Author Topic: AutoSandbox Test Tool  (Read 130475 times)

0 Members and 1 Guest are viewing this topic.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11804
    • AVAST Software
Re: AutoSandbox Test Tool
« Reply #45 on: April 20, 2011, 07:46:40 PM »
I was thinking of something like this. You have a test tool that then spawns another EXE which actually triggers AutoSandbox. As far as i understand the sandbox and its chain of sandboxing, in this case the main tool would not be sandboxed but the newly spawned EXE would be. Then the main test tool would check for the presence of that file and registry value. If found, Sandbox is not working. If not found, sandbox is working fine.
It's just that you'd have to figure out how to make timings and stuff like that to properly connect spawning and checking part so they would be properly correct and not try to check before it would actually spawn the new file/reg value. In theory you should only check the physical locations and if test data is not found there, it's fine.

Well yes, that would be possible (as for the timings, it would be best simply to wait for the spawned process to terminate.
However, keep in mind that it's more a test of the sandbox than autosandbox - in real life, you don't have control of whether you get the autosandbox offer for the particular file or not.
(Basides, I'm kinda scared when I read about "writing tutorials about using this tool"... it's just an artificial example that triggers the autosandboxing heuristics, no big deal - while it seems to be handled like some complex pen-testing tool ;))

Can somebody please tell me how you open the file in autosandbox.
Thank you

There is no "how" - you just execute it.

Offline Nesivos

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1352
  • Artists Rendering of New Pauley Pavilion @ UCLA
Re: AutoSandbox Test Tool
« Reply #46 on: April 20, 2011, 07:55:27 PM »
Downloaded and ran the tool on all three of my computers.

On two of them a got message "Modify the System" which had the sandbox lines around them.

On the third computer I got the following message.

Quote
Congratulations Loyal Avast Customer.

You have won an all-paid two weeks vacation in beautiful Prague, Czech Republic.

Please contact us with the Loyalty code number that is on your screen and your Avast customer number to receive your all expenses paid travel packet.

Offer good through 31, December 2011

Thanks again for being a loyal Avast customer.
[/i]
OS: W7-SP1, Security: AIS 7, SAS Pro, WinPatrol Plus Network:2 Dell 570MT x64 1 Dell 660 Desktop with 8GB RAM Default Browser & Email: Firefox & Thunderbird latest Betas

Offline gautam7

  • Sr. Member
  • ****
  • Posts: 200
Re: AutoSandbox Test Tool
« Reply #47 on: April 20, 2011, 08:01:06 PM »
well when i clicked modify it went all black with a red border. Does this suppose to happen when a real danger run inside a sandbox. I am asking because untill now whenever i run some suspicious program inside the sandbox nothing seemed to happen.
Lenovo B40 laptop/ core i3 4010U CPU (1.7 GHz)/ 4.0 GB RAM/500 GB HDD,OS: windows 10 64 bit, Browser: Google Crome/ FF (adblock plus, lastpass,) Security: Avast pro 10, MBAM (free).

Offline Desirae Spencer

  • Newbie
  • *
  • Posts: 5
Re: AutoSandbox Test Tool
« Reply #48 on: April 20, 2011, 08:03:01 PM »
Doesn't Avast! auto-sandbox support Chinese path? It's failed. :o
« Last Edit: April 20, 2011, 08:05:41 PM by kyokodash2 »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71841
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: AutoSandbox Test Tool
« Reply #49 on: April 20, 2011, 08:04:36 PM »
On the third computer I got the following message.

Congrats. :)
Win 8.1 [x64] - Avast PremSec 21.9.6605.IBC [UI.666] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11804
    • AVAST Software
Re: AutoSandbox Test Tool
« Reply #50 on: April 20, 2011, 08:09:34 PM »
Doesn't Avast! auto-sandbox support Chinese path? It's failed. :o

Can you be more specific, please?
What exactly was the path you started it from? What operating system?

Offline Desirae Spencer

  • Newbie
  • *
  • Posts: 5
Re: AutoSandbox Test Tool
« Reply #51 on: April 20, 2011, 08:40:04 PM »
Can you be more specific, please?
What exactly was the path you started it from? What operating system?

Auto-sandbox doesn't trigger when I run the "AutoSandbox Test Tool" on my Desktop. (桌面; desktop in Chinese)
C:\Documents and Settings\Administrator\桌面\autosandboxme.exe

But it works fine at C:\autosandboxme.exe

Windows XP SP3
« Last Edit: April 20, 2011, 08:47:57 PM by kyokodash2 »

Offline jrace

  • Sr. Member
  • ****
  • Posts: 381
Re: AutoSandbox Test Tool
« Reply #52 on: April 20, 2011, 08:41:16 PM »
Could anybody tell me what actually the trigger is for the Auto-Sandbox because when I try to execute "EasyBCD 2.0.2.exe" (installation file of program "easyBCD") the Auto-Sandbox is triggered  ??? ??? ??? ?

« Last Edit: April 20, 2011, 08:46:32 PM by jrace »
Sony VGN-SZ71VN/X, 4GB RAM, 256GB SSD, win7/32_ult_SP1-U
avast! pro 11.2.2255, Win7 Firewall, MBAM 2.2.0.1024
FF 45.0

Offline rambo1940

  • Full Member
  • ***
  • Posts: 199
Re: AutoSandbox Test Tool
« Reply #53 on: April 20, 2011, 08:49:45 PM »
I was thinking of something like this. You have a test tool that then spawns another EXE which actually triggers AutoSandbox. As far as i understand the sandbox and its chain of sandboxing, in this case the main tool would not be sandboxed but the newly spawned EXE would be. Then the main test tool would check for the presence of that file and registry value. If found, Sandbox is not working. If not found, sandbox is working fine.
It's just that you'd have to figure out how to make timings and stuff like that to properly connect spawning and checking part so they would be properly correct and not try to check before it would actually spawn the new file/reg value. In theory you should only check the physical locations and if test data is not found there, it's fine.

Well yes, that would be possible (as for the timings, it would be best simply to wait for the spawned process to terminate.
However, keep in mind that it's more a test of the sandbox than autosandbox - in real life, you don't have control of whether you get the autosandbox offer for the particular file or not.
(Basides, I'm kinda scared when I read about "writing tutorials about using this tool"... it's just an artificial example that triggers the autosandboxing heuristics, no big deal - while it seems to be handled like some complex pen-testing tool ;))

Can somebody please tell me how you open the file in autosandbox.
Thank you

There is no "how" - you just execute it.

Thanks

Offline rambo1940

  • Full Member
  • ***
  • Posts: 199
Re: AutoSandbox Test Tool
« Reply #54 on: April 20, 2011, 08:57:08 PM »
When i try to run the tool.
I get "Modify the System"
If i click on that.i get
If i click on OK nothing happens
Please may i have some advice please
« Last Edit: April 20, 2011, 08:59:41 PM by rambo1940 »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71841
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: AutoSandbox Test Tool
« Reply #55 on: April 20, 2011, 08:58:20 PM »
When i try to run the tool.
I get "Modify the System"
If i click on that.i get

Good, that's how it should work. ;)
Wait, do you mean the Autosandbox didn't jump in..??
Win 8.1 [x64] - Avast PremSec 21.9.6605.IBC [UI.666] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1.1
Avast-Tools: Secure Browser 93.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.84
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline bogdan_77

  • Newbie
  • *
  • Posts: 5
Re: AutoSandbox Test Tool
« Reply #56 on: April 20, 2011, 08:59:50 PM »
Hi, I`m new on this forum and first of all I want to thank Avast for the great program. The test tool works fine ( after I let it through Comodo Defense+ and Zemana  ;D). Once again, thank you Avast and keep up the good work.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: AutoSandbox Test Tool
« Reply #57 on: April 20, 2011, 09:01:23 PM »
Yep...

Run sandoxed: no modifications made.
Run without sandbox: you will find those modifications.

But yes, it would have been nice if a little explanation was found in that pop-up so a new user would know what the right / wrong outcome should be.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline rambo1940

  • Full Member
  • ***
  • Posts: 199
Re: AutoSandbox Test Tool
« Reply #58 on: April 20, 2011, 09:10:07 PM »
It would appear as if AutoSandbox just does not work

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: AutoSandbox Test Tool
« Reply #59 on: April 20, 2011, 09:30:02 PM »
Now I am confused.

I run the Autosandboxme.exe
Autosandbox kicks in, I select "open normally".
The next window with the modify-button shows "Autosandbox" in it's title...? I selected "open normally", why Sandbox?
I click the button and the window "Check for..." appears.
I click ok and check for changes: none.

Shouldn't the cahanges appear when selecting "open normally"?

 ??? ??? ??? ???
« Last Edit: April 20, 2011, 09:33:23 PM by Zyndstoff (aka Steven Gail) »
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear