Author Topic: Auto-sandbox in XP  (Read 11403 times)

0 Members and 1 Guest are viewing this topic.

Dch48

  • Guest
Auto-sandbox in XP
« on: February 25, 2011, 07:59:47 PM »
Can anyone confirm that the auto-sandbox in the free version works in XP? I have seen no alerts even when running things that others have said will give them alerts.

I was just examining the .ini file for the filesystem shield and there is nothing in it about the sandboxing. I have it turned on in the options. Should there be an entry in the .ini file? There is for all of the other options as far as I can tell.
[Common]
ActionOnPackedFile=onlyfile
OverwriteReport=0
PUPAction=trezor iffailed delete
PerformActionOnStartup=1
Report=TXT
ReportName=*
ReportRecords=Infected;HardErrors
ScanFullFiles=0
ScanPUP=0
ScanPackers=EXE;WinExec;Drop;Streams
ShowAppliedActionNotification=1
SuspiciousAction=trezor iffailed delete
TaskSensitivity=80
UseCodeEmulation=1
VirusAction=trezor iffailed delete
ProviderEnabled=1
[FileSystem]
ScanAutorun=1
ScanDLLOnLoad=1
ScanDiskette=1
ScanExceptions=<RW>?:\PageFile.sys;<RW>*\System.da?;<RW>*\User.da?;<RW>*.fon;<RW>*.txt;<RW>*.log;<RW>*.ini;<RW>*\Bootstat.dat;<W>*\firefox\profiles\*sessionstore*.js
ScanOnExecute=1
ScanOnOpenAllFiles=0
ScanOnOpenCustomExtensions=0
ScanOnOpenDocuments=1
ScanOnWriteAllFiles=0
ScanOnWriteCustomExtensions=0
ScanOnWriteDefault=1
ScanScriptsOnExecute=1
SkipSystemDlls=1
UsePersistentCache=1
UseTransientCache=1
« Last Edit: February 25, 2011, 08:21:05 PM by Dch48 »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89332
  • No support PMs thanks
Re: Auto-sandbox in XP
« Reply #1 on: February 25, 2011, 08:44:48 PM »
I have tried several small utilities in both win7 starter and XP Pro and I haven't had any response on any of them, so I can't say if it is working in one and not the other.

As far as an entry in the ini file goes, default options tend not to be in the ini file, so if you were to disable auto-sandbox, that may place an entry which you could see and then enable the sandbox again.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Charyb-0

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2508
Re: Auto-sandbox in XP
« Reply #2 on: February 25, 2011, 08:48:58 PM »
I can run OTL.exe on XP and no alert.

While running it on Windows 7 I receive an alert. See attached

Dch48

  • Guest
Re: Auto-sandbox in XP
« Reply #3 on: February 25, 2011, 08:54:10 PM »
I found the entry for the sandboxing. It's in the Avast5.ini file, not in the FileSystemShield.ini. It does say it's enabled.
« Last Edit: February 25, 2011, 08:56:28 PM by Dch48 »

Dch48

  • Guest
Re: Auto-sandbox in XP
« Reply #4 on: February 25, 2011, 08:55:17 PM »
I can run OTL.exe on XP and no alert.

While running it on Windows 7 I receive an alert. See attached
Aha, so it is working differently in XP.

Dch48

  • Guest
Re: Auto-sandbox in XP
« Reply #5 on: February 25, 2011, 09:33:13 PM »
Gee it seems that aswMBR doesn't work on this system either. This is what I got when running it just to see what it did.

aswMBR version 0.9.2 Copyright(c) 2011 avast! Software
Run date: 2011-02-25 20:20:47
-----------------------------
15:20:47.046    OS Version: Windows 5.1.2600 Service Pack 3
15:20:47.046    Number of processors: 1 586 0x2402
15:20:47.046    ComputerName: HP5215  UserName: Donald
15:20:47.703    Initialize success
15:20:57.593    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:20:57.593    Disk 0 Vendor:   Size: 0MB BusType: 0
15:20:57.687    Disk 0 MBR read error
15:20:57.687    Disk 0 MBR scan
15:20:57.687    Disk 0 MBR hidden
15:20:57.687    Disk 0 trace - called modules:
15:20:57.687    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:20:57.703    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a57bab8]
15:20:57.703    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a523440]
15:20:57.703    5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a522d98]
15:20:57.703    Scan finished successfully


Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Auto-sandbox in XP
« Reply #6 on: February 25, 2011, 09:40:49 PM »
I have one program that alerted the AutoSandbox, which is set to Ask.  It's a trusted program for my HP 7310 AIO printer.  I excluded it from being sandboxed by selecting run normally.  It shows in the autosandbox log.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Dch48

  • Guest
Re: Auto-sandbox in XP
« Reply #7 on: February 25, 2011, 09:55:02 PM »
I have one program that alerted the AutoSandbox, which is set to Ask.  It's a trusted program for my HP 7310 AIO printer.  I excluded it from being sandboxed by selecting run normally.  It shows in the autosandbox log.
In XP? I don't even have an autosandbox.log file anywhere on my system.

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Auto-sandbox in XP
« Reply #8 on: February 25, 2011, 10:19:33 PM »
I have one program that alerted the AutoSandbox, which is set to Ask.  It's a trusted program for my HP 7310 AIO printer.  I excluded it from being sandboxed by selecting run normally.  It shows in the autosandbox log.
In XP? I don't even have an autosandbox.log file anywhere on my system.

I don't think the autosandbox.log is created until the first alert.  All I see in mine are multiple entries listing the program I excluded and stating that it was sandboxed due to my exclusion.  The log is in a subdirectory under All Users\Application Data.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

iroc9555

  • Guest
Re: Auto-sandbox in XP
« Reply #9 on: February 25, 2011, 10:36:24 PM »
Dch48.

Running XP Pro Spk3. C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\Log >> autosanbox.log




It is working in mine.

Dch48

  • Guest
Re: Auto-sandbox in XP
« Reply #10 on: February 26, 2011, 12:08:46 AM »
Interesting. I will say that after the clean install of v6, I was not told to reboot. It just said Avast! was running and protecting my system. When I went into the GUI and looked in Additional Protection / AutoSandbox, it said the feature would not be available until after a restart. It has not given any alerts or created a log file yet.

MAG

  • Guest
Re: Auto-sandbox in XP
« Reply #11 on: February 26, 2011, 12:13:19 AM »
No I wasn't prompted to reboot either - odd.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Auto-sandbox in XP
« Reply #12 on: February 26, 2011, 01:02:45 AM »
I can confirm that there's a little problem in the Windows XP implementation of the AutoSandbox. It is offered less often than it's supposed to (and also compared to Vista/W7, where it works correctly).

This bug has already been fixed in the internal branch, and will be part of the next program update.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

SafeSurf

  • Guest
Re: Auto-sandbox in XP
« Reply #13 on: February 26, 2011, 07:24:38 AM »
I can confirm that there's a little problem in the Windows XP implementation of the AutoSandbox. It is offered less often than it's supposed to (and also compared to Vista/W7, where it works correctly).

This bug has already been fixed in the internal branch, and will be part of the next program update.
@ Vlk,

By program update, you mean the next version update...correct?  I just need clarification.  Thank you.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Auto-sandbox in XP
« Reply #14 on: February 26, 2011, 12:39:32 PM »
By program update, you mean the next version update...correct?
Yes, most probably.
The best things in life are free.