newbie with Avast Autosandbox

[bluenite]

how does it work this nice feature?
When I run any program, nothing happens. I have yet set the interactive activity has to ask. Or does it only runs on the newly installed software? After installing Avast?
If it will go as it should, Avast has a competitive edge
Thanks for the advice
Peter

[Asyn]

https://support.avast.com/index.php?languageid=1&group=eng&_m=knowledgebase&_a=viewarticle&kbarticleid=602
asyn

[doktornotor]

It certainly works... check the log:

Code: [Select]

20.2.2011 19:21:46 Autosandbox candidate: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[Source: ]
[Opened by: C:\windows\Explorer.EXE]
--> Result: Not sandboxing (based on user's decision).

20.2.2011 19:22:32 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\DTLite.exe
[Source: ]
[Opened by: C:\windows\Explorer.EXE]
--> Result: Not sandboxing (because the file is trusted).

20.2.2011 19:22:43 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\Engine.dll
[Source: ]
[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
--> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

20.2.2011 19:22:45 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\imgengine.dll
[Source: ]
[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
--> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

20.2.2011 23:39:43 Autosandbox candidate: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[Source: ]
[Opened by: C:\windows\Explorer.EXE]
--> Result: Not sandboxing (because the file is in the exception list).

20.2.2011 23:39:48 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\DTLite.exe
[Source: ]
[Opened by: C:\windows\Explorer.EXE]
--> Result: Not sandboxing (because the file is trusted).

20.2.2011 23:40:10 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\Engine.dll
[Source: ]
[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
--> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

20.2.2011 23:40:13 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\imgengine.dll
[Source: ]
[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
--> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

22.2.2011 7:29:03 Autosandbox candidate: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[Source: ]
[Opened by: C:\windows\Explorer.EXE]
--> Result: Not sandboxing (because the file is in the exception list).

22.2.2011 7:29:08 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\DTLite.exe
[Source: ]
[Opened by: C:\windows\Explorer.EXE]
--> Result: Not sandboxing (because the file is trusted).

22.2.2011 7:29:14 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\Engine.dll
[Source: ]
[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
--> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

22.2.2011 7:29:16 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\imgengine.dll
[Source: ]
[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
--> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

24.2.2011 3:00:55 Autosandbox candidate: C:\Windows\SoftwareDistribution\Download\Install\Windows6.1-7601-X86-NeutralCab.EXE
[Source: ]
[Opened by: C:\windows\system32\wuauclt.exe]
--> Result: Not sandboxing (because the file is trusted).

24.2.2011 3:01:02 Autosandbox candidate: C:\Windows\SoftwareDistribution\Download\Install\Windows6.1-7601-X86-CAB4.EXE
[Source: ]
[Opened by: C:\windows\system32\wuauclt.exe]
--> Result: Not sandboxing (because the file is trusted).

24.2.2011 3:01:08 Autosandbox candidate: C:\Windows\SoftwareDistribution\Download\Install\CheckSURPackage.EXE
[Source: ]
[Opened by: C:\windows\system32\wuauclt.exe]
--> Result: Not sandboxing (because the file is trusted).

24.2.2011 5:00:53 Autosandbox candidate: C:\Windows\System32\Wat\WatAdminSvc.exe
[Source: ]
[Opened by: C:\windows\system32\services.exe]
--> Result: Not sandboxing (because the file is trusted).

24.2.2011 10:54:05 Autosandbox candidate: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
[Source: ]
[Opened by: C:\windows\Explorer.EXE]
--> Result: Not sandboxing (because the file is in the exception list).

24.2.2011 10:54:09 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\DTLite.exe
[Source: ]
[Opened by: C:\windows\Explorer.EXE]
--> Result: Not sandboxing (because the file is trusted).

24.2.2011 10:54:14 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\Engine.dll
[Source: ]
[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
--> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

24.2.2011 10:54:17 Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\imgengine.dll
[Source: ]
[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
--> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).


[miscreant]

Where are the logs in avast?.Can they be accsessed through the gui somewhere?
m

[Dch48]

Where do you find that log? I can find all of the shield logs but nothing concerning the sandboxing.

[doktornotor]

Where do you find that log? I can find all of the shield logs but nothing concerning the sandboxing.

Code: [Select]

%ALLUSERSPROFILE%\AVAST Software\Avast\log\autosandbox.log

[Dch48]

Where do you find that log? I can find all of the shield logs but nothing concerning the sandboxing.

Code: [Select]

%ALLUSERSPROFILE%\AVAST Software\Avast\log\autosandbox.log

There is no such log file on my system.

[doktornotor]

There is no such log file on my system.

If you upgraded from 5.x to 6.0, the path will differ. Anyway, it's pretty trivial to find autosandbox.log via normal file search in Windows.

[street_lethal]

I think it only creates a log if it thinks something is potentially dangerous and runs it in the sandbox. i.e. a "sandbox candidate".

[Dch48]

I did the search, the file does not exist, anywhere.

[DavidR]

Do you have the autosandbox set to Ask ?
If so I don't know if it would record any actions.

I have the file in that location on my win7 netbook. But not in XP Pro (C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report), I can't recall if I have had any autosandbox alerts since a clean install of 6.0.1000, so perhaps that is correct.

[Dch48]

Or maybe the sandboxing is not working correctly in XP? I need something to test it with since nothing I have installed has given an alert.

[bluenite]

Or maybe the sandboxing is not working correctly in XP? I need something to test it with since nothing I have installed has given an alert.

same question - need sm to test it.
As I know Sandboxie sw, there is clear and work it. Here nothing.
I cannot also find that autosandbox.log under my winxp.
Or maybe because I just installed new Avast6 only today, that log is missing yet, without running any sw?
What does it mean "potentially suspicious application"? How does it know, if any?

[bluenite]

Or maybe the sandboxing is not working correctly in XP? I need something to test it with since nothing I have installed has given an alert.

same question - need sm to test it.
As I know Sandboxie sw, there is clear and work it. Here nothing.
I cannot also find that autosandbox.log under my winxp.
Or maybe because I just installed new Avast6 only today, that log is missing yet, without running any sw?
What does it mean "potentially suspicious application"? How does it know, if any?

nobody knows?

[doktornotor]

I need something to test it with since nothing I have installed has given an alert.

As shown on the log I've posted, AnyDVD causes a prompt here at least, plus DAEMON Tools Lite gets logged (no prompt as it's trusted though). Someone also mentioned elsewhere that HDD Health utility produces an autosandbox prompt.