Author Topic: a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)  (Read 2774 times)

0 Members and 1 Guest are viewing this topic.

13N

  • Guest
a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)
« on: March 16, 2011, 09:32:43 PM »
Hi,
avast seems to have problems containing TDL, the MBR or drivers are infected despite the dropper being run in the sandbox.
This has been the case since v5 got out and there don't seem to be any improvements in the sandbox in that regard.
I appreciate that there are other modules protecting me (like BS), but the sandbox should be capable of managing this on its own.
Tested with the latest 1027 Pre-release.
I can provide droppers/MD5s if necessary (although I haven't found a single TDL dropper that is successfully contained.)
« Last Edit: March 24, 2011, 01:06:56 PM by 13N »

13N

  • Guest
Re: a! sandbox bypassed by TDL3/4
« Reply #1 on: March 17, 2011, 01:58:08 PM »
(bump)
I forgot to mention that I've tested on 32bit XP only, I can't say anything about TDL4@64bit.
I'd appreciate if I can get a confirmation that this is a known issue.

13N

  • Guest
Re: a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)
« Reply #2 on: March 24, 2011, 01:04:39 PM »
Just wanted to inform everyone that I can confirm the issue is fixed with 1044
Quote
- improvements in the avast! sandbox (better TDL shielding etc)
Thanks to avast team, especially Petr Kurtin who contacted me over email. :)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)
« Reply #3 on: March 24, 2011, 01:25:35 PM »
Thanks 13N for testing that and allowing protection to all users.
Do you have any other sample that "bypasses" the avast sandbox?
The best things in life are free.

13N

  • Guest
Re: a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)
« Reply #4 on: March 24, 2011, 10:07:49 PM »
I haven't done extensive tests so far, just with TDL because I remember it was a problem with previous versions.
I'll post if I find anything else worth reporting. :)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: a! sandbox bypassed by TDL3/4 (Fixed in 6.0.1044)
« Reply #5 on: March 25, 2011, 02:23:37 AM »
I haven't done extensive tests so far, just with TDL because I remember it was a problem with previous versions.
I'll post if I find anything else worth reporting. :)
Thanks again!
The best things in life are free.