Author Topic: AutoSandbox Test Tool  (Read 132224 times)

0 Members and 1 Guest are viewing this topic.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: AutoSandbox Test Tool
« Reply #60 on: April 20, 2011, 09:31:34 PM »
2
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: AutoSandbox Test Tool
« Reply #61 on: April 20, 2011, 09:32:12 PM »
3
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: AutoSandbox Test Tool
« Reply #62 on: April 20, 2011, 09:35:07 PM »
The registry key however is created...
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Excess

  • Jr. Member
  • **
  • Posts: 70
Re: AutoSandbox Test Tool
« Reply #63 on: April 20, 2011, 09:36:05 PM »
Not working...
Avast! doesn't ask me to load the program in the autosandbox, I checked my options 3 times, everything is OK.
« Last Edit: April 20, 2011, 09:46:26 PM by Excess »
AMD ATHLON II X2 M300, 4 Gio RAM DDR2, 500 Gio HD SATA II, ATI RADEON HD 4570, WINDOWS 7 HOME PREMIUM X64, AVAST! FREE 6.0.1091, MBAM FREE, FIREFOX 4 WITH LINK EXTEND & WEBREP, WINDOWS' 7 FIREWALL.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: AutoSandbox Test Tool
« Reply #64 on: April 20, 2011, 09:36:38 PM »
Zyndstoff: If you've got any kind of UAC enabled, it probably won't work (or rather, the file operation might get virtualized by UAC).
The registry operation, going into HKCU, will succeed.
« Last Edit: April 20, 2011, 09:38:31 PM by igor »

Offline Dieselman

  • Poster
  • *
  • Posts: 621
Re: AutoSandbox Test Tool
« Reply #65 on: April 20, 2011, 09:37:04 PM »
The registry key however is created...

Do you have a screen shot of the key string created?

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: AutoSandbox Test Tool
« Reply #66 on: April 20, 2011, 09:39:56 PM »
The registry key however is created...

Do you have a screen shot of the key string created?

I already deleted it. Why?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: AutoSandbox Test Tool
« Reply #67 on: April 20, 2011, 09:42:04 PM »
Zyndstoff: If you've got any kind of UAC enabled, it probably won't work (or rather, the file operation might get virtualized by UAC).
The registry operation, going into HKCU, will succeed.

Igor,

is this unique to this testprog?
Or will this happen everytime I select a program to run normally when AutoSB kicks in? That would be a bug...

Yes, I have Win 7 UAC active.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: AutoSandbox Test Tool
« Reply #68 on: April 20, 2011, 09:47:25 PM »
is this unique to this testprog?
Or will this happen everytime I select a program to run normally when AutoSB kicks in? That would be a bug...

Yes, I have Win 7 UAC active.

It's got nothing to do with the testprog, nor with autosandbox, nor with avast! - it's just UAC. If a program (possibly only when running under admin, I'm not sure - but not elevated) tries to create files in folders normally inaccessible (e.g. C:\), or registry keys (HKLM\*) - the request somehow succeeds (from the program's point of view) - but the operation is virtualized, just like if it were running in a sandbox. So the file/registry key won't actually appear.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: AutoSandbox Test Tool
« Reply #69 on: April 20, 2011, 09:50:17 PM »
The key does appear, the file doesn't...?
Strange - I never heard of this UAC behavior before.

So if I disable AutoSB and try the prog again - there will be no file in C:\ bevause of UAC?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline rambo1940

  • Full Member
  • ***
  • Posts: 199
Re: AutoSandbox Test Tool
« Reply #70 on: April 20, 2011, 09:50:38 PM »
When i try to run the tool.
I get "Modify the System"
If i click on that.i get

Good, that's how it should work. ;)
Wait, do you mean the Autosandbox didn't jump in..??


It did not

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: AutoSandbox Test Tool
« Reply #71 on: April 20, 2011, 09:54:03 PM »
Actually, I may be wrong - I'm not sure when the operations get virtualized by UAC, and when they are simply blocked.
Possibly the creation of the file in the root of the C: drive is just blocked (and the tool, being really just a simply internal util, doesn't report any errors about that ;)). In any case, yes, it's UAC, and yes, it shouldn't appear even without autosandbox - unless you run the executable elevated.

The key is in HKCU, so UAC doesn't have any problems with that. If it went into HKLM instead, it should behave the same (as the file) I think.
« Last Edit: April 20, 2011, 09:55:38 PM by igor »

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2610
  • I can resist anything except temptation.
    • tex62
Re: AutoSandbox Test Tool
« Reply #72 on: April 20, 2011, 10:00:58 PM »
Actually, I may be wrong - I'm not sure when the operations get virtualized by UAC, and when they are simply blocked.
Possibly the creation of the file in the root of the C: drive is just blocked (and the tool, being really just a simply internal util, doesn't report any errors about that ;)). In any case, yes, it's UAC, and yes, it shouldn't appear even without autosandbox - unless you run the executable elevated.

The key is in HKCU, so UAC doesn't have any problems with that. If it went into HKLM instead, it should behave the same (as the file) I think.

Okay, the file is not created even without AutoSB.

Everything works as it should.

But: why didn't you choose a folder that would show the file created when "open normally" is selected. It's hard for a user to understand if the apparently anticipated outcome is not visible...

I'm an experienced user - but even I was astonished...
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11808
    • AVAST Software
Re: AutoSandbox Test Tool
« Reply #73 on: April 20, 2011, 10:34:38 PM »
OK, I'll repeat it once again ;)
This is an internal tool that wasn't really meant for public (which doesn't mean it's any secret, just that it was build rather quickly, without any attempts to make it bulletproof or user friendly). You asked for it, so you got it... but there wasn't any additional time spent on that.

Its main purpose was to trigger the autosandbox pop-up, that's all - nobody actually used to it verify sandbox functionality (OK, maybe once, but that's really all). Red-framed window --> OK, no red frame --> something's wrong.

And even though I didn't write it myself, I certainly wouldn't notice the problem with C: drive - as disabling UAC is the first thing I do on my computers, I really can't live with that.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: AutoSandbox Test Tool
« Reply #74 on: April 20, 2011, 10:36:56 PM »
The one and only purpose of the tool was to trigger the AutoSandbox prompt.
If at first you don't succeed, then skydiving's not for you.