Author Topic: AutoSandbox Test Tool  (Read 124569 times)

0 Members and 1 Guest are viewing this topic.

Offline lil marlau

  • Newbie
  • *
  • Posts: 2
Re: AutoSandbox Test Tool
« Reply #180 on: February 24, 2012, 10:23:01 PM »
I don't have the autosandbox tool installed yet. I tried to install it and got an "malicious warning" from Avast and it closed. I guess it's just a bug with the new version. I will try again in a couple of days.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44512
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: AutoSandbox Test Tool
« Reply #181 on: February 25, 2012, 12:25:15 AM »
I don't have the autosandbox tool installed yet. I tried to install it and got an "malicious warning" from Avast and it closed. I guess it's just a bug with the new version. I will try again in a couple of days.
It's a part of avast! not a separate program ???
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline lil marlau

  • Newbie
  • *
  • Posts: 2
Re: AutoSandbox Test Tool
« Reply #182 on: February 25, 2012, 01:09:35 AM »
That's what I'm saying. A bug. Doesn't recognize itself.

Offline decroft

  • Newbie
  • *
  • Posts: 5
Re: AutoSandbox Test Tool
« Reply #183 on: February 27, 2012, 11:26:01 PM »
Don't need to test it, sandbox sucks.  On  auto it doesn't trust  Word, Access, Excel, and runs them in  the sandbox.  I'm surpirsed it lets the operating system run.   What a joke, idea is good, but implementation is poor. 

Offline Dch48

  • Massive Poster
  • ****
  • Posts: 3151
Re: AutoSandbox Test Tool
« Reply #184 on: February 27, 2012, 11:30:43 PM »
A word of advice. If you use the avast! gadget, turn it off now. It causes glitches in the auto sandbox. In particular it prevents things from being excluded properly When you tell avast to run the program normally the next time it's supposed to add that program to the sandbox exclusions but if the gadget is running, it doesn't work. It puts a meaningless entry in the exclusions list instead of the actual file. With the gadget turned off,  the exclusion is added  and works properly.
Avatar FX6327X desktop, FX-6300 CPU, RX 470 GPU, 8GB RAM, Windows 10 Home 64 bit
HP dv6-6140us laptop, A8-3500M APU, 8GB RAM, Windows 7 Home Premium 64 bit
RCA W101 v2 10" tablet, Intel Atom Bay Trail Z3735F processor, 2GB RAM, Windows 10 Home 32 bit

Offline aklaren

  • Newbie
  • *
  • Posts: 8
Re: AutoSandbox Test Tool
« Reply #185 on: March 06, 2012, 11:59:48 AM »
I like the sanbox feature, but don't quite understand why the sandbox is terminated after the analysis determines that there is NOT enough evidence to mark the file as malware. I would expect it to continue running unless there is ENOUGH evidence to mark it as malware. This means that legitimate processes are terminated when Avast! is unsure.

Also, does Avast! considder all programs that are run directly from the Internet as suspicous or does it look at certain suspicious instructions? I have built a program that a.o. READS the system registry and optionally WRITES the data to a file, but would like it to pass/skip the Avast! analysis (the program is digitally signed with a COMODO code signing certicate). Is there any documentation on this? Thanks.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84109
  • No support PMs thanks
Re: AutoSandbox Test Tool
« Reply #186 on: March 06, 2012, 02:38:50 PM »
There is no point in it continuing to run as it is in a virtual environment, when the sandbox closes all within it would be lost depending on what that application in the sandbox does.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.9.2437 (build 20.9.5758.0) UI-1.0.579/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline aklaren

  • Newbie
  • *
  • Posts: 8
Re: AutoSandbox Test Tool
« Reply #187 on: March 06, 2012, 03:23:50 PM »
Thanx for the quick reply. In our case, and I think in many other cases, it does make sense to continue. Why don't you leave it up to the user to decide to continue or stop? Now the application is terminated and the non-technical user will not know what to do and because of the strong warning given, he/she will think our application is malware. BTW: selecting "sandbox" will terminate the application each time (we use the online MS ClickOnce mechanism in IE). 

Offline Dch48

  • Massive Poster
  • ****
  • Posts: 3151
Re: AutoSandbox Test Tool
« Reply #188 on: March 06, 2012, 06:46:35 PM »
In the latest R2 build the ask option of the auto sandbox has been reverted to it's original behavior.  If you set the sandbox to ask, it will then give you a window with the option to run the app either sandboxed or normally. If you tell it to run normally and check off to remember the answer, it will never be sandboxed again.  I'm sure this will be the behavior in the final release of v7 R2. You don't even see the analysis windows and the app does not terminate even if run in the sandbox.
Avatar FX6327X desktop, FX-6300 CPU, RX 470 GPU, 8GB RAM, Windows 10 Home 64 bit
HP dv6-6140us laptop, A8-3500M APU, 8GB RAM, Windows 7 Home Premium 64 bit
RCA W101 v2 10" tablet, Intel Atom Bay Trail Z3735F processor, 2GB RAM, Windows 10 Home 32 bit

Offline aklaren

  • Newbie
  • *
  • Posts: 8
Re: AutoSandbox Test Tool
« Reply #189 on: March 07, 2012, 10:06:58 AM »
I updated from 7.0.1407 to the R2 beta 7.0.1414 to try it out, but it looks like the default sandbox option is "auto". That would mean that by default, our application is sandboxed and terminated after 10-15 secs, leaving the user the option to open it next time either in the sandbox (recommended) or normally. The average and the cautious user will use the default, but then each time the analysis is done and the application is terminated. Why?

If I change the autosandbox option to "ask" and tell it to run in the sandbox all works fine. So to use our application (and other similar apps), every Avast! user must either allow it to run normally next time and start our application again or a) first find the autosandbox configuration setting b) change it to "ask", c) run the application and d) confirm that they want to run it in the sandbox. This is quite cumbersome and virtually impossible to explain to beginners (large part of our users).

I would like to suggest that the sandbox is ONLY terminated if the analysis finds ENOUGH evidence that the application is malware. Otherwise, explain to the user that the application is being run in a sandbox and changes are not saved and ask if they want to continue. So e.g. change the OK button to a Yes/No/RunNormally button (with the default to Yes) and change the combobox to a checkbox to remember this choice. This makes much more sense.

In the R2 beta it now shows that the reason for the sandbox is that "The file prevalence/reputation is low". Since our application is initially local and updated frequently, this will usually be the case. But it is signed with a trusted COMODO code signing certificate. Again, is there any further documentation on this?

Offline aklaren

  • Newbie
  • *
  • Posts: 8
Re: AutoSandbox Test Tool
« Reply #190 on: March 24, 2012, 02:27:38 PM »
In the absence of any further replies :(, I have done some more testing on v7.0.1426 and it looks like the sandbox is NOT activated in our production environment (anymore?), but only in development and test environments (which are in a subdirectory of the main URL). All environments use the exact same source code (incl a code signing signature), the only difference being the version number: 1.5.0.0 for production vs 1.5.0.1 and 1.5.0.2 for the dev/test environment (as ClickOnce applications in different environments cannot share the exact same version).

I am not sure if the sandbox WAS activated previously in the production environment or only in the dev/test ones. Or could it be that the prevalence/reputation of the 1.5.0.0 version is now "acceptable"? But that would mean that a next version will have the same problem again. ???

I understand and I "second" the sandbox mechanism, only I do not fully understand why and how it sees some applications as potentially risky and what we can do about it. And as I said earlier, I don't agree to the sandbox being terminated if not enough evidence is found to mark the file as malware.

Can anybody shine some light on this for me please?

Offline Akash1

  • Jr. Member
  • **
  • Posts: 20
Re: AutoSandbox Test Tool
« Reply #191 on: April 17, 2012, 08:04:06 AM »
Great tool. Only avast was able to react to it. None of the other auto sandboxing soft or other antivirus. Eg:- Norton , Comodo auto sandbox

Offline draz

  • Newbie
  • *
  • Posts: 5
Re: AutoSandbox Test Tool
« Reply #192 on: June 02, 2012, 11:05:47 AM »
I do not speak English
hola soy draz y ya que vi esta tool me dio animo para investigar sobre el Sandbox y pues esto pude lograr
miren ustedes mi video en youtube http://www.youtube.com/watch?v=BM0X1MGUZkc&feature=youtu.be espero bueno comentario y si pueden en ESPAÑOL MEJOR saludos !!!

Offline Salabim

  • Newbie
  • *
  • Posts: 5
Re: AutoSandbox Test Tool
« Reply #193 on: June 17, 2012, 05:48:30 AM »
EDIT: This post should be in the regular forum since it is related to the auto-sandbox-on-suspicious feature of the regular Avast 7 program.

running PS3 Media Server ( http://www.ps3mediaserver.org/ ) gives me a "suspicious" popup, and no matter if i choose "run sandboxed" or "run normal" the program is started in a buggy environment, the loaded module javaw.exe even gives me a BSOD afterwards.

Please fix your sandboxing issues, or don't try to incorporate one at all.

I had to uninstall Avast and go back to good old Panda Cloud AV for it to work normally.
« Last Edit: June 17, 2012, 05:50:58 AM by Salabim »

Offline True Indian

  • Malware Hunter
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 712
  • A Good Old Indian!
Re: AutoSandbox Test Tool
« Reply #194 on: June 27, 2012, 02:13:00 PM »
EDIT 2: had to turn off comodo D+ and sandbox...to trigger avast sandbox. ;D

figured out...my COMODO was on blocked..moved to restricted...kept everything on and now CIS and avast both jump on the file correctly :)
« Last Edit: June 27, 2012, 03:30:53 PM by true indian »