Bug report

[shinnai]

Hi everyone, on 20.01.2012 I submitted a ticket to avast! Support Center containing informations about a bug I've found but I had no reply about this.
Is there another way (or place) where I could submit bug info?

Thanks a lot, Carlo Di Dato

[DavidR]

Yes there is another way outline the problem here, it might not be a bug or there might be a workaround.

Give your Operating System and SP number (e.g. SP1, etc.), the full avast type and version including build (e.g. avast free, 6.0.1367).

[shinnai]

Hi DavidR, thanks for your prompt reply. The issue (maybe it's better to call issue rather than bug) was succesfully tested on:

Code: [Select]

Microsoft Windows 7 Professional (32 bit)
Service Pack 1
and

Code: [Select]

Microsoft Windows 7 Ultimate (64 bit)
Service Pack 1
This is the version of avast!



and I've found a way to bypass real time access protection (see below)



I mean, whatever I choose (sandbox or cancel operation) the executable will run without restrictions.
I think that talk about the way to do this on the forum, could be dangerous.

[DavidR]

Well that certainly isn't what I would consider normal. Though I'm using avast free the autosandbox function is the same (as far as I'm aware). I rarely open in the sandbox as for the most cases what avast is warning against I know about so I tend to select open normally and I have never opted to cancel opening (as it was me initiating the running of the file/app).

How do you know that the open in sandbox was bypassed ?

The one that would be easiest to test and the one of most concern would be the cancel opening as when it runs we know for sure it isn't running in the sandbox.

Unfortunately I haven't been able to dig out any application that I can test it on knowing it should trigger the autosandbox, as my normal problem with a good firewall with HIPS based protection is that steps in first on its 'System and Application Guard. So it blocks me from running unsigned files from usb so for me somewhat hard to test.

I will try and draw this to the attention of one of the developers.

[shinnai]

The one that would be easiest to test and the one of most concern would be the cancel opening as when it runs we know for sure it isn't running in the sandbox.

I agree with you. In my test:
1) Run the file
2) Choose "Cancel opening"
3) the executable runs, write a batch, then execute it

that's why I consider this dangerous.
For sandbox question, I used Process Explorer and I see that the executable run in session 1 and out of the context of avast

[pk]

Thanks for info.

1. "Run the file" from network is fixed in avast7 beta.
2. "Cancel opening" is also fixed in avast7 beta... we removed this option

avast7 beta will be released soon, you can retest it, thanks.

[RejZoR]

Hm, why was Cancel opening removed? I found it useful when you just decided not to run it at all when the popup jumps up. It's like clicking NO in the UAC popups. It just prevents the app in question from running at all.

[pk]

Hm, why was Cancel opening removed? I found it useful when you just decided not to run it at all when the popup jumps up. It's like clicking NO in the UAC popups. It just prevents the app in question from running at all.

We redesigned autosandbox popup, please wait for beta, thanks.

[RejZoR]

Sure thing, i'm waiting eagerly for it

[shinnai]

Thanks for info.

1. "Run the file" from network is fixed in avast7 beta.
2. "Cancel opening" is also fixed in avast7 beta... we removed this option

avast7 beta will be released soon, you can retest it, thanks.

Hi and thanks for your answer. I'll wait for avast7 beta.

Regards