Get this font in here!
This Article Applies to:
- Avast Small Business Solutions
- Avast Small Office Protection
Behavior Shield is an additional layer of Antivirus active protection. It monitors all processes the devics in real time for suspicious behavior that may indicate the presence of malicious code. Behavior Shield works by detecting and blocking suspicious files based on their similarity to other known threats, even if the files are not yet added to the virus definitions database.
Behavior Shield is available for Windows workstations only.
Behavior Shield is part of the Core Shields of the Avast Business client.
From Protection > Core Shields, you can enable/disable this component using the dedicated toggle.
Note that it is not possible to individually enable/disable Behavior Shield in managed devices - only all core shields can be disabled/enabled at once from the Advanced Settings. Unmanaged devices have free control over disabling/enabling these shields.
Configuring Behavior Shield Settings
There are no advanced Behavior Shield settings available in Menu > Settings > Protection >
However, within the Geek Area of the client, it is possible to select an added option for Behavior Shield when handling suspicious programs. To configure this setting:
- Go to Menu, then select Settings
- Click Search in the top right corner
- Type geek:area in the search field, then hit Enter
- Under the Behavior Shield section, choose the shield's response to malicious program behavior:
- Always ask: Behavior Shield asks what you want to do with a detected threat before any action is taken
- Automatically move detected threats to Quarantine: Threats that behave similarly to known threats listed on the Avast virus definitions database are moved to Quarantine
- Automatically move known threats to Quarantine (enabled by default): Threats that are listed on the Avast virus definitions database are moved to Quarantine, unknown threats will be asked
Adding Behavior Shield Exceptions
If needed, you can add exceptions to the Behavior Shield scans through the Exceptions tab of the Settings > General section. This can speed up the scans and prevent false-positive detections. For detailed instructions, see
The managed endpoints are designed to be controlled from the policies, therefore the important shields are inaccessible from the UI to be disabled individually. Core Shields can only be disabled together.
The local Antivirus is simplified with its controls in the UI. The user can only control all shield settings from these toggles at once, rather than individual settings for each shield.
We have the advanced controls in our managed policies to be able to configure each shield individually, which overwrites the local client settings, leading to these options being empty. The same can be performed from the Geek Area.
They are still configured correctly, they simply are not visible in the local client UI.
Enable the password protection of the UI (locally in unmanaged, from the policies in managed) in order to prevent the local user disabling shields.
Add the application as an exclusion either in the global or Behavior Shield specific exclusions. Verify if there are any potentially conflicting applications (e.g. another antivirus) running on the system and remove it if found.
Other Articles In This Section: