Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: bri on March 11, 2010, 02:16:17 AM
-
i have ie set to run sandboxed,when i download a file and save it to my downloads or desktop the file is there.i thought if its sandboxed it shouldnt be saved?i have the box in ais settings unchecked(auto detect safe locations and exclude)
-
I thought if its sandboxed it shouldnt be saved?
Sandbox is a protected environment that avoids things get out of it and harm the computer.
It does not prevent or block anything. It just does not allow it to get out of it...
-
Sandbox is a protected environment that avoids things get out of it and harm the computer.
It does not prevent or block anything. It just does not allow it to get out of it...
However, if the file is saved on the computer, then, doesn't it mean that the file is out of sandbox, which is, I presume, the OP's point. I think pk is the best person for explanation, though.
-
http://forum.avast.com/index.php?topic=56671.msg478749#msg478749
-
http://forum.avast.com/index.php?topic=56671.msg478749#msg478749
Sorry, Tech, I cannot get it. Could you elaborate a bit?
[Edit]Never mind, I got it. The sentence, which I "painted" red, was rather misleading, though.
Checkbox "Automatically detect safe locations and exclude them from virtualized" is checked by default, it means all downloads (in standard way) won't be virtualized. It also means, that some settings inside browsers won't be virtualized either (bookmarks, cookies, history ...). I think we'll split it into more checkboxes or rather we'll try to add more expert settings in new builds.
Add-on updates cannot be detected automatically, because when I've updated my three addons I saw a lot of internal files were modified (prefs.js, data files, ...). For now, you 'll need to run FF outside the sandbox and perform these "radical" changes there. I think we'll include a checkbox in expert settings which would allow to stop virtualizing for the entire FF profile (unchecked by default, because I guess it might be a security risk).
Thanks pk, i have to set an exclusion for addons like C:\Program Files\Mozilla Firefox\plugins\* ??
The right entry to exclude the entire FF profile is: %AppData%\Mozilla\Firefox\Profiles\* (don't use Browse button, just copy&paste it there)
So, Bri, that's the answer from pk. I believe pk meant any download (in standard way) won't be virtualized.[/Edit]
-
now im confused.i have that box in ais settings unchecked.i dont get it?if i double click that file on the desktop will it install(it shouldnt)?
-
now im confused.i have that box in ais settings unchecked.i dont get it?if i double click that file on the desktop will it install(it shouldnt)?
Oops. I guess I was confused by Tech's reply, too. Indeed, you wrote you had the box in ais settings unchecked(auto detect safe locations and exclude). Unfortunately, I haven't used the sandbox function after the beta phase and I don't know how it works now. However, at that time, I couldn't save downloaded files locally. Indeed, your case sounds odd... ???
-
it's absolutely normal (when file get saved automatically to predefined location) , this is completely expected as long as "automatically detect safe locations and exclude them from virtualization" (found in expert settings), is checked ;D ... same goes for bookmarks etc...
Now if your download procedure is set to ask every time where you want to download, doesn't matter whether the program is sandboxed of not, you just choose the location.
-
I thought if its sandboxed it shouldnt be saved?
Sandbox is a protected environment that avoids things get out of it and harm the computer.
It does not prevent or block anything. It just does not allow it to get out of it...
If you run a file (a downloaded file) out of the sandbox, it's not sandboxed of course and the effects won't be "blocked".
-
i have that setting unchecked.why is it still saving the file to the desktop?it also installed perfectly fine?
it's absolutely normal (when file get saved automatically to predefined location) , this is completely expected as long as "automatically detect safe locations and exclude them from virtualization" (found in expert settings), is checked ;D ... same goes for bookmarks etc...
Now if your download procedure is set to ask every time where you want to download, doesn't matter whether the program is sandboxed of not, you just choose the location.
-
i have that setting unchecked.why is it still saving the file to the desktop?
OK what I described was the behavior a while ago, I'm gonna check how it works now and report back in a minute...
-
OK just like I said, in Firefox (sandboxed), if downloads are set to be saved automatically to the same location, they'll go to the sandbox folder. If download location is set manually each time, you just do what you want and it's saved where you want.
Internet Explorer doesn't allow to set an automatic download location, it just retains the last one used, so it's manual every time and will never go to the sandbox that's normal >>> this just means that it doesn't depend on a setting in Internet Explorer OK, so this can't be virtualized at the opposite of how it can be done in Firefox >>> predefined download location >>> you click save and you're not asked where >>> the predefined download folder gets sandboxed.
-
thats crazy.as far as im concerned the sandbox part doesnt work.a file can be saved and installed even if the browser is sandboxed.
-
thats crazy.as far as im concerned the sandbox part doesnt work.a file can be saved and installed even if the browser is sandboxed.
I don't think you read my last post at all ::) the behavior in IE is absolutely normal.
-
are you saying that if i have ie set to always run sandboxed and i download a file i must manually download it to the sandboxed folder?if it is thats crazy.when a browser is sandboxed everything comin through that browser should also be sandboxed.it shouldnt matter where the download is set to go.
-
are you saying that if i have ie set to always run sandboxed and i download a file i must manually download it to the sandboxed folder?
NO >>> what I'm saying is that the automatic sandboxing of downloaded files in Internet Explorer cannot work because there's no automatically pre-defined location for the downloads set in Internet Explorer settings. While there is in Firefox.
-
anything downloaded through ie is not auto sandboxed right??
-
anything downloaded through ie is not auto sandboxed right??
right, again because with IE downloads locations are chosen manually each time (for security reasons, which is funny for IE). How do you want to sandbox a download when you choose the download location yourself? :)
-
thats not good,you keep saying because of ie but sandboxie has no trouble dealing with ie and downloads.
-
Thanks for this topic. There's really a bug about downloads detection in the latest version; during rewriting hooking functions I've forgot for one check. So, in this avast build all downloaded files (saved by standard legitimate way) are not saved in the sandbox (which is done by default). All files created/downloaded with different ways are always virtualized, this remains.
Just to be clear: if the mentioned checkbox is checked, it does the following:
- changing your browser's settings becomes permanent
- bookmarks/cookies/history/... are saved on disk
- standard downloads are detected and the files are saved on disk outside the sandbox (this works for all browsers, even if you choose different location - so IE downloaded are detected as well; in fact, this also works for other applications than browsers, run e.g. Microsoft Paint and images will be stored outside sandbox as well)
-
Just to be clear: if the mentioned checkbox is checked, it does the following:
- changing your browser's settings becomes permanent
- bookmarks/cookies/history/... are saved on disk
- standard downloads are detected and the files are saved on disk outside the sandbox (this works for all browsers, even if you choose different location - so IE downloaded are detected as well; in fact, this also works for other applications than browsers, run e.g. Microsoft Paint and images will be stored outside sandbox as well)
What happens with addons updates?
-
What happens with addons updates?
Support for addons are not implemented yet, because it's not so easy: when you update addons/extensions, quite lot of files are changed (at least in FF browser). These changes can't be covered by some exception records and therefore we'll add more settings into GUI.
-
Thanks pk.
-
This is bit off topic but I was taught that I shouldn't use the phrase like below.
all downloaded files (saved by standard legitimate way) are not saved in the sandbox (which is done by default).
For this sentence can be interpreted in two ways:
1. any downloaded file (saved by standard legitimate way) is not saved in the sandbox (which is done by default). /no downloaded files (saved by standard legitimate way) are saved in the sandbox (which is done by default).
2. not all downloaded files (saved by standard legitimate way) are saved in the sandbox (which is done by default). e.g. All that glitters is not gold.
In any case, according to what pk wrote, I guess the first sentence is what he means here. In any case, the core problem here is that I couldn't figure out how the sandbox is supposed to work during my beta-testing stage. :-\
-
I'm missing some more info about this sandbox mode. A wiki, knowledge base or even forum thread would be nice.
It would be nice with some examples how to setup up proper sandbox mode for popular programs and what programs would be recommended to run sandboxed.
This sandbox feature seems to be a great product, but it feels a bit rough around the edges.
-
pk you mention a bug in this build.is the way the sandbox handles ie downloads going to be fixed or will it remain this way?i think if ie is runnin sandboxed then any download should not be saved to the real disc.
Thanks for this topic. There's really a bug about downloads detection in the latest version; during rewriting hooking functions I've forgot for one check. So, in this avast build all downloaded files (saved by standard legitimate way) are not saved in the sandbox (which is done by default). All files created/downloaded with different ways are always virtualized, this remains.
Just to be clear: if the mentioned checkbox is checked, it does the following:
- changing your browser's settings becomes permanent
- bookmarks/cookies/history/... are saved on disk
- standard downloads are detected and the files are saved on disk outside the sandbox (this works for all browsers, even if you choose different location - so IE downloaded are detected as well; in fact, this also works for other applications than browsers, run e.g. Microsoft Paint and images will be stored outside sandbox as well)
-
it's intended to work this way:
- if checkbox is checked: all files you download in browser are stored outside sandbox; if browsers use predefined download locations (FF/Opera/...) then these locations are excluded automatically from the sandbox; if you save a file to the own location (mainly IE) then it'll be saved outside the sandbox; this feature also works for other applications than browsers (e.g. MS Office, ...)
- if checkbox is unchecked: all downloads are stored in the sandbox
The checkbox controls only downloaded files, all other files created by a virtualized application are saved in the sandbox. The actual build saves all downloads outside the sandbox.
-
if its intended to work this way for ie whats the point in sandboxing ie when anything downloaded through it is not sandboxed?by the way i uncheck the ais setting(safe location and exclude)and it still saves the file to the real disc and i can install it with no problem,is it supposed to be this way?
-
it's intended to work this way:
- if checkbox is checked: all files you download in browser are stored outside sandbox; if browsers use predefined download locations (FF/Opera/...) then these locations are excluded automatically from the sandbox; if you save a file to the own location (mainly IE) then it'll be saved outside the sandbox; this feature also works for other applications than browsers (e.g. MS Office, ...)
- if checkbox is unchecked: all downloads are stored in the sandbox
The checkbox controls only downloaded files, all other files created by a virtualized application are saved in the sandbox. The actual build saves all downloads outside the sandbox.
Thanks, pk for the clarification.
if its intended to work this way for ie whats the point in sandboxing ie when anything downloaded through it is not sandboxed?by the way i uncheck the ais setting(safe location and exclude)and it still saves the file to the real disc and i can install it with no problem,is it supposed to be this way?
:-\ I thought my notebook, which I used for my beta-testing, couldn't cope with the firewall and sandbox functions since I felt they were not mature yet when Avast released them as non-beta versions. In fact, judging from some reviews and votes in third party sites, quite many people seem to be happy with them. Probably, we just belong to those unlucky users...
-
i think its ridiculous that when ie is sandboxed and i have the settings for downloads for safe location unchecked it still saves it to the system and can be installed.it is unuseable imo.my families pc found out the hard way (infected).
-
pk can you answer this one question for me? when i have ie set to always run sandboxed and have the option(settings)unchecked to detect safe location and exclude them remember i have it unchecked and download a file as of now i can save it and install it without any problems.is this going to change(get fixed)so that when i have that setting unchecked i cant save a download to the real system and wont be able to install it(when ie is sandboxed)?thanks
-
how about an answer to my previous post pk?
-
Hi Bri :)
Maybe I am missing something, but Peter already explained that this is a bug in the current version. As we know Alwil will release a new ( test ) build in a few days, and I expect it will be fixed than ;)
Greetz, Red.
-
just installed the pre release 5.0.492 and it seems fixed in ie thanks pk