Author Topic: Avast AutoSandbox  (Read 5120 times)

0 Members and 1 Guest are viewing this topic.

Offline Yoshi2889

  • Jr. Member
  • **
  • Posts: 27
Avast AutoSandbox
« on: January 08, 2013, 10:11:45 PM »
Hello!

This is not really a support request, I was more wondering what Avast! does when it automatically sandboxes an app.
Does it submit the executable to the database, or does it just submit data about it, or neither?

Thanks :)
Don't fix what ain't broken and in most cases don't break what ain't fixed.
Profile @ SMF / Intel Core i5 (2450M) / 8 GB RAM / 256 GB Samsung 830 SSD / Windows 7 / Avast! Free

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6713
  • Trust only what you test yourself!
Re: Avast AutoSandbox
« Reply #1 on: January 08, 2013, 11:41:49 PM »
The autosandbox is a place where suspicious program/files can run without possible infections to your computer.
GUI>Real-Time Shields>File System Shield>Expert Settings>Autosandbox>Ask or Auto.
Some users have theirs set to "auto" I have mine set to "ask". To each their own. The program "help" section will provide more information. 
The autosandbox does not submit any information for outside analysis. It's sole purpose is for the protection of the user.  :)
.
« Last Edit: January 08, 2013, 11:44:19 PM by Para-Noid »
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 741
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: Avast AutoSandbox
« Reply #2 on: January 10, 2013, 01:30:54 AM »
I was under the assumption that AutoSandbox does send information on sandboxed items to the cloud (avast! global whitelist / blacklist database in the cloud is the largest in the world), so it may know when file preveleance is high enough to no longer trip on that file.  I was also told it takes enough clicks, and this automatically occurs.  I was purposefully NOT told the required number of clicks, as that data was to pertinant to Organized Crime / terrorists (the bad guys)
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

Offline Yoshi2889

  • Jr. Member
  • **
  • Posts: 27
Re: Avast AutoSandbox
« Reply #3 on: January 10, 2013, 07:33:34 AM »
Okay, thanks for the information! :)
Don't fix what ain't broken and in most cases don't break what ain't fixed.
Profile @ SMF / Intel Core i5 (2450M) / 8 GB RAM / 256 GB Samsung 830 SSD / Windows 7 / Avast! Free

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: Avast AutoSandbox
« Reply #4 on: January 10, 2013, 08:18:59 AM »
Complete analysis of the autosandboxed application is done on user's computer. Autosandbox executes a suspicious process in the sandbox and logs every filesystem/registry operations, attempts to inject to different processes/modify system components/install hooks/create a network connections, etc etc. Avast has over 1500+ generic signatures in VPS up to this day (their prefixes are Dyna:, as you can see in VPS release history). One signature usually identifies various malwares, so one malware is also usually detected by several signatures (e.g. for disabling windows update/firewall, injection, etc). We receive only some statistics to see false positives, no. of autosandboxed processes, etc. Binary file is never uploaded to our servers.

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6713
  • Trust only what you test yourself!
Re: Avast AutoSandbox
« Reply #5 on: January 10, 2013, 03:33:43 PM »
Thanks for the clarification/confirmation.  :)
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline Yoshi2889

  • Jr. Member
  • **
  • Posts: 27
Re: Avast AutoSandbox
« Reply #6 on: January 10, 2013, 10:15:20 PM »
Okay, thanks for confirming this :)

I've flipped the mode to Ask, too. One of the programs I build in Visual Studio was crashing when Avast sandboxed it, even though it only did it once after which the program worked fine.

Plus I'd rather have information about the final product submitted to Avast, not from the builds which may have weird behavior (I'd rather not have my program blacklisted, hehe).

I do think it's a good feature though, it's unique and works very well in most cases :)
« Last Edit: January 10, 2013, 10:18:17 PM by Yoshi2889 »
Don't fix what ain't broken and in most cases don't break what ain't fixed.
Profile @ SMF / Intel Core i5 (2450M) / 8 GB RAM / 256 GB Samsung 830 SSD / Windows 7 / Avast! Free

Offline avast@@dvantage77.com

  • J.R. Guthrie - avast! Sales and Support Specialist
  • Avast Reseller
  • Advanced Poster
  • *
  • Posts: 741
  • the only avast! Distributor & Platinum Reseller
    • Advantage Micro Corporation
Re: Avast AutoSandbox
« Reply #7 on: January 10, 2013, 10:48:12 PM »
Dear P.K.,

Where is the File Prevalence / Reputation database?  How is it updated?  It is popping with the new version of Google Earth.  I think this program is in wide enough distribution to no longer be considered as "low".  If AutoSandbox is not sending the data, where does that File Prevalence data come from. Has this changed since I was at Prague?

Thanks,   J.R. Guthrie "AutoSandbox Guy"
Sincerely,
 
J.R. "AutoSandbox Guy" Guthrie

"At this point in time, the Internet should be regarded as an Enemy Weapons System!"

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6713
  • Trust only what you test yourself!
Re: Avast AutoSandbox
« Reply #8 on: January 10, 2013, 11:37:36 PM »
I've flipped the mode to Ask, too.

Use the proper caution if you set the autosandbox to "ask". IOW be careful about what you do"not" sandbox.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline Yoshi2889

  • Jr. Member
  • **
  • Posts: 27
Re: Avast AutoSandbox
« Reply #9 on: January 15, 2013, 07:51:46 PM »
I've flipped the mode to Ask, too.

Use the proper caution if you set the autosandbox to "ask". IOW be careful about what you do"not" sandbox.
Well, I've sandboxed everything but my own app until now.

As a side question (and probably off-topic, too), is Avast! safe to use on Windows 8 now?
I've purchased and upgraded to Win8 today and wondering if I could upgrade now without the BSOD issue. I'll be using the build-in Windows Defender in the meantime but I prefer Avast! for a great deal.
Don't fix what ain't broken and in most cases don't break what ain't fixed.
Profile @ SMF / Intel Core i5 (2450M) / 8 GB RAM / 256 GB Samsung 830 SSD / Windows 7 / Avast! Free