Author Topic: Auto Sandbox Sensitivity (Free)  (Read 5915 times)

0 Members and 1 Guest are viewing this topic.

BFarmer1980

  • Guest
Auto Sandbox Sensitivity (Free)
« on: April 21, 2011, 09:45:27 AM »
First off, thanks for an awesome product, and keep up the great work!

Is there any way of adjusting the sensitivity of the Auto Sandbox feature in the free version?  If not, is it feasible to make this an option in future builds?

The number of false positives I've experienced has increased exponentially in the last couple of weeks.  I'm hesitant to disable the feature completely for security's sake, but honestly, it has yet to encounter anything dangerous, and has only succeeded in identifying perfectly legitimate install programs from trusted websites, gumming up the installation process, and generally being annoying.

Pindakaas

  • Guest
Re: Auto Sandbox Sensitivity (Free)
« Reply #1 on: April 21, 2011, 10:11:02 AM »
same here , it is sensitive on legit programs ,but it doesnt seem to work that well on actual malware , but hey , it is still new , im sure they will improve it step by step.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Auto Sandbox Sensitivity (Free)
« Reply #2 on: April 21, 2011, 10:23:55 AM »
but it doesnt seem to work that well on actual malware

What do you mean by that? What malware? Can you give further details?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

GrandPrixGXP

  • Guest
Re: Auto Sandbox Sensitivity (Free)
« Reply #3 on: April 21, 2011, 11:57:25 AM »
Any sandbox will have this problem till the whitelist is built up.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Auto Sandbox Sensitivity (Free)
« Reply #4 on: April 21, 2011, 12:05:08 PM »
Well, I was asking for details, but - alas! - he gave none. I do not have those problems in a quantity that I would complain about. As a matter of fact it happens very, very rarely to kick in on benign programs.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

GrandPrixGXP

  • Guest
Re: Auto Sandbox Sensitivity (Free)
« Reply #5 on: April 21, 2011, 12:23:46 PM »
Exactly..............Its not like its fully automatic. It only recommends that you run the program in the sandbox. You do have the option to open it up up normally. Heck Norton quarantines things automatically without even asking.

Hermite15

  • Guest
Re: Auto Sandbox Sensitivity (Free)
« Reply #6 on: April 21, 2011, 12:51:48 PM »
Any sandbox will have this problem till the whitelist is built up.

works with heuristics, not a white/black list.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Auto Sandbox Sensitivity (Free)
« Reply #7 on: April 21, 2011, 01:14:14 PM »
Is there any way of adjusting the sensitivity of the Auto Sandbox feature in the free version?  If not, is it feasible to make this an option in future builds?
Good suggestion (but already done before).

It has yet to encounter anything dangerous, and has only succeeded in identifying perfectly legitimate install programs from trusted websites, gumming up the installation process, and generally being annoying.
But it still detect the infected material which is the main purpose.

But it doesn't seem to work that well on actual malware.
Are you sure? Why? Just because clean files are flagged as suspicious?
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Auto Sandbox Sensitivity (Free)
« Reply #8 on: April 21, 2011, 01:15:31 PM »
Any sandbox will have this problem till the whitelist is built up.
There is NOT a whitelist. avast is a behavior shield/heuristic scanner and not a white/blacklist.
The best things in life are free.

GrandPrixGXP

  • Guest
Re: Auto Sandbox Sensitivity (Free)
« Reply #9 on: April 21, 2011, 03:35:07 PM »
Sorry thought it was a whitelist thing. So its just like Kaspersky's High and low restrictions which is in program controls.

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Auto Sandbox Sensitivity (Free)
« Reply #10 on: April 21, 2011, 03:56:14 PM »
No, like mentioned above it is heuristic based, and those are added/improved with the VPS updates :)

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

GrandPrixGXP

  • Guest
Re: Auto Sandbox Sensitivity (Free)
« Reply #11 on: April 21, 2011, 04:35:01 PM »
Unless you know how Kaspersky works don't say no. Kaspersky uses heuristic to analyze a program and place it into 3 categories. High,low restricted or untrusted. It's not a sandbox but once a program is there it cannot do any harm to the system. So Avast uses heuristics to decide if a program should be ran under a sandbox. Same thing.

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Auto Sandbox Sensitivity (Free)
« Reply #12 on: April 21, 2011, 07:31:02 PM »
My answer was only related to the first part of your post, I should have mentioned that.  I am sorry  :-[

Greetz, Red.
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

Pindakaas

  • Guest
Re: Auto Sandbox Sensitivity (Free)
« Reply #13 on: April 21, 2011, 09:37:39 PM »
but it doesnt seem to work that well on actual malware

What do you mean by that? What malware? Can you give further details?


Sure ,

I test avast with malwarelinks , from malwaredomainlist.com , or malc0de.com/database

It does very well , only i never see a autosandbox popup , maybe 1 time i saw it when the signatures didnt cought it.

So i mean , i seen the popup on more legitimate programs then i saw it on actual malware.
For example in the Comodo auto sandbox , it really does sandbox any unknown malware , avast still needs to work on that , but that is understandable , because it is still new in avast.
« Last Edit: April 21, 2011, 09:40:15 PM by Pindakaas »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Auto Sandbox Sensitivity (Free)
« Reply #14 on: April 21, 2011, 10:35:16 PM »
Effectively you shouldn't see the autosandbox come up as the blocking is going one at web shield or network shield level.

If you aren't actually downloading something to your system and then running that file, first the file system shield would scan it and depending on a) signature check, b) heuristics and c) emulation (plus digital signature, location, what it does, etc.), would the decision be made to hand it off to the autosandbox. So there are a lot of steps/checks before it even gets that far down the chain.

There is no way to compare the comodo auto sand box as far as I'm aware it isn't the same it is a block all (malware or otherwise), where avast doesn't block all, only that which after all the checking is still considered suspect.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security