Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: 13N on March 16, 2011, 09:32:43 PM

Title: a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)
Post by: 13N on March 16, 2011, 09:32:43 PM
Hi,
avast seems to have problems containing TDL, the MBR or drivers are infected despite the dropper being run in the sandbox.
This has been the case since v5 got out and there don't seem to be any improvements in the sandbox in that regard.
I appreciate that there are other modules protecting me (like BS), but the sandbox should be capable of managing this on its own.
Tested with the latest 1027 Pre-release.
I can provide droppers/MD5s if necessary (although I haven't found a single TDL dropper that is successfully contained.)
Title: Re: a! sandbox bypassed by TDL3/4
Post by: 13N on March 17, 2011, 01:58:08 PM
(bump)
I forgot to mention that I've tested on 32bit XP only, I can't say anything about TDL4@64bit.
I'd appreciate if I can get a confirmation that this is a known issue.
Title: Re: a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)
Post by: 13N on March 24, 2011, 01:04:39 PM
Just wanted to inform everyone that I can confirm the issue is fixed with 1044
Quote
- improvements in the avast! sandbox (better TDL shielding etc)
Thanks to avast team, especially Petr Kurtin who contacted me over email. :)
Title: Re: a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)
Post by: Lisandro on March 24, 2011, 01:25:35 PM
Thanks 13N for testing that and allowing protection to all users.
Do you have any other sample that "bypasses" the avast sandbox?
Title: Re: a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)
Post by: 13N on March 24, 2011, 10:07:49 PM
I haven't done extensive tests so far, just with TDL because I remember it was a problem with previous versions.
I'll post if I find anything else worth reporting. :)
Title: Re: a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)
Post by: Lisandro on March 25, 2011, 02:23:37 AM
I haven't done extensive tests so far, just with TDL because I remember it was a problem with previous versions.
I'll post if I find anything else worth reporting. :)
Thanks again!