Avast WEBforum
Other => Viruses and worms => Topic started by: Vladimyr on April 13, 2011, 12:31:19 PM
-
Had to allow both the 8.3 and full name of 'Muse At Wembley.scr'
See attached pic.
-
for what this...?????????
-
Well technically there is no FP in the auto sandbox as it isn't saying that it is infected, or the file system shield (which hands off to the auto sandbox) would have alerted. Al that ii is saying is that it meets a set of criteria in which it is considered suspicious(no digital signature, location, etc. etc.).
Since it also offers the choice of running in the sandbox or declining the offer, run it normally and remember the choice for this program, if the user is happy, what is the problem ?
The problem being you have compounded the issue by having set the auto-sandbox to Ask (I have too) not Auto, so you don't know if it might have let it run or not.
-
Rest easy David. Neither you or I have "compounded the issue". The Autosandbox default is "Ask" on every install I've done. Seems I do need to explain further though.
This is my own machine which had been running for some hours. 'Muse At Wembley.scr' has been my screensaver for over a year, set to start after 7 minutes of inactivity then the monitor switches off after 15 minutes. I heard the avast! definition update anouncement then a few minutes later the autosandbox dialog appeared, first for the 8.3 name, immediately followed by another for the full name.
My concern isn't whether or not I allow it to run sandboxed, but why it is suddenly detected as suspicious.
-
I'm confused, I'm sure that I set it to Ask from the default Auto after doing clean installed after the first round of 6.0.x beta builds. I think it was the same for the behaviour shield in the beta builds.
So I'm not sure if this is only because you haven't done a clean install as the new default is Auto. If you had a previous beta version then the default was Ask in its early days. Updates retained your existing settings.
Since the file system shield is what hands it off to the sandbox something may have changed in the signatures and engine for the conditions of what is deemed suspicious (behavioural/heuristic rules, etc.).