Author Topic: sandbox part  (Read 8807 times)

0 Members and 1 Guest are viewing this topic.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: sandbox part
« Reply #15 on: March 11, 2010, 03:37:14 PM »
are you saying that if i have ie set to always run sandboxed and i download a file i must manually download it to the sandboxed folder?

NO >>> what I'm saying is that the automatic sandboxing of downloaded files in Internet Explorer cannot work because there's no automatically pre-defined location for the downloads set in Internet Explorer settings. While there is in Firefox.
w7 - ais7

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 684
  • U.S.A
Re: sandbox part
« Reply #16 on: March 11, 2010, 04:03:50 PM »
anything downloaded through ie is not auto sandboxed right??

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9441
Re: sandbox part
« Reply #17 on: March 11, 2010, 04:07:20 PM »
anything downloaded through ie is not auto sandboxed right??
right, again because with IE downloads locations are chosen manually each time (for security reasons, which is funny for IE). How do you want to sandbox a download when you choose the download location yourself?  :)
« Last Edit: March 11, 2010, 04:11:29 PM by Logos »
w7 - ais7

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 684
  • U.S.A
Re: sandbox part
« Reply #18 on: March 11, 2010, 04:14:04 PM »
thats not good,you keep saying because of ie but sandboxie has no trouble dealing with ie and downloads.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: sandbox part
« Reply #19 on: March 11, 2010, 05:28:24 PM »
Thanks for this topic. There's really a bug about downloads detection in the latest version; during rewriting hooking functions I've forgot for one check. So, in this avast build all downloaded files (saved by standard legitimate way) are not saved in the sandbox (which is done by default). All files created/downloaded with different ways are always virtualized, this remains.

Just to be clear: if the mentioned checkbox is checked, it does the following:
- changing your browser's settings becomes permanent
- bookmarks/cookies/history/... are saved on disk
- standard downloads are detected and the files are saved on disk outside the sandbox (this works for all browsers, even if you choose different location - so IE downloaded are detected as well; in fact, this also works for other applications than browsers, run e.g. Microsoft Paint and images will be stored outside sandbox as well)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: sandbox part
« Reply #20 on: March 11, 2010, 08:46:37 PM »
Just to be clear: if the mentioned checkbox is checked, it does the following:
- changing your browser's settings becomes permanent
- bookmarks/cookies/history/... are saved on disk
- standard downloads are detected and the files are saved on disk outside the sandbox (this works for all browsers, even if you choose different location - so IE downloaded are detected as well; in fact, this also works for other applications than browsers, run e.g. Microsoft Paint and images will be stored outside sandbox as well)
What happens with addons updates?
The best things in life are free.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: sandbox part
« Reply #21 on: March 11, 2010, 08:51:45 PM »
What happens with addons updates?

Support for addons are not implemented yet, because it's not so easy: when you update addons/extensions, quite lot of files are changed (at least in FF browser). These changes can't be covered by some exception records and therefore we'll add more settings into GUI.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: sandbox part
« Reply #22 on: March 11, 2010, 08:54:12 PM »
Thanks pk.
The best things in life are free.

Offline Rumpel

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 953
  • The poster formerly known as - Rumpelstiltskin®
Re: sandbox part
« Reply #23 on: March 11, 2010, 10:06:11 PM »
This is bit off topic but I was taught that I shouldn't use the phrase like below.
all downloaded files (saved by standard legitimate way) are not saved in the sandbox (which is done by default).
For this sentence can be interpreted in two ways:
1. any downloaded file (saved by standard legitimate way) is not saved in the sandbox (which is done by default). /no downloaded files (saved by standard legitimate way) are saved in the sandbox (which is done by default).
2. not all downloaded files (saved by standard legitimate way) are saved in the sandbox (which is done by default).  e.g.  All that glitters is not gold.

In any case, according to what pk wrote, I guess the first sentence is what he means here.  In any case, the core problem here is that I couldn't figure out how the sandbox is supposed to work during my beta-testing stage.   :-\

Offline Erroneus

  • Former recommender of Avast
  • Full Member
  • ***
  • Posts: 166
  • RIP Avast
    • Personal blog
Re: sandbox part
« Reply #24 on: March 11, 2010, 11:43:12 PM »
I'm missing some more info about this sandbox mode. A wiki, knowledge base or even forum thread would be nice.

