Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: zron on March 20, 2010, 05:36:42 PM

Title: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
Post by: zron on March 20, 2010, 05:36:42 PM

Good Afternoon ! I'm using Avast Pro 5.0 so far very satisfied with it's performance ! But being a newbie in utilizing the Virtualization Process i'm wondering how exactly it performs. I'm using Firefox 3.6 and when I entered into Virtualization I noticed a thin red strip around the perimeter of Firefox,does this indicate it's activated ? And as a footnote I tried entering I.E.8 but it wouldn't accept it. I'm using Windows 7. Could this be the reason ? Sincerely...Zron   

Title: Re: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
Post by: Lisandro on March 20, 2010, 07:37:44 PM

Yes, the red border indicates virtualization.

Title: Re: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
Post by: baugmo on March 20, 2010, 11:52:24 PM

My question is more like the topic title. I know what the red border means, and I know what virtualization means, but what does it mean in this context? I ran Firefox "virtualized" and couldn't tell any difference. For example when I downloaded a file it showed up in my download folder normally. What exactly is isolated?

Title: Re: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
Post by: pk on March 21, 2010, 12:28:02 AM

Quote

What exactly is isolated?

All file-system changes done by a sandboxed application are virtualized (these modified files are stored in the hidden folder in root: "\## aswSnx private storage"). The folder can be visible if you set HideTarget=0 in "%avast data folder%\snx_lconfig.xml" file. File changes are cached in memory, so any unapproved file modifications in this hidden folder may lead to "undefined" state. I think these attempts are also blocked by our driver (not sure right now). All registry changes are also virtualized (see "HKEY_CURRENT_USERS\__aswSnx private storage" hive), all named objects (events, sections, ...) are virtualized (download winobj.zip (http://download.sysinternals.com/Files/WinObj.zip) to see Windows Object Manager namespaces), in-process communication (LPC/ALPC) is virtualized. Process/Thread/... modifications are blocked or limited. Windows names/classes/SCM/WinHooks will be virtualized in next version.

Avast sandbox uses pre-defined exceptions for the most browsers (see snx_gconfig.xml), i.e. bookmarks/cookies/history are excluded automatically from the virtualization and everything you'll download (by standard way, e.g. by using SaveAs dialogs, ...) are also excluded. However, every file which would be saved by malware is virtualized. We plan to add more options into expert settings in upcoming versions.

Title: Re: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
Post by: baugmo on March 21, 2010, 01:11:05 AM

<profanity suppressed>!

Wow! (that'll have to do)

Benefits of virtualization w/o the PITA, transparently. Very like.

I just bought a two year license for AIS.

Thanks pk. Good answer! Quick too.

--
     Baugmo

Title: Re: Virtualization in Avast Pro 5.0-How Exactly Does It Work ?
Post by: Rednose on March 21, 2010, 01:33:05 AM

Heya Peter :)

Any idea when we can expect an update my friend ??? Also because of the issue with downloading files if you uncheck "Automatically detect safe locations and exclude them from virtualization" ;)

Greetz, Red.