Author Topic: Can someone explain this to me(about sandbox)  (Read 16056 times)

0 Members and 1 Guest are viewing this topic.

vsub

  • Guest
Re: Can someone explain this to me(about sandbox)
« Reply #15 on: July 10, 2012, 01:35:23 PM »
Well,I know them but I also download new files and since it's not slowing down my pc,why shouldn't I set it that way.

I turn off the sandbox feature because of this problem...when I want sandbox,I'll either use my virtual pc which is set to not remember any changes when I turn it of or just rut the program in Sandboxie

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Can someone explain this to me(about sandbox)
« Reply #16 on: July 10, 2012, 01:36:33 PM »
Just curious...what exactly that have to do with how sandbox should suspecting programs if as thorough as possible scan don't find anything

Well, if your OS has unfixed holes, no AV can protect you and any troubleshooting is useless.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

vsub

  • Guest
Re: Can someone explain this to me(about sandbox)
« Reply #17 on: July 10, 2012, 01:40:34 PM »
I guess more than 6 years without any kind of malware problems is not enough proof that I don't need SP3

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Can someone explain this to me(about sandbox)
« Reply #18 on: July 10, 2012, 01:41:55 PM »
I guess more than 6 years without any kind of malware problems is not enough proof that I don't need SP3

Well, I won't discuss this with you, as it's up to you anyway. Good luck.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

vsub

  • Guest
Re: Can someone explain this to me(about sandbox)
« Reply #19 on: July 10, 2012, 01:46:30 PM »
So in the end,no answer why sandbox work that way...I guess it will continue to stay off

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5475
  • Whatever will be, will be.
Re: Can someone explain this to me(about sandbox)
« Reply #20 on: July 10, 2012, 02:00:22 PM »
So in the end,no answer why sandbox work that way...I guess it will continue to stay off
"normal scan" means FileSystem Sheild, Windows Explorer Scan etc. , and even if these scans find nothing, autosandbox could find something suspicious and sandbox these applications.

Why I ask about your applications origin is because Autosandbox is linked to FileRep cloud database, and if FileRep database does not have enough data about them, then autosandbox will kick in. So if your application are custom-made, they probably get sandboxed only due to that.
Autosandbox will also kick in if the files are executed from removable drive (USB sticks etc.).
Desktop: Win10 Pro 22H2 64bit / Core i5-7400 3.0GHz / 32GB RAM / Avast 23 Premium Beta(Icarus) / Comodo Firewall
Notebook: Win10 Pro 22H2 64bit / Core i5-3340M 2.7GHz / 12GB RAM / Avast 23 Free / Windows Firewall Control
Server: Win11 Pro 23H2 64bit / Core i3-4010U 1.7GHz / 12GB RAM / Avast One 23 Essential

Avast の設定について解説しています。よろしければご覧ください。

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Can someone explain this to me(about sandbox)
« Reply #21 on: July 10, 2012, 02:07:31 PM »
@ vsub
You need to understand that the AutoSandbox works in a different way to the other Shields as it is essentially trying to find new malware that would otherwise not be detected by conventional virus definitions.

