avast performance tweaks

The answer I believe would be yes to both questions.

 

Behavioral blocker now also guards registry (e.g. autostarts), I have used PoC's to trigger it. So definitely can confirm Rezjor's observation.

Auto Sandboxing does look at exe characteristics (like structure, whether it does has a description, not signed, no valid publisher, unuasual compression techniques, etc). Have not found out all of the trigger points, but seems to be a security layer with a different 'view' (makes sense when you also have a behavioral shield), so they seem to work independantly. Auto Sandboxing is triggered by PE-file heuristics and not by behavioral execution charistics as far I have been able to test it. In laymen terms: when malware obfuscates the excutable from being detected by the file-shield, the auto sandboxing kicks in. So you definitely need the file shield with the sandbox.

 

Well, the AutoSandbox is indeed rather independent on the Behavior Shield (as the decision on whether to sandbox an application or not has to be done before starting the executable - while the Behavior Shield watches the actions when the executable is already running). On the other hand, the Behavior Shield might supply some information about the parent (the application that is now trying to launch the executable in question) - which could affect the decision about its sandboxing.

I'm not saying such information is really used at the moment, but the rules are tuned/added continuously, so it is certainly an option for the future.

 

L_C

Sandboxing is triggered by PE-file heuristics (like structure, whether it does has a description, not signed, no valid publisher, unuasual compression techniques, etc). ====>

Because it is at start of processing (actually before), Avast sandbox can sandbox everything the malware touches. Big advantage for people with very little PC knowledge: software stays consistent and intact.

Behavioral blocker can intervent only during processing (the malware has to do something suspicious), sandboxing would be partly, so the software might be inconsistent after reboot. Anti Virus has to be easy to use and simple (meaning few FP's and causing no incompatibility), so blue screens or fatal software errors are intolerable IMO for such a wide target group of noobs.

IMO Behavioral blocker will be mainly targetted at rootkits and staged intrusions (e.g. surviving re-boot) and collecting suspicious executables through user network.

 

although similar, the behavior shield has nothing to do here, since the FileSystem Shield uses active heuristics analysis while the image is emulated through Sandboxing

AutoSandboxing is part of the FileSystem shield

 

It sure shows up well against acknowledged top AVs in the latest AVC on demand test.
I don't worry whether or not it is considered professional, but just that it gives first rate protection. If it doesn't then prove it.
Regards,
Jerry

 

The best part is, geeks can choose what exact shields they want and the avg. Joe can just install and be protected. What's not to love?

 

OK, I'll bite: the relatively high number of false positives, as reported by av-comparatives?

 

Arguments based on one particular test are really not worth pondering over.

 

I've seen far worse. Few false positives in test that is just provoking to hit a FP. In real world situations, false positives are very rare. They do happen like with any other AV but are still very rare. I'f i'm honest i haven't had one for like more than half a year. If not much more than that.

 

I'm using Firefox Browser and its NoScript extension that is thorough to a fault. Is there any point in activating Avast! script shield?

 

No point really. Just increasing the chance of potential conflict.

 

Nonsense. Script Shield doesn't conflict with anything. It just analyzes executed scripts and unless something gets blocked, nothing can conflict.

 

Do you have inside knowledge on who gets to parse the script code first - NoScript or Script Shield as it is downloaded and rendered by the browser? Come on, chill a bit, vlk is not your master. You are a free human/sheep.

 

Script Shield is IE-only last time I checked.

 

The latest Avast! shows shields for FF, Chrome and IE. Why would they make the Script Shield for IE exclusively?

 

Do you mean the Script Shield section or WebRep?

 

umm, what?

 

Hot Key expression (Macro) for those whose pet AV did poorly.

This Macro is also useful for those who have nothing to say but feel compelled to post anyway.

 

Good advice guys.

Thanks

 

Take that red umbrella off-your head, the sun is out.

Thanks for demoing foot-in-mouth for wilders members.

 

Hey wait a minute. I've got nothing to say and I didn't feel compelled to post. Doh!

 

avast 5 vs 6 resident shield speed

but
i guess i 'm wrong

but i found avast resident shield 5 more fast then 6

does somebody agree with me?

 

I find that hard to believe actually. The scan engine is basically the same in these two.

 

I'm running Avast now here at work. After testing some major players, we decided to go with Avast (and Prevx) here at my work.

I do not notice any slowdowns with Avast 6. Loving it so far.