does avast hardened mode improve malware detection?

let's say I put avast into hardened mode, and also turn on pup protection.
Besides the headache it will cause, is that going to give me a level of protection similar to leading AVs like bitdefender and kaspersky? Or is it not worth the headache?

I am on windows 10, so the above-mentioned AVs are not an option for me.
I tried qihoo 360, but I noticed that they don't update the virus lists very often. for instance, the bitdefender was 2 days old, and the avira was 1 day old, and counting. So, not very impressive protection!

Bitdefender free does work on windows 10, and I could probably live with the lack of options, but it is cloud based, so if you have a spotty internet connection, you also have spotty protection.

 

Fort Knox your machine with Comodo, it should protect you both online and offline.

 

Hardened Mode

- Moderate
Automatically blocks anything that would otherwise trigger DeepScreen analysis. It gets triggered by preliminary file analysis and reputation, but then program doesn't get analyzed by the DeepScreen, instead it's blocked instantly. Basically, program has to exhibit some basic suspicious characteristics and it will get blocked entirely.

- Aggressive
Pretty much entirely disregards file behavior on the system and strictly obeys the whitelist. Anything not on the whitelist is blocked. As funny as it might sound, this mode at least from my experience works better than "Moderate" and also provides dramatically higher protection. You can say it provides nearly 100% protection.

If you deal with new program releases, both will get slightly annoying (especially if those apps aren't digitally signed), but Aggressive is more user friendly from my experience. I'm using this mode on my tablet and sister's computer where apps are rarely updated or installed and everything is working just fine.

 

Totally agree...use Aggressive with PUP on...no headaches. I would avoid the current beta until it's ready.

 

okay, but aren't there types of malware infections that don't entail starting up a new .exe process?
for instance, I understand that some malware embeds itself in an existing .exe file, so I would think that hardened mode is not going to stop it.
also, I understand that some malware does not load into the memory. So again, I would think that it would not trigger the hardened mode.

 

Yes it does. I have put it on the family computer with harden setting and harden mode on and this pc for the first time has been infection free for months. Nothing seems to be able to penetrate it so-far.

 

If you attach anything to a file, you modify it's digital signature. Menaing it falls off the whitelist or gets on the blacklist. Hardened Mode will detect such modifications to the EXE files. Loading in memory has no effect on Hardened Mode. Only thing that Hardened Mode doesn't prevent is direct in-memory execution afaik. But that is usually only used as an entry point and usually later still reqires disk access to make it permanent so at one point Hardened Mode will kick in.

 

thanks.
so it sounds like hardened mode is actually pretty effective.

 

Where exactly in Avast is the setting to enable the detection of PUPs?

 

settings/general
it's second from the bottom in the list.

 

Does hardened mode affects windows updates i.e can block windows updates?

 

if you put it on "aggressive", it follows a whitelist of known processes, so you won't have a problem with the common windows programs and processes.
if something it doesn't know tries to start up, it asks you whether to allow it.

 

No. Windows Updates, no matter how new they are, they are signed by Microsoft certificates. They are whitelisted and avast! will never interfere with them.

 

Thanxx for the info

 

wow the latest update of avast includes a behavior / HIPS module added. Very happy. Now its even more powerful. But its in low setting by default and need to set it to high if you want.

 

I'm currently using NVT ERP along with Avast. So, is the Avast's 'Aggressive' Hardened mode overkill and somewhat duplicating NVT already does?

 

well been using avast harden mode on family pc and not it great. just sometimes when new unsigned programs or once in a while a program with low reputation trying to run, it pops up a message that it blocked it unless you want to allow it. Now with the new HIPS I will see how it goes.

 

HIPS doesn't change that. It's just a behavior analysis based detection entirely separated from the Hardened Mode.

 

Avast should have a proactive module. Features that provide proactive protection are scattered in Avast GUI.

 

I think the OP was averse to headaches.

My Win10 360s have been updating daily. I know because it notifies me every time for each 3rd party engine (I wish it wouldn't do that...notify me when there's a problem, not when there isn't).

My experience matches @RejZoR in that aggressive is less of a headache (I don't remember it being difficult at all but it's been a while but wife hasn't complained and that's her setup--and she cringes every time I start testing Comodo).

 

So Aggressive Mode is better & more user friendly than Moderate Mode.
So the naming is confusing & most people will choose Moderate over Aggressive thinking Moderate will be less problematic & more user friendly. They should change the name to suit better.

Your post should be sticky on Avast forum, is it?

Exclusions in Hardened Mode are still scanned by AV, right?
And exclusions works for both mode even if you change from aggressive to moderate & vice versa, right?

I am using Aggressive Mode & liking it so far & fairly easy enough to use. You have replied to my other post that hardened mode will never block windows updates & windows/system/critical files... thats good to know.
How big is the whitelist?

The only thing I dont like is ---
When you exclude anything it is directly put into exclusion.
I think the better would be when you exclude anything it should be deepscreened & on no malware detection should be put into exclusion.

 

I've asked them if stuff you exclude gets scanned by DepScreen and I've never really got a straight answer to that. To me it seems like it just excludes it instead of doing an actually checkup before excluding. Which is a bit stupid design if you ask me. Hardened mode blocks it before actual behavior is analyzed. So not doing it at all before exclusion kinda makes it worse than just leaving DeepScren scan susupicious stuff without Hardened Mode funtionality...

 

But are hardened mode exclusions scanned by realtime protection?

 

Last time I checked out Avast free, it first checks blacklist, then it checks the whitelist. When user overrules hardened mode block, it is put on exception list. New behavioral monitor does respect exception list also (but might trigger server side analysis at avast)

 

+1
i have doubled up on 3 pcs
- Avast (hardened mode-aggressive) + online armor (app whitelisting enabled)
2x - Avast (hardened mode-aggressive) + VoodooShield

the first setup although Avast and OA both whitelist apps they obviously have other features that don't overlap so definitely not overkill.
the second setup VoodooShield blocks execution in malware prone folders & has a local whitelist Vs cloud based in Avast. is this overkill - maybe... could use Secure Folders to protect folders and just use Avast, but maybe the difference in the way the whitelists are generated provides enough additional protection to warrant the overlap?

@TomAZ with your setup i believe the benefit of adding NVT is just local Vs cloud whitelist - maybe someone in the know could comment on the pros/cons of each

also, i see a lot of sigs with NVT + Appguard... the explanation i've seen given is that they go about blocking in different ways & are therefore prone to different vulnerabilities so the overlap is warranted - not sure if this also applies in these other combos