This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Behavior Shield

This Article Applies to:

  • Avast Business Hub

 

Behavior Shield is an additional layer of Antivirus active protection. It monitors all processes on the device in real time for suspicious behavior that may indicate the presence of malicious code. Behavior Shield works by detecting and blocking suspicious files based on their similarity to other known threats, even if the files are not yet added to the virus definitions database.

Behavior Shield is available for Windows workstations only.

Configuring Behavior Shield Settings

To define which action the shield should perform upon detecting a suspicious program:

  1. Open the Policies page
  2. Click the desired policy to open its Detail drawer
  3. Select the Settings tab, then Antivirus
  4. Expand the Behavior Shield section (under Antivirus Protection)
  5. Choose between:
    • Always ask: Behavior Shield asks what you want to do with a detected threat before any action is taken.
    • Automatically move detected threats to the Quarantine: Threats that behave similarly to known threats listed on the Avast virus definitions database are moved to Quarantine.
    • Automatically move known threats to the Quarantine (enabled by default): Threats that are listed on the Avast virus definitions database are moved to Quarantine, unknown threats will be asked.

Adding Behavior Shield Exclusions

If needed, you can add exclusions to the Behavior Shield scans through the Antivirus Exclusions settings of a selected policy. This can speed up the scans and prevent false-positive detections.

For more information on standard and component-specific exclusions, see Configuring Antivirus Exclusions.

FAQ

The managed endpoints are designed to be controlled from the policies, therefore the important shields are inaccessible from the UI to be disabled individually. Core Shields can only be disabled together.

The local Antivirus is simplified with its controls in the UI. The user can only control all shield settings from these toggles at once, rather than individual settings for each shield.

We have the advanced controls in our managed policies to be able to configure each shield individually, which overwrites the local client settings, leading to these options being empty. The same can be performed from the Geek Area.

They are still configured correctly, they simply are not visible in the local client UI.

Enable password protection of the UI to prevent the local user disabling shields.

Add the application as an exclusion either in the global or Behavior Shield specific exclusions. Verify if there are any potentially conflicting applications (e.g. another antivirus) running on the system and remove it if found.

 

Other Articles In This Section:

File Shield

Web Shield

Mail Shield

Related Articles:

Managing Policies

Configuring Antivirus Exclusions

Troubleshooting 'Invalid Mail Server Certificate' Warnings