It would be nice with some examples how to setup up proper sandbox mode for popular programs and what programs would be recommended to run sandboxed.

This sandbox feature seems to be a great product, but it feels a bit rough around the edges.
Homebuild machine - Intel I5 3570K@4,3 Ghz
Lenovo T460s
Windows 10 1709 Enterprise 64bit: Panda Pro

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 684
  • U.S.A
Re: sandbox part
« Reply #25 on: March 12, 2010, 01:30:03 AM »

pk you mention a bug in this build.is the way the sandbox handles ie downloads going to be fixed or will it remain this way?i think if ie is runnin sandboxed then any download should not be saved to the real disc.



Thanks for this topic. There's really a bug about downloads detection in the latest version; during rewriting hooking functions I've forgot for one check. So, in this avast build all downloaded files (saved by standard legitimate way) are not saved in the sandbox (which is done by default). All files created/downloaded with different ways are always virtualized, this remains.

Just to be clear: if the mentioned checkbox is checked, it does the following:
- changing your browser's settings becomes permanent
- bookmarks/cookies/history/... are saved on disk
- standard downloads are detected and the files are saved on disk outside the sandbox (this works for all browsers, even if you choose different location - so IE downloaded are detected as well; in fact, this also works for other applications than browsers, run e.g. Microsoft Paint and images will be stored outside sandbox as well)


Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: sandbox part
« Reply #26 on: March 12, 2010, 01:42:12 AM »
it's intended to work this way:
- if checkbox is checked: all files you download in browser are stored outside sandbox; if browsers use predefined download locations (FF/Opera/...) then these locations are excluded automatically from the sandbox; if you save a file to the own location (mainly IE) then it'll be saved outside the sandbox; this feature also works for other applications than browsers (e.g. MS Office, ...)
- if checkbox is unchecked: all downloads are stored in the sandbox

The checkbox controls only downloaded files, all other files created by a virtualized application are saved in the sandbox. The actual build saves all downloads outside the sandbox.

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 684
  • U.S.A
Re: sandbox part
« Reply #27 on: March 12, 2010, 01:59:22 AM »
if its intended to work this way for ie whats the point in sandboxing ie when anything downloaded through it is not sandboxed?by the way i uncheck the ais setting(safe location and exclude)and it still saves the file to the real disc and i can install it with no problem,is it supposed to be this way?
« Last Edit: March 12, 2010, 03:40:07 AM by bri »

Offline Rumpel

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 953
  • The poster formerly known as - Rumpelstiltskin®
Re: sandbox part
« Reply #28 on: March 15, 2010, 07:06:51 AM »
it's intended to work this way:
- if checkbox is checked: all files you download in browser are stored outside sandbox; if browsers use predefined download locations (FF/Opera/...) then these locations are excluded automatically from the sandbox; if you save a file to the own location (mainly IE) then it'll be saved outside the sandbox; this feature also works for other applications than browsers (e.g. MS Office, ...)
- if checkbox is unchecked: all downloads are stored in the sandbox

The checkbox controls only downloaded files, all other files created by a virtualized application are saved in the sandbox. The actual build saves all downloads outside the sandbox.
Thanks, pk for the clarification.

if its intended to work this way for ie whats the point in sandboxing ie when anything downloaded through it is not sandboxed?by the way i uncheck the ais setting(safe location and exclude)and it still saves the file to the real disc and i can install it with no problem,is it supposed to be this way?
:-\  I thought my notebook, which I used for my beta-testing, couldn't cope with the firewall and sandbox functions since I felt they were not mature yet when Avast released them as non-beta versions.  In fact, judging from some reviews and votes in third party sites, quite many people seem to be happy with them.  Probably, we just belong to those unlucky users...

Offline bri

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 684
  • U.S.A
Re: sandbox part
« Reply #29 on: March 15, 2010, 02:48:32 PM »
i think its ridiculous that when ie is sandboxed and i have the settings for downloads for safe location unchecked it still saves it to the system and can be installed.it is unuseable imo.my families pc found out the hard way (infected).