Watch Folders

[ibell63]

Hi everyone,

I absolutely love the approach avast takes to detecting malware as soon as possible with the system of shields it has and I think that's a great way to manage resident scanning, but one thing that I've noticed is that there appears to be no "Watch Folder" sort of feature.  Am I wrong?

This is one feature that seems to be missing that I would love to have.  I use sandboxie to sandbox my browser and I would love to be able to tell avast to watch the folder that all the files used in the sandbox are located, not because it will prevent infection, but just so I know that an infected file existed in the sandbox folder before it gets deleted when I terminate the browser.

Does anyone else think being able to specify watch folders is a good feature to request?

[DavidR]

Well avast is an on-access scanner so in theory it is 'watching all folders.' If a file is accessed, modified or created, etc. then depending on the file type (those at risk of infection) would be scanned.

[ibell63]

Thanks for the reply, I understand the way the file system shield works and I realize it has this functionality.

What I want however, is for avast to watch a folder for changes and scan any files that get changed or added in that folder, regardless of whether or not files in it are executed or not.  Maybe this is redundant, but I think it would be useful in my case where only files related to the current browsing session are stored in a temporary folder, and these files *should* never get executed outside of the sandbox, and even if they don't get executed, I still want to know if infected files did exist, so I am more aware of malicious websites and such things.

[DavidR]

As far as I'm aware there is no specific function that you describe.

I would have that sort of thing would be down to the sandbox not to have files execute outside of it.

Now the avast Pro version, part of AIS, has a sand box function (don't know if a sandbox function would work within a sandbox) where you can choose to run a program sandboxed on a one off or permanent basis.

I thought browsing within something like sandboxie didn't allow browsers to store files in the permanent browser cache, so as such they should only be run in the sandbox...

Sorry I can't be more helpful as I don't use AIS nor do I use a sandbox program I have never felt the need on my system.

[ibell63]

Thanks for the reply.

FYI, I am an avast5 free user.  Also, I don't perticularly like avast's way of handling sandboxing, which is one of the reasons why I don't have the paid AV, and I prefer sandboxie.  However, I think providing a sandboxing feature is a step in the right direction, and alwil has made many steps in the right direction lately.

Also, about the permanent browser cache, sandboxie can be configured to allow your browser to have direct access to the normal cookies, history, and bookmarks, and presumably cache databases.

[DavidR]

That is the problem when you allow outside access you allow the potential for infection of the non sandboxed area.

This is another reason why sandboxing isn't for me as on dial-up I need all the help I can get from a browser cache and circumventing the sandbox kind of flies in the face of using a sandbox in the first place.

[Sesame]

What I want however, is for avast to watch a folder for changes and scan any files that get changed or added in that folder, regardless of whether or not files in it are executed or not.  Maybe this is redundant, but I think it would be useful in my case where only files related to the current browsing session are stored in a temporary folder, and these files *should* never get executed outside of the sandbox, and even if they don't get executed, I still want to know if infected files did exist, so I am more aware of malicious websites and such things.

I wonder if I was able to understand what you want to do.  However, since Sandboxed files are not concealed, they can be scanned by File System Shield.  So, as DavidR pointed out, for me, it seems to me that all depends on the setting for File System Shield.  Alternatively, you can perform on demand scan to the sandboxed folder.  In any case, as long as you don't keep the files, I don't think there are problems.  For, immediate threats such as excutable files are to be dealt with File System Shield by default.