Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Yoshi2889 on January 08, 2013, 10:11:45 PM
-
Hello!
This is not really a support request, I was more wondering what Avast! does when it automatically sandboxes an app.
Does it submit the executable to the database, or does it just submit data about it, or neither?
Thanks :)
-
The autosandbox is a place where suspicious program/files can run without possible infections to your computer.
GUI>Real-Time Shields>File System Shield>Expert Settings>Autosandbox>Ask or Auto.
Some users have theirs set to "auto" I have mine set to "ask". To each their own. The program "help" section will provide more information.
The autosandbox does not submit any information for outside analysis. It's sole purpose is for the protection of the user. :)
.
-
I was under the assumption that AutoSandbox does send information on sandboxed items to the cloud (avast! global whitelist / blacklist database in the cloud is the largest in the world), so it may know when file preveleance is high enough to no longer trip on that file. I was also told it takes enough clicks, and this automatically occurs. I was purposefully NOT told the required number of clicks, as that data was to pertinant to Organized Crime / terrorists (the bad guys)
-
Okay, thanks for the information! :)
-
Complete analysis of the autosandboxed application is done on user's computer. Autosandbox executes a suspicious process in the sandbox and logs every filesystem/registry operations, attempts to inject to different processes/modify system components/install hooks/create a network connections, etc etc. Avast has over 1500+ generic signatures in VPS up to this day (their prefixes are Dyna:, as you can see in VPS release history). One signature usually identifies various malwares, so one malware is also usually detected by several signatures (e.g. for disabling windows update/firewall, injection, etc). We receive only some statistics to see false positives, no. of autosandboxed processes, etc. Binary file is never uploaded to our servers.
-
Thanks for the clarification/confirmation. :)
-
Okay, thanks for confirming this :)
I've flipped the mode to Ask, too. One of the programs I build in Visual Studio was crashing when Avast sandboxed it, even though it only did it once after which the program worked fine.
Plus I'd rather have information about the final product submitted to Avast, not from the builds which may have weird behavior (I'd rather not have my program blacklisted, hehe).
I do think it's a good feature though, it's unique and works very well in most cases :)
-
Dear P.K.,
Where is the File Prevalence / Reputation database? How is it updated? It is popping with the new version of Google Earth. I think this program is in wide enough distribution to no longer be considered as "low". If AutoSandbox is not sending the data, where does that File Prevalence data come from. Has this changed since I was at Prague?
Thanks, J.R. Guthrie "AutoSandbox Guy"
-
I've flipped the mode to Ask, too.
Use the proper caution if you set the autosandbox to "ask". IOW be careful about what you do"not" sandbox.
-
I've flipped the mode to Ask, too.
Use the proper caution if you set the autosandbox to "ask". IOW be careful about what you do"not" sandbox.
Well, I've sandboxed everything but my own app until now.
As a side question (and probably off-topic, too), is Avast! safe to use on Windows 8 now?
I've purchased and upgraded to Win8 today and wondering if I could upgrade now without the BSOD issue. I'll be using the build-in Windows Defender in the meantime but I prefer Avast! for a great deal.