does avast hardened mode improve malware detection?

Discussion in 'other anti-virus software' started by shmu26, Jul 9, 2015.

  1. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    243
    let's say I put avast into hardened mode, and also turn on pup protection.
    Besides the headache it will cause, is that going to give me a level of protection similar to leading AVs like bitdefender and kaspersky? Or is it not worth the headache?

    I am on windows 10, so the above-mentioned AVs are not an option for me.
    I tried qihoo 360, but I noticed that they don't update the virus lists very often. for instance, the bitdefender was 2 days old, and the avira was 1 day old, and counting. So, not very impressive protection!

    Bitdefender free does work on windows 10, and I could probably live with the lack of options, but it is cloud based, so if you have a spotty internet connection, you also have spotty protection.
     
  2. GakunGak

    GakunGak Registered Member

    Joined:
    Mar 24, 2009
    Posts:
    953
    Fort Knox your machine with Comodo, it should protect you both online and offline.
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Hardened Mode

    - Moderate
    Automatically blocks anything that would otherwise trigger DeepScreen analysis. It gets triggered by preliminary file analysis and reputation, but then program doesn't get analyzed by the DeepScreen, instead it's blocked instantly. Basically, program has to exhibit some basic suspicious characteristics and it will get blocked entirely.

    - Aggressive
    Pretty much entirely disregards file behavior on the system and strictly obeys the whitelist. Anything not on the whitelist is blocked. As funny as it might sound, this mode at least from my experience works better than "Moderate" and also provides dramatically higher protection. You can say it provides nearly 100% protection.

    If you deal with new program releases, both will get slightly annoying (especially if those apps aren't digitally signed), but Aggressive is more user friendly from my experience. I'm using this mode on my tablet and sister's computer where apps are rarely updated or installed and everything is working just fine.
     
  4. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,228
    Location:
    North Texas
    Totally agree...use Aggressive with PUP on...no headaches. I would avoid the current beta until it's ready.
     
  5. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    243
    okay, but aren't there types of malware infections that don't entail starting up a new .exe process?
    for instance, I understand that some malware embeds itself in an existing .exe file, so I would think that hardened mode is not going to stop it.
    also, I understand that some malware does not load into the memory. So again, I would think that it would not trigger the hardened mode.
     
  6. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,168
    Yes it does. I have put it on the family computer with harden setting and harden mode on and this pc for the first time has been infection free for months. Nothing seems to be able to penetrate it so-far.
     
  7. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    If you attach anything to a file, you modify it's digital signature. Menaing it falls off the whitelist or gets on the blacklist. Hardened Mode will detect such modifications to the EXE files. Loading in memory has no effect on Hardened Mode. Only thing that Hardened Mode doesn't prevent is direct in-memory execution afaik. But that is usually only used as an entry point and usually later still reqires disk access to make it permanent so at one point Hardened Mode will kick in.
     
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    243
    thanks.
    so it sounds like hardened mode is actually pretty effective.
     
  9. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,004
    Location:
    USA
    Where exactly in Avast is the setting to enable the detection of PUPs?
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    243
    settings/general
    it's second from the bottom in the list.
     
  11. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    Does hardened mode affects windows updates i.e can block windows updates?
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    243
    if you put it on "aggressive", it follows a whitelist of known processes, so you won't have a problem with the common windows programs and processes.
    if something it doesn't know tries to start up, it asks you whether to allow it.
     
  13. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    No. Windows Updates, no matter how new they are, they are signed by Microsoft certificates. They are whitelisted and avast! will never interfere with them.
     
  14. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    Thanxx for the info
     
  15. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,168
    wow the latest update of avast includes a behavior / HIPS module added. Very happy. Now its even more powerful. But its in low setting by default and need to set it to high if you want.
     
  16. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,004
    Location:
    USA
    I'm currently using NVT ERP along with Avast. So, is the Avast's 'Aggressive' Hardened mode overkill and somewhat duplicating NVT already does?
     
  17. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,168
    well been using avast harden mode on family pc and not it great. just sometimes when new unsigned programs or once in a while a program with low reputation trying to run, it pops up a message that it blocked it unless you want to allow it. Now with the new HIPS I will see how it goes.
     
  18. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    HIPS doesn't change that. It's just a behavior analysis based detection entirely separated from the Hardened Mode.
     
  19. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    Avast should have a proactive module. Features that provide proactive protection are scattered in Avast GUI.
     
  20. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
    I think the OP was averse to headaches. :D

    My Win10 360s have been updating daily. I know because it notifies me every time for each 3rd party engine (I wish it wouldn't do that...notify me when there's a problem, not when there isn't).

    My experience matches @RejZoR in that aggressive is less of a headache (I don't remember it being difficult at all but it's been a while but wife hasn't complained and that's her setup--and she cringes every time I start testing Comodo).
     
  21. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    So Aggressive Mode is better & more user friendly than Moderate Mode.
    So the naming is confusing & most people will choose Moderate over Aggressive thinking Moderate will be less problematic & more user friendly. They should change the name to suit better.

    Your post should be sticky on Avast forum, is it?

    Exclusions in Hardened Mode are still scanned by AV, right?
    And exclusions works for both mode even if you change from aggressive to moderate & vice versa, right?

    I am using Aggressive Mode & liking it so far & fairly easy enough to use. You have replied to my other post that hardened mode will never block windows updates & windows/system/critical files... thats good to know.
    How big is the whitelist?

    The only thing I dont like is ---
    When you exclude anything it is directly put into exclusion.
    I think the better would be when you exclude anything it should be deepscreened & on no malware detection should be put into exclusion.
     
  22. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I've asked them if stuff you exclude gets scanned by DepScreen and I've never really got a straight answer to that. To me it seems like it just excludes it instead of doing an actually checkup before excluding. Which is a bit stupid design if you ask me. Hardened mode blocks it before actual behavior is analyzed. So not doing it at all before exclusion kinda makes it worse than just leaving DeepScren scan susupicious stuff without Hardened Mode funtionality...
     
  23. Yash Khan

    Yash Khan Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    1,837
    But are hardened mode exclusions scanned by realtime protection?
     
  24. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,093
    Location:
    Netherlands
    Last time I checked out Avast free, it first checks blacklist, then it checks the whitelist. When user overrules hardened mode block, it is put on exception list. New behavioral monitor does respect exception list also (but might trigger server side analysis at avast)
     
  25. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    328
    Location:
    Canada
    +1
    i have doubled up on 3 pcs
    - Avast (hardened mode-aggressive) + online armor (app whitelisting enabled)
    2x - Avast (hardened mode-aggressive) + VoodooShield

    the first setup although Avast and OA both whitelist apps they obviously have other features that don't overlap so definitely not overkill.
    the second setup VoodooShield blocks execution in malware prone folders & has a local whitelist Vs cloud based in Avast. is this overkill - maybe... could use Secure Folders to protect folders and just use Avast, but maybe the difference in the way the whitelists are generated provides enough additional protection to warrant the overlap?

    @TomAZ with your setup i believe the benefit of adding NVT is just local Vs cloud whitelist - maybe someone in the know could comment on the pros/cons of each

    also, i see a lot of sigs with NVT + Appguard... the explanation i've seen given is that they go about blocking in different ways & are therefore prone to different vulnerabilities so the overlap is warranted - not sure if this also applies in these other combos
     
Loading...