We recently released a new version of our flagship PC product, Avast 2017, which uses various engines, including CyberCapture, to scan for threats. Our engines are protection layers, that can step in at different stages to safeguard you from threats. An additional layer we added to Avast 2017 is a patent-pending technology that we call Behavior Shield.

Behavior Shield can be compared to real-life security that is on patrol duty at a major event. As real-life security would observe a crowd for suspicious or dangerous behavior, Behavior Shield monitors all the programs running on your PC that have passed through initial security checks. It carefully observes program behavior and if it notices something uncharacteristic, it starts looking even closer. Once it identifies something really fishy, it stops the action and reports the behavior to you, before any damage can be done. So, if for example, your mail client starts a javascript interpreter connecting to the internet, Behavior Shield will step in, as this isn’t normal behavior for a mail client and could lead to a malicious download.

This may sound relatively easy to do, but in fact, Behavior Shield is very complex under the hood. At the heart of it is a real-time graph that describes all the actions that the individual processes in the operating system are doing, including their relations, code injections, etc. On top of that, there is a lot of logic that allows us to distinguish good from bad – and for that, we rely on artifical intelligence, namely neural networks. And finally, there’s the powerful Avast cloud that puts all the actions in a global context and allows for ultra-fast reactions across all the protected endpoints.

With Behavior Shield we can protect against zero-second threats, malicious programs and cyber spying on passwords and bank account details that would normally not be possible using traditional detection methods. But the best thing about it is that it has proven to be especially powerful against ransomware. Although ransomware samples evolve and morph rapidly, they still exhibit specific behaviors that can be identified. Behavior Shield is capable of detecting and stopping new ransowmare variants that haven’t been seen before – something that’s been inherently difficult using other protection mechanisms.

While powerful, one would suspect Behavior Shield has a greater chance to report false positives. However, using a huge cloud-based database, we can filter these out as well. If there’s a program you absolutely trust, you can easily add it to exclusions and Behavior Shield will leave it unsupervised. Additionally, a copy of all reported files get sent to Avast for manual inspection, so any false positives won’t happen more than once.

Behavior Shield comes standards in all versions of Avast, including Avast Free Antivirus, and doesn’t need to be activated or set-up to start protecting you. It is yet another innovation brought to you by Avast to deliver on its mission of protecting you online, because we know you have better things to do.