mode" in my eyes at least, cannot discern correctly when a program is safe or not with a default block policy!
I know I can setup an exclusion but I don't think this is an acceptable option!
Any opinions from other members appreciated!:)
u need to switch to aggressive..it use a cloud whitelist from known programs. u dont get that popup on aggressive mode..
 

venustus

Level 47
Verified
Trusted
Content Creator
I like how it says "If you're sure you want to run the program" on a mode intended for inexperienced users... I could name far too many people whose reaction to that (on any file) would be "of course I'm bloody sure I want to run it, that's why I opened it, stupid thing. Exclude"...
Indeed there is no indication as to WHY the file is being blocked!
As a Kaspersky user I will get a block and an indication as to why it was blocked>>>trojan etc
 

Cowpipe

New Member
Indeed there is no indication as to WHY the file is being blocked!
As a Kaspersky user I will get a block and an indication as to why it was blocked>>>trojan etc
And what are the bets that if there were some 'computer psychic' who could actually talk to Avast and ask it why the file was blocked, it would reply, with a raspy wisdom... "Signature 0X27CB was matched"... Ah ok, now I know it's safe, thanks for the help Avast.
 

avast! Protection

New Member
I will try to explain how avast! Hardened works and why it behaves differently.

By default, avast! checks suspicious files which are not yet known by putting them in a sandbox environment to see how they behave (DeepScreen). If the antivirus finds nothing suspicious in files' behaviour, it automatically starts the application after analysis. The Hardened mode works a bit differently.

As you are aware of, the Hardened mode has two settings - Moderate and Aggressive. By my opinion, the two options should swap their names as I find the Aggressive mode less-intrusive and safer. :D

I will explain you why:

Moderate Setting: When the moderate setting is turned on, avast! automatically blocks files that are detected as suspicious by initial analysis. As I explained above, avast! puts the potential threats in sandbox and if nothing found, starts it automatically. On the other hand, the Moderate hardened mode stops suspicious files' execution right there.

Aggressive: The Aggressive mode analyses if the file is included in avast!'s white-list database located in avast! Cloud. If the file is present in the white-list (flagged as safe), avast! allows it to be executed.

I think that the Hardened mode with white-listing check has a potential in the future as the number of malware threats grows every second and AV vendors may come to a point where it will be easier to check if a given application is white-listed, rather than heavily relying on the heuristic analysis of 0-day threats as a day may come when the number of threats will be bigger than legitimate software packages releases for a given time frame. Of course, this solution may lead to lots of headaches for software developers but there greater minds than me who will find a solution for it as well. :)