avast! v.6.0.1119 Release Candidate Released

So your point is that avast! Should resort to a high pop-up model to make it visible which other HIPS program it is conflicting with? Even though you should actually not be running two HIPS/Behavior Blockers together in the first place?

 

No that seems to be your incorrect assumption.Im merely stating that (imo) avasts behaviour blocker is not an obvious hips type module because theres rarely a popup or peep out of it and the lack of settings reinforces that.In that respect its quite easy for the unsuspecting to install other hips programmes without realizing the real possibility of conflict with the behaviur shield.
ellison

 

I don't know about you guys but my popups were more than rarely, after 5.1 was released. Maybe the behavioral shield won't popup till you aren't expecting, you know, like a surprise.

 

I read somewhere here in Wilders that the Avast Behavioral Shield is "passive". Using Avast IS with CIS ver5.3 then. I disabled D+ to check how it works. I used it but never got a pop-up during installation of The KMPlayer ver1440 . At that time I also upgraded CCleaner. There was none after a week of use. When I encountered a news info that The KMPlayer that was posted at FileHippo was laced with malware, I used a system image to go back to the time I tested the 'behavioral shield'. Disabled it and activated D+ again. Installed the The KMPlayer file that I downloaded from FileHippo. Got pop-ups asking something that a .exe file wanted to install something..."vaccineclean" and another component I forgot. Click Block in CIS pop-up. Terminated the install. Did CCleaner upgrade. Got pop-ups too. Terminated the install/upgrade. Did the system restore from where I restored the image backup.

I then used a later version as it was advised by the makers of The KMPayer ver13xx something. Got one pop-up that The KMPlayer was trying to call home. CCleaner upgrade showed the same pop-ups. Aside from that nothing else from CIS ver5.3.

So I uninstalled the Behavioral Shield of AIS and used CIS D+ again.

Will not use this RC version and will remain with the stable version for the time being. Don't want to "RC test" for avast.

 

The behaviour shield has been passive until v6. The default setting is auto-decide, if you want pop-ups, set it to ask

 

-- Actually it was in "Ask". I was with AIS ver6.0.1035 and CIS ver5.3. That was a setting recommended in the avast forums prior using the Behavioral Shield. Someone also said there that allowing both to run is okay because Avast's BS is light enough and will not cause a conflict with CIS. Did not test it (both running). The issue that time was between the two apps was Avast AutoSandbox and Comodo's Sandbox so I did not try running both HIPS, would not wan to have some inevitable-conflict and, as I decided on that time was to test the Behavioral Shield only.

I hope someone will test the Behavioral Shield/AutoSandbox of Avast somewhere or just like aigle did with the gpCode/Blackday trojan so we will know here how it will it fair. Aigle said that there will be no tests in the meantime for him.

Prevx has had a sample of the trojan (courtesy of Aigle) and has confirmed that the Prevx paid version will block it. The PrevxSOL facebook edition(special freeware edition) will only alert/identify that it's in your pc. No blocking.

I hope in behalf of Avast or Avast itself will take the initiative, well just to inform us all here.

Thanks for the update of the "passive". I may test it again sometime next week with OA Premium/CISver5.4/Outpost Pro.

 

This is the problem that i have with the behaviour shield.Just how much of a hips component is it and what exactly on my system does it check and what is the criteria for such a check?.I also have the behaviour shield set to ask and it rarely pops up over anything.Is it any good? i really dont know.In fact when i look at behaviour shield expert settings ,the first two choices that are ticked should in my opinion already be covered by the file system shield.The third choice "monitor the system for unauthorised modifications" is very ambiguous and could mean anything.Does it for instance just check run keys? or browser home pages?I really dont know.
ellison

 

In my tests of Avast I had the very same issue. Avast's behavior blocker seems to be more of an urban legend than a *real* HIPS.

 

Remember people, Avast BS is a behaviour blocker, not a HIPS (and especially incomparable to a classical one like Comodo D+). Therefore, it's more like ThreatFire and Mamutu.

 

Hi Jl..
No disrespect ,but how do you know what it is?.If you have some information on what it checks or exactly does ,i d be grateful for the links.
ellison

 

I have difficulties finding out how these guys perform. U know any valid tests of how these behavior blockers compare?

 

@ellison64: It's pretty obvious due to the amount of pop-ups. Classical HIPS monitors any potentiality dangerous changes in system, while Behaviour Blockers analyzes the activity and determine whether it's malicious or not.

@eBBox: No I don't.

 

not to mention the obvious fact that its called the "behavior" shield lol

 

I think AVAST BB is slowly sneaking up on the Bad Guys and will jump on their back someday.

Also AVAST may be Fine Tuning it to avoid FP .

 

Building a well-behaved auto-decideing behaviour guard will require a lot of effort andf integration with the other detection agents. Ramping up the sensitivity while keeping the default setting at "Ask" and getting FP feedback from users could well be the strategy Avast is employing.

 

I see now (with all the succeeding replies) that it is time to test Avast BS. Sandbox shoul also be tested...

 

You miss my point.What activity is the behaviour blocker analysing?.What is the criteria for the analysing?
ellison

 

Avast also has a sandbox but i dont get grit in my keyboard
ellison

 

LOL

 

lol well a sandbox in computer security terms has its own meaning

 

Thanks for that pearl of wisdom firzen
ellison

 

Maybe it's just me, but sandbox has been getting more and more vocal with each release. Getting some users really annoyed and doesn't seem to always remember when you tell it to remember the setting.

 

Depends on the program and their criteria. I'm not an expert on this, so I can't give you a detailed answer.

If you want to really compare it to a Classical HIPS, try Malware Defender. It doesn't have the reduced alerts of Comodo due to tiny whitelist and no sandbox.