Author Topic: Avast sandbox BSOD (Read 2060 times)

REDACTED · « **on:** May 04, 2018, 01:20:00 PM »

I'm a developer working in Python, which often causes Avast's 15 second sandbox (free version) to scan some of my package entrypoints. An entrypoint is an .exe file python/setuptools creates to enable users to start a specific script from the commandline. This is normally ok, and can be canceled when I know I trust it, but there is a special case that causes the sandbox to BSOD Windows: If the entry point calls Python's standard library functions for opening a browser to a specific URL (in a new thread), then a new tab will be opened in my already open instance of Firefox. Upon completion (or close to completion) of the sandbox scan, a blue screen will appear, and the OS will restart.

The python code in question:

Code: [Select]

import webbrowser
import threading

browser = webbrowser.get()

def launch_browser():
    browser.open(url, new=2)

threading.Thread(target=launch_browser).start()

I can submit a minidump, but an initial analysis says that it is firefox.exe that is the failing process, but aswSnx.sys is also involved. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

REDACTED · « **Reply #1 on:** May 04, 2018, 01:21:42 PM »

Other relevant info:
Windows version: 10.0.16299.371 (WinBuild.160101.0800)
Avast version: 18.3.3860.316
Firefox version: 59.0.3

REDACTED · « **Reply #2 on:** May 04, 2018, 01:25:30 PM »

And to be clear: If I am able to cancel the sandbox scan before the browser url is launched, the BSOD is avoided.

Asyn · « **Reply #3 on:** May 04, 2018, 01:36:51 PM »

As you're a developer, read here...

-> https://support.avast.com/article/229/
-> https://support.avast.com/article/228/

Alikhan · « **Reply #4 on:** May 04, 2018, 01:39:55 PM »

This sounds it is DeepScreen that is causing the issue. You'll need to upload a dump before I can get this escalated to an Avast dev.

You can follow Asyn link to get your files whitelisted so DeepScreen will not scan your entrypoints.

REDACTED · « **Reply #5 on:** May 04, 2018, 03:11:56 PM »

Quote from: Alikhan on May 04, 2018, 01:39:55 PM

This sounds it is DeepScreen that is causing the issue. You'll need to upload a dump before I can get this escalated to an Avast dev.

What are the routines for uploading the dump? I've seen ftp://ftp.avast.com/incoming/ around in search results before, but I'm not sure what the usage pattern is (filename, how to tie back to discussion here, etc).

Asyn · « **Reply #6 on:** May 04, 2018, 03:15:38 PM »

Quote from: aboratt on May 04, 2018, 03:11:56 PM

What are the routines for uploading the dump? I've seen ftp://ftp.avast.com/incoming/ around in search results before, but I'm not sure what the usage pattern is (filename, how to tie back to discussion here, etc).

Pick a unique name (and post it here), so the devs can find it. Thanks

REDACTED · « **Reply #7 on:** May 04, 2018, 03:37:22 PM »

I uploaded the file according to this guide: https://support.avast.com/en-eu/article/FTP-file-upload
I followed its recommendation of using my email as the filename (but I'd prefer to not post that openly). Hopefully the devs can see my email from my forum profile?

Asyn · « **Reply #8 on:** May 04, 2018, 03:53:41 PM »

Quote from: aboratt on May 04, 2018, 03:37:22 PM

Hopefully the devs can see my email from my forum profile?

Sure.

Spec8472 · « **Reply #9 on:** May 04, 2018, 06:15:08 PM »

Hi Aboratt, the issue is already fixed internally, thank you for reporting.

Author Topic: Avast sandbox BSOD (Read 2060 times)

REDACTED

Avast sandbox BSOD

REDACTED

Re: Avast sandbox BSOD

REDACTED

Re: Avast sandbox BSOD

Asyn

Re: Avast sandbox BSOD

Alikhan

Re: Avast sandbox BSOD

REDACTED

Re: Avast sandbox BSOD

Asyn

Re: Avast sandbox BSOD

REDACTED

Re: Avast sandbox BSOD

Asyn

Re: Avast sandbox BSOD

Spec8472

Re: Avast sandbox BSOD