Author Topic: Which files (executables) are started into the AutoSandbox  (Read 10839 times)

0 Members and 1 Guest are viewing this topic.

Offline avoidz

  • Jr. Member
  • **
  • Posts: 54
Re: Which files (executables) are started into the AutoSandbox
« Reply #15 on: March 01, 2011, 03:23:55 AM »
Thanks, but this is the pop-up I was referring to:



This is what I think will cause some confusion, and what is similar to the UAC I mentioned.
DESKTOP: Intel P4 2.4GHz, 1.5GB RAM, 500GB HDD, GeForce FX 5200, Windows XP Pro, avast! 7 Home, Sygate PF Pro | NOTEBOOK: XPS17 Intel i7-2630QM, 8GB RAM, 2x750GB HDD, GeForce GT 555M, Windows 7 64bit, McAfee IS

Offline sded

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1718
  • Me llamo Ed
Re: Which files (executables) are started into the AutoSandbox
« Reply #16 on: March 01, 2011, 03:29:57 AM »
This is the popup you get if you put it on auto-seems pretty straightforward.  Small, inLR corner.
Windows 7 x64HP-SP1-No UAC, Opera 11.51, Avast! Internet Security 6.0.128, Webroot SecureAnywhere latest beta, Windows FW off, MVPS HOSTS, SAS/MBAM offline, Macrium Reflect just in case ;)

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3665
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Which files (executables) are started into the AutoSandbox
« Reply #17 on: March 01, 2011, 03:36:38 AM »
Thnx Ed :)

That is indeed the one I was referring too ;)

Greetz, Red.
OS: Win 10 / Debian / Tails / iOS
Real Time: Avast Premium Security
VPN: NordVPN ( NordLynx ) with Cybersec

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Which files (executables) are started into the AutoSandbox
« Reply #18 on: March 01, 2011, 12:23:20 PM »
I'm not sure what you are asking about...
Who performs tests when starting an application? Well, the File System Shield does... and, as an auxiliary result of that scan, the information about the "autosandbox suspiciousness" is returned - and used. Note that the AutoSandbox settings are in the File System Shield settings.

The Behavior Shield isn't really part of this... because the decision on whether to (auto)sandbox the application or not has to be done in advance, before the application is really started - while the Behavior Shield monitors the behavior of the application when it's already running, i.e. later.
Igor, thanks. That's what I was looking for.
The best things in life are free.

Offline avoidz

  • Jr. Member
  • **
  • Posts: 54
Re: Which files (executables) are started into the AutoSandbox
« Reply #19 on: March 01, 2011, 01:00:08 PM »
This is the popup you get if you put it on auto-seems pretty straightforward.  Small, inLR corner.

Thanks for that. So when it's on Auto the alert is a small pop-up in the corner like a VPS update. Does Sandboxing an unknown (but harmless) program affect its performance, or is it negligible or what happens?
DESKTOP: Intel P4 2.4GHz, 1.5GB RAM, 500GB HDD, GeForce FX 5200, Windows XP Pro, avast! 7 Home, Sygate PF Pro | NOTEBOOK: XPS17 Intel i7-2630QM, 8GB RAM, 2x750GB HDD, GeForce GT 555M, Windows 7 64bit, McAfee IS

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Which files (executables) are started into the AutoSandbox
« Reply #20 on: March 01, 2011, 01:09:20 PM »
Does Sandboxing an unknown (but harmless) program affect its performance, or is it negligible or what happens?
Well... it affects the program itself (what it can do, etc.) but, performance is not that much affected.
The best things in life are free.

Offline avoidz

  • Jr. Member
  • **
  • Posts: 54
Re: Which files (executables) are started into the AutoSandbox
« Reply #21 on: March 01, 2011, 01:52:56 PM »
By participating in the avast! Community (via the Settings), does this add the programs marked as harmless to a central list and exclude them from the Sandbox in future updates? Or will I have to manually confirm each program as safe on other user's computers?
DESKTOP: Intel P4 2.4GHz, 1.5GB RAM, 500GB HDD, GeForce FX 5200, Windows XP Pro, avast! 7 Home, Sygate PF Pro | NOTEBOOK: XPS17 Intel i7-2630QM, 8GB RAM, 2x750GB HDD, GeForce GT 555M, Windows 7 64bit, McAfee IS

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Which files (executables) are started into the AutoSandbox
« Reply #22 on: March 01, 2011, 02:03:30 PM »
By participating in the avast! Community (via the Settings), does this add the programs marked as harmless to a central list and exclude them from the Sandbox in future updates? Or will I have to manually confirm each program as safe on other user's computers?

There's some logic behind the scenes that tries to optimize the algorithm so that it doesn't alert on files that are harmless (based on the files that we see trigger the autosandbox offer). On the other hand, this logic doesn't take the user's decision into account at all - users aren't usually very good at telling whether a given file is malware or not.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Omid Farhang

  • Malware Hunter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Omid's Site
Re: Which files (executables) are started into the AutoSandbox
« Reply #23 on: March 01, 2011, 02:18:04 PM »
So it's mean even with Auto-Sandbox feature yet there are no 'known clean' list in Database?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Which files (executables) are started into the AutoSandbox
« Reply #24 on: March 02, 2011, 02:32:53 AM »
So it's mean even with Auto-Sandbox feature yet there are no 'known clean' list in Database?
No, there isn't a clean list (it was already said by Igor).
The best things in life are free.

Offline Omid Farhang

  • Malware Hunter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Omid's Site
Re: Which files (executables) are started into the AutoSandbox
« Reply #25 on: March 02, 2011, 10:43:38 AM »
No, there isn't a clean list (it was already said by Igor).
:'(

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Which files (executables) are started into the AutoSandbox
« Reply #26 on: March 02, 2011, 12:36:26 PM »
Why are you sad?
The whitelist approach has a lot of inconveniences...
The best things in life are free.

Offline Omid Farhang

  • Malware Hunter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1660
  • I wish I could write longer personal text!!
    • Omid's Site
Re: Which files (executables) are started into the AutoSandbox
« Reply #27 on: March 02, 2011, 01:11:12 PM »
whitelist will avoid lots of FPs when updating heuristic (even with having it in highest level) and will avoid Auto-Sandbox alerts for harmless files and many other example, I don't know what will be 'inconveniences' by having a small database of common clean files...

Offline avoidz

  • Jr. Member
  • **
  • Posts: 54
Re: Which files (executables) are started into the AutoSandbox
« Reply #28 on: March 02, 2011, 01:36:47 PM »
The Auto setting doesn't work for my usage. It Sandboxed dvbviewer.exe which is a harmless file (a DTV application), gave me the corner pop-up, but no way to un-Sandbox it — unless I manually add it to the exclusion list, which is going to be a pain to have to do to every program that ends up this way.

Sorry, this new feature is not for me.
DESKTOP: Intel P4 2.4GHz, 1.5GB RAM, 500GB HDD, GeForce FX 5200, Windows XP Pro, avast! 7 Home, Sygate PF Pro | NOTEBOOK: XPS17 Intel i7-2630QM, 8GB RAM, 2x750GB HDD, GeForce GT 555M, Windows 7 64bit, McAfee IS

Offline Privateofcourse

  • Full Member
  • ***
  • Posts: 136
  • No.13 of Landing Party of 1788
Re: Which files (executables) are started into the AutoSandbox
« Reply #29 on: March 02, 2011, 02:25:03 PM »
I've also disabled it for this reason.

 
--
Cheers / Si
...info: WXP Pro SP3 / PFW 7.0 / Avast Pro 7.0.1466 / MBAM / SpywareBlaster / Sandboxie / etc.