####
The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn't had a definitive detection.

However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox. See image giving reasons why the autosandbox may intervene

~~~~
Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean and of course that you intentionally initiated the program.

So if you have lots of obscure uncommon applications you will get autosandbox interventions - you should set the autosandbox mode to Ask, that way you can select run normally and remember - it won't take long before those regularly used programs are excluded from autosandbox intervention.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

vsub

  • Guest
Re: Can someone explain this to me(about sandbox)
« Reply #22 on: July 10, 2012, 02:12:05 PM »
I tough it could be that but Cloud Service=>Reputation Service is disabled and I have this problem since the Sandbox feature appeared in Avast 6(filerep is since avast 7)

Edit:
The sandbox mode is set to ask
Static analysis... - scanning the file...isn't it the same as enabling from FS code emulation and scan on execute

The file prevalence\reputation - fire rep service is disabled...I don't need this,I know what I'm downloading.

The file origin/sorce is susspicion - well is it susspicions to run it from program files or the windows folder(run it from where the program is installed)

The file is executed from remote/removavle media - everything is from my hdd and I don't run any progams from USB

Generic heuristic/suspicios content - FS and custom scan have those set to High and they don't say anything
« Last Edit: July 10, 2012, 02:22:23 PM by vsub »

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5475
  • Whatever will be, will be.
Re: Can someone explain this to me(about sandbox)
« Reply #23 on: July 10, 2012, 02:25:45 PM »
Static analysis... - scanning the file...isn't it the same as enabling from FS code emulation and scan on execute

The file prevalence\reputation - fire rep service is disabled...I don't need this,I know what I'm downloading.

The file origin/sorce is susspicion - well is it susspicions to run it from program files or the windows folder(run it from where the program is installed)

The file is executed from remote/removavle media - everything is from my hdd and I don't run any progams from USB

Generic heuristic/suspicios content - FS and custom scan have those set to High and they don't say anything

Even File System Shield does not show any alert, there could be some detections inside, just not reached to minimum alert level.
Once alert level reaches to "Sandbox" level applications will be sandboxed, but level does not reaches to "Detection" level no File System Shiled alert appears.


(High alert level)

Malicious (alert appears, moved to chest etc.)

---(maximum heuristics level)

Suspicious (get sandboxed, no alert)

---

Innocent (no sandbox, no alert)

(Low alert level)
« Last Edit: July 10, 2012, 02:31:51 PM by NON »
Desktop: Win10 Pro 22H2 64bit / Core i5-7400 3.0GHz / 32GB RAM / Avast 23 Premium Beta(Icarus) / Comodo Firewall
Notebook: Win10 Pro 22H2 64bit / Core i5-3340M 2.7GHz / 12GB RAM / Avast 23 Free / Windows Firewall Control
Server: Win11 Pro 23H2 64bit / Core i3-4010U 1.7GHz / 12GB RAM / Avast One 23 Essential

Avast の設定について解説しています。よろしければご覧ください。

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88899
  • No support PMs thanks
Re: Can someone explain this to me(about sandbox)
« Reply #25 on: July 10, 2012, 03:11:40 PM »
@ vsub
You say you have all shields set to as paranoid as possible (when your OS is vulnerable by being out of date), yet here you are essentially wanting to disable elements of the autosandbox function. I can't understand that.

Also it appears that you have a preconceived opinion of the autosandbox and despite what others have said or tried to explain what the autosandbox does/how it works you still hold to that opinion, so I'm not sure why you asked the question or are we all missing something here.

So for me also, I will bow out on this one.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

vsub

  • Guest
Re: Can someone explain this to me(about sandbox)
« Reply #26 on: July 10, 2012, 03:30:02 PM »
I want to use the sandbox but suspecting almost every program that I try to run at random is both annoying and weird.

Will you still have it enabled if it works that way to you?
First nothing and then suddenly,it is suspicious or the other way around.

What's the point of it if I have to add to the exclude list every program that I use.
Sometimes it wont say anything,other time it will suspect my programs after restarting windows or rerun them again...without changing anything or updating the virus database

Just an example...tell me what this program have that avast suspect it
http://shii.org/tclock/
The virustotal result is 0/42

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Can someone explain this to me(about sandbox)
« Reply #27 on: July 10, 2012, 03:38:26 PM »
I want to use the sandbox but suspecting almost every program that I try to run at random is both annoying and weird.

Will you still have it enabled if it works that way to you?

That's exactly where the problems start, as nobody here uses XP SP2. ::)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Can someone explain this to me(about sandbox)
« Reply #28 on: July 10, 2012, 04:27:34 PM »
I guess more than 6 years without any kind of malware problems is not enough proof that I don't need SP3

Actually, no.  There's just too many vulnerability patches included in SP3.  See
List of fixes that are included in Windows XP Service Pack 3 http://support.microsoft.com/kb/946480.  Beyond that, you are also missing all the vulnerability patches that have been released by Microsoft to Automatic updates on July 10, 2008 since then.  WinXP SP2 is a veritable sieve of an OS compared to a fully updated WinXP SP3, which by the way is still being supported with security patches.  No OS is completely free of security risks, but there is no reason to stay with an OS with so many known vulnerabilities.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

cooby

  • Guest
Re: Can someone explain this to me(about sandbox)
« Reply #29 on: July 10, 2012, 05:19:52 PM »
Vsub,
see old post#7 here
http://forums.zonealarm.com/showthread.php?t=72599
Tclockx is safe, but since uses DDE Avast's caution is warranted IMO.