Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Anacunga on May 08, 2012, 04:39:59 PM
-
ImgBurn is one of the most sophisticated CD-burner-softwares - why are you running in the sandbox - and as it is using hardware (CD-burner), it does not work at all when run in the sandbox. Why???
-
so click the " run normal " option and remember my answer
did that help?
-
No - that does not help; it alwas comes again telling that it will run in the sandbox - even if you tell to run normally! It is necessary to make three (3!) exclusions to make it run: in main settings, in sandbox settings and in file system shield settings. And that's quite exaggerated for a known CD-burner software!
Similar problem with DivX Player ...
-
Have you set the AutoSandbox mode to Ask (which should be the default action) ?
This allows you to select Open Normally and the remember my answer for this program (as Pondus mentioned) and works as expected on my system.
-
Yes, I did - and again: yes, I did - but even when declaring "run normally" and "remember the setting" it did not and was not only asking again - it was always shot down before fully having loaded - so it did not run at all; even when having declared "run normally" and "remember" ...
-
I have IMGBurn but I haven't used it for some considerable time, so I ran it and as expected (from your post) it was intercepted (image1). I selected Open normally and remember my answer for this program, this allowed IMGBurn to run normally.
I then closed it and ran it again and my decision/answer was remembered and it opened normally (image2 & extract of autosandbox log image3), so I'm at a bit of a loss as to what is happening on your system.
Check the C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\log\autosandbox.log (XP), C:\ProgramData\AVAST Software\Avast\log\autosandbox.log (Vista, win7) and see if there are corresponding entries like mine in image3 ?
Also check, C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\avast5.ini file using notepad and look at the AutoSandboxExcludedList= line and see if the C:\Program Files\ImgBurn\ImgBurn.exe has been entered ?
If neither of the above have entries for imgburn.exe then you could try manually entering it in the autosandbox, settings, Files that will be excluded from automatic sandboxing.
-
@Anacunga, can you please copy&paste your exclusions set for ImgBurn? (or screenshot)
Thanks.
-
Sorry, I can't copy&paste it as it is not on one of my machines that I have here. But as said: it needed three exclusions, then I could run it. I excluded for all three the ImgBurn.exe application residing in the ImgBurn folder of the programs folder. Same thing with DivX - what really wondered me - why was that considered as suspicious?
Btw: I have to confess that I would not exclude that the affected PC could be infected by any strange malware ... but I would wonder if - as I know that AVAST is really a good protection. Or could SpyBot-S&D damage applications?
-
if you have spybot i would replace it with malwarebytes......spybot once a good program...but not with the malware of today
spybot release a small update a week..... malwarebytes have 5 - 10 updates a day
-
I have the auto sandbox on ask, it flagged ImgBurn, I told it to run normally and remember the answer. It created ONE exclusion automatically for the .exe and never alerted again. If it's not behaving that way then something else is wrong.
-
Well I have ImgBurn in my AutoSandbox exclusion list...
-
OK, that's leading back to my main question: WHY is ImgBurn considered as "potentially malicious"?
-
OK, that's leading back to my main question: WHY is ImgBurn considered as "potentially malicious"?
A question for the Super Sirmer (our virus lab man) :)
-
OK, that's leading back to my main question: WHY is ImgBurn considered as "potentially malicious"?
That is a good question since in Avast 6, it wasn't. I suspect is has something to do with the new file rep system and maybe even the beefed up behavior shield.
-
Coincidentally I just felt like using another back up tool and it was considered Suspicious by the Behavior Shield. Which popped up asking to allow or deny it.
InfraRecorderPortable
Which can be found at PortableApps DOT COM if anyone wants to test it out. It is posted for free. For whatever reason it seems to ask randomly when freshly installed to a folder with a different name.
It is a popular site and I have been using the software for awhile with out avast ever showing that, that I can remember. I assume it is considered safe, but I thought I would mention it here as I think it is similar perhaps to the original posters topic.
Feel free to pm me if anyone else thinks it is a false positive...that is, if you know it is.
-
There is a big potential problem with false positives with a non-malicious main purpuse if they need to be excluded manually: they get a free-pass for almost anything - opening a door for real malicious stuff (coming as a parasite). So I consider it as VERY IMPORTANT that AVAST is taking these problems serious.
And please consider: for the same reason it is important that PUPs are not treated the same way as real malware. Using something like Nir Sofer's password recovery tools sometimes is not only necessary, but also allowed if the legitimate user needs them to recover his own lost passwords. Blocking them by default settings is one thing - but if you would need to manually disable protection (just to use them) they could be infected by malicous other stuff and could do harm. And that has to be avoided.
-
exclusions in autosandbox is safe as long as the program ur excluding is 100% safe.
any malware trying to use a well known process/safe application within windows will still be monitored by all shields including autosandbox (which is dependent on file system, behaviour, web shield for its analysis) as it is a separate executable from the excluded executable.
note that PUP is not enabled by default in all shields. yes PUPs can be used for both good and bad intentions.
there is absolutely no need to disable any protection. just uncheck PUP for all shields.
any malicious program trying to inject stuff or whatever into PUPs or common safe programs in windows will be monitored 1st by avast. so avast will be able to offer maximum protection no matter if u exclude PUPs detection or exclude programs from being sandboxed.