So, at least based on my experience, Aggressive Mode is actually much more secure and also a lot less intrusive. If it's not found or marked as bad, it will block it. If file is located within the cloud and flagged as safe, it will allow to run it. It actually relies on analysis on a very small scale and mostly relies on a huge whitelist database located in avast! Cloud. But Hardened Mode (Moderate) blocks it right there. In most cases DeepScreen checks the file and if it doesn't find obvious malicious problems with it, those files are started automatically after analysis. But if Moderate Hardened Mode is enabled, avast! automatically blocks files that are detected as suspicious by preliminary analysis. Under normal conditions, if avast! decides that some file is too suspicious by various characteristics, it then throws it into the DeepScren for further scanning.
That explanation is correct in some areas and wrong in some.
