Hi,
avast seems to have problems containing TDL, the MBR or drivers are infected despite the dropper being run in the sandbox.
This has been the case since v5 got out and there don't seem to be any improvements in the sandbox in that regard.
I appreciate that there are other modules protecting me (like BS), but the sandbox should be capable of managing this on its own.
Tested with the latest 1027 Pre-release.
I can provide droppers/MD5s if necessary (although I haven't found a single TDL dropper that is successfully contained.)