Author Topic: Question about AutoSandbox in v6.0.1000  (Read 4005 times)

0 Members and 1 Guest are viewing this topic.

Offline MHJ

  • Jr. Member
  • **
  • Posts: 39
  • yea that's me
Question about AutoSandbox in v6.0.1000
« on: March 07, 2011, 11:21:14 AM »
Hi,

i am using the latest version 6.0.1000 of avast Free Edition and want to know, if the AutoSandbox is making it's decisions based on behaivor only or also based on some sort of whitelists that are included in the virus-db updates?

i am using the latest version of Gene6 FTP Server Professional (http://www.g6ftpserver.com/en/home) and the AutoSandbox asks me if i want to load it in Sandbox or normal mode, which i find very annoying, even though i can just add it to the exception list and start it normally. i would rather use the auto mode on the sandbox so i don't get bothered every time and let potential harmful programs run temporaly sandboxed, send it to avast av-labs automatically and in the next db-update (after the program was cleared from being harmful), the program gets recognized and removed from sandbox mode.

is this already the case or will it be implemented in the future?
« Last Edit: March 07, 2011, 11:25:22 AM by MHJ »
if you were ever infected by a virus... you are not alone

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: Question about AutoSandbox in v6.0.1000
« Reply #1 on: March 07, 2011, 01:11:27 PM »
Behavior, not withelists at all.
Corrections are done by virus definitions update.
Not all the files are uploaded and analyzed and it is avast, not the user, who controls which files will be uploaded.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83348
  • No support PMs thanks
Re: Question about AutoSandbox in v6.0.1000
« Reply #2 on: March 07, 2011, 04:25:31 PM »
@ MHJ
Are you not checking the Remember my answer for this program, see image ?
That should effectively be setting an exclusion.

I have the auto-sandbox set to Ask and it has that 'Remember my answer for this program' in the alert screen, and clicking that option in the alert adds the entry to the auto-sandbox exclusions, see example image2.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.5.2415 (build 20.5.5410.561) UI-1.0.532/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline sded

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1718
  • Me llamo Ed
Re: Question about AutoSandbox in v6.0.1000
« Reply #3 on: March 07, 2011, 04:34:43 PM »
AutoSandbox is actually controlled by File System Shield, per discussion by Igor at http://forum.avast.com/index.php?topic=72517.msg604738#msg604738 :)
Windows 7 x64HP-SP1-No UAC, Opera 11.51, Avast! Internet Security 6.0.128, Webroot SecureAnywhere latest beta, Windows FW off, MVPS HOSTS, SAS/MBAM offline, Macrium Reflect just in case ;)

Offline MHJ

  • Jr. Member
  • **
  • Posts: 39
  • yea that's me
Re: Question about AutoSandbox in v6.0.1000
« Reply #4 on: March 07, 2011, 10:08:51 PM »
@ MHJ
Are you not checking the Remember my answer for this program, see image ?
That should effectively be setting an exclusion.

I have the auto-sandbox set to Ask and it has that 'Remember my answer for this program' in the alert screen, and clicking that option in the alert adds the entry to the auto-sandbox exclusions, see example image2.

yes i have, but i simply don't like it. Maybe it's just me but i don't feel more secure with a sandbox now. that's why i disabled it completly. why would the sandbox even react to a ftp server that is around already for so many years? i can't see a reason for that. if it reacts to every application that leaves a port open, what ftp servers usually do ::), many people will have a sandbox alert due to nothing bad, aka for no reason.

i think that the sandbox with it's current limitations is really a useless feature because now there will be millions of unneeded warnings floating around to like millions of users just because they use a ftp server. that's just producing unwanted hysteria.

my point is even if i add this ftp server to the exception list, what sense does it have if i switch ftp servers in the future and every time i do that or something similar there's a sandbox alert again? it simply doesn't make me feel more secure.

if you were ever infected by a virus... you are not alone

doktornotor

  • Guest
Re: Question about AutoSandbox in v6.0.1000
« Reply #5 on: March 07, 2011, 10:12:32 PM »
yes i have, but i simply don't like it. Maybe it's just me but i don't feel more secure with a sandbox now. that's why i disabled it completly. why would the sandbox even react to a ftp server that is around already for so many years? i can't see a reason for that. if it reacts to every application that leaves a port open, what ftp servers usually do ::), many people will have a sandbox alert due to nothing bad, aka for no reason.

IIRC, even Windows firewall reacts if you run an application that behaves like a server for the first time. Installing servers is not something users do on their desktop boxes all the time. Other than that, read the article I have linked.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83348
  • No support PMs thanks
Re: Question about AutoSandbox in v6.0.1000
« Reply #6 on: March 07, 2011, 11:02:28 PM »
<snip>
yes i have, but i simply don't like it. Maybe it's just me but i don't feel more secure with a sandbox now. that's why i disabled it completly. why would the sandbox even react to a ftp server that is around already for so many years? i can't see a reason for that. if it reacts to every application that leaves a port open, what ftp servers usually do ::), many people will have a sandbox alert due to nothing bad, aka for no reason.

Something that has been around for years doesn't really make that much difference as I'm shure there is no parameter as to how long a program has been around, if it is even known. If the file was digitally signed (probably not if it has been around for years) then that would possibly be one criteria to suggest the sandbox along with others. We don't know if it leaving a port open or not would be one of the parameters considered.

i think that the sandbox with it's current limitations is really a useless feature because now there will be millions of unneeded warnings floating around to like millions of users just because they use a ftp server. that's just producing unwanted hysteria.

That is the whole reason why you should keep it enabled and use the remember my answer in conjunction with fact you want it run normally, as that information is likely to be transmitted using the avast Community function if you have it enabled.

my point is even if i add this ftp server to the exception list, what sense does it have if i switch ftp servers in the future and every time i do that or something similar there's a sandbox alert again? it simply doesn't make me feel more secure.

If everyone abandoned the auto-sandbox who would the myriad of different applications out there be recognised.

With it disabled the day that you actually need it, then it isn't there to provide that extra security.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.5.2415 (build 20.5.5410.561) UI-1.0.532/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline MHJ

  • Jr. Member
  • **
  • Posts: 39
  • yea that's me
Re: Question about AutoSandbox in v6.0.1000
« Reply #7 on: March 08, 2011, 12:41:03 AM »
Quote

That is the whole reason why you should keep it enabled and use the remember my answer in conjunction with fact you want it run normally, as that information is likely to be transmitted using the avast Community function if you have it enabled.

ok thanks for this answer because that is a good reason to use it then, and basicly what i was asking in the first place.

threat is fine to get closed now
if you were ever infected by a virus... you are not alone

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83348
  • No support PMs thanks
Re: Question about AutoSandbox in v6.0.1000
« Reply #8 on: March 08, 2011, 02:05:01 AM »
You're welcome.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.5.2415 (build 20.5.5410.561) UI-1.0.532/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro