Author Topic: avast ais v6.1125 sandbox  (Read 4921 times)

0 Members and 1 Guest are viewing this topic.

jack_90125

  • Guest
avast ais v6.1125 sandbox
« on: May 10, 2011, 08:39:55 PM »
ok updated and for smirks and giggles I had a old program I wanted to install so I right click and select run in sandbox. meanwhile defense+ plus comes up and says xxx wants to run and I say ok and select install mode for d+.
check to see if avast does indeed have it running in the sandbox and it does.
so program installs and actually installs!
why? thought the purpose of the sandbox was to not effect the system in anyway? so how can this be?

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: avast ais v6.1125 sandbox
« Reply #1 on: May 10, 2011, 08:54:47 PM »
Are you saying that you run an app inside the sandbox, and it was able to make modifications to the system? Which app are you talking about? And is it the manual sandbox, or the AutoSandbox? (also, how did you check if it's really running sandboxed? [as you said]).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

gentle4ug

  • Guest
Re: avast ais v6.1125 sandbox
« Reply #2 on: May 10, 2011, 08:55:37 PM »
Since you installed the program in the sandbox.  No permentant changes were made to to your computer's sensitive areas (registry, drivers, etc...) and the program does not have access to your system or personal files.

If you empty the sandbox (don't delete it), the program should just disappear, leaving behind no trace it was ever there.  Think how handy that will be when you get hit with a fake av, or other driveby nasty.  Pretty slick huh.

jack_90125

  • Guest
Re: avast ais v6.1125 sandbox
« Reply #3 on: May 10, 2011, 09:11:22 PM »
well I right clicked on the setup.exe and selected run in sandox (avast). went thru the install and it actually installed. the program was adobe photo album 2 from years ago. it also installed adobe reader 6.0. and they actually installed to system and made registry entries etc. as well as in the program features it listed both in the add/remove programs. and I uninstalled adobe reader 6 from there.
I knew they were not malicious but was just shocked that they were actually installed.
I had the avast ui open and it said it was running in the sandbox or was sandboxed.
and I assumed that since it was sandboxed any child processes would also be sandboxed. guess it is true what they say about assuming.
win 7 ultimate x 64 os


Are you saying that you run an app inside the sandbox, and it was able to make modifications to the system? Which app are you talking about? And is it the manual sandbox, or the AutoSandbox? (also, how did you check if it's really running sandboxed? [as you said]).

Thanks
Vlk
« Last Edit: May 10, 2011, 09:28:01 PM by jack_90125 »

gentle4ug

  • Guest
Re: avast ais v6.1125 sandbox
« Reply #4 on: May 10, 2011, 09:21:26 PM »
Hummm...... That makes me nervous too.  That kind of behavior is not what I expect from a sandbox.  I don't really care if its safe, signed or whatever.  If I run the installer it in the sandbox (not autosandbox), I expect the program to be installed in the sandbox and stay there and go away when I empty the sandbox.  Anything less makes me question what protection is actually being provided.

Offline claudiuc

  • avast! Security Expert
  • Avast Reseller
  • Sr. Member
  • *
  • Posts: 282
  • www.avastantivirus.ro
    • www.avastantivirus.ro
Re: avast ais v6.1125 sandbox
« Reply #5 on: May 10, 2011, 11:13:44 PM »
Can you repeat the test? I just installed a program in sandbox and cannot find it anyware :)
Claudiu C. - Easy Media
Avast & AVG Distributor Romania, Moldova, Hungary
https://www.avastantivirus.ro/

jack_90125

  • Guest
Re: avast ais v6.1125 sandbox
« Reply #6 on: May 10, 2011, 11:20:19 PM »
Can you repeat the test? I just installed a program in sandbox and cannot find it anyware :)

yp just got done reinstalling after an uninstall. same results. with reboots and reg clean between all.
I checked to make a log file but cannot find where avast stores the logs.
but something is off to say the least.

Dch48

  • Guest
Re: avast ais v6.1125 sandbox
« Reply #7 on: May 10, 2011, 11:28:25 PM »
Maybe selecting it to run as an installer in D+ overrode the sandboxing protections?

Offline DJBone

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6365
Re: avast ais v6.1125 sandbox
« Reply #8 on: May 10, 2011, 11:39:20 PM »
Maybe selecting it to run as an installer in D+ overrode the sandboxing protections?

I agree with this opinion.

DJBone
Win10 x64, APS (always latest version)
Avast Mobile Security (always latest version)

jack_90125

  • Guest
Re: avast ais v6.1125 sandbox
« Reply #9 on: May 10, 2011, 11:44:15 PM »
I disabled d+ second time and rebooted. same results.
and yes comodo sandbox is disabled too and always is. do not trust it.
not a newbie at this.

gentle4ug

  • Guest
Re: avast ais v6.1125 sandbox
« Reply #10 on: May 11, 2011, 03:27:05 AM »
I've tried to install multiple programs running installers in the sandbox, including Adobe reader.  Nothing penetrated the sandbox.  I couldn't find an installation that would complete.  I'm a happy bunnie.  I'm wondering if something is going on with the "dragon" (commodo).  I haven't let that stuff near my computers since the firewall flamed an installation about a year ago.

jack_90125

  • Guest
Re: avast ais v6.1125 sandbox
« Reply #11 on: May 15, 2011, 06:04:09 PM »
hey vlk any clues as to why this was not sandboxed?