Author Topic: Bug report  (Read 5833 times)

0 Members and 1 Guest are viewing this topic.

shinnai

  • Guest
Bug report
« on: January 26, 2012, 12:01:53 PM »
Hi everyone, on 20.01.2012 I submitted a ticket to avast! Support Center containing informations about a bug I've found but I had no reply about this.
Is there another way (or place) where I could submit bug info?

Thanks a lot, Carlo Di Dato

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86919
  • No support PMs thanks
Re: Bug report
« Reply #1 on: January 26, 2012, 12:33:02 PM »
Yes there is another way outline the problem here, it might not be a bug or there might be a workaround.

Give your Operating System and SP number (e.g. SP1, etc.), the full avast type and version including build (e.g. avast free, 6.0.1367).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

shinnai

  • Guest
Re: Bug report
« Reply #2 on: January 26, 2012, 03:09:32 PM »
Hi DavidR, thanks for your prompt reply. The issue (maybe it's better to call issue rather than bug) was succesfully tested on:

Code: [Select]
Microsoft Windows 7 Professional (32 bit)
Service Pack 1

and

Code: [Select]
Microsoft Windows 7 Ultimate (64 bit)
Service Pack 1

This is the version of avast!



and I've found a way to bypass real time access protection (see below)



I mean, whatever I choose (sandbox or cancel operation) the executable will run without restrictions.
I think that talk about the way to do this on the forum, could be dangerous.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86919
  • No support PMs thanks
Re: Bug report
« Reply #3 on: January 26, 2012, 03:43:46 PM »
Well that certainly isn't what I would consider normal. Though I'm using avast free the autosandbox function is the same (as far as I'm aware). I rarely open in the sandbox as for the most cases what avast is warning against I know about so I tend to select open normally and I have never opted to cancel opening (as it was me initiating the running of the file/app).

How do you know that the open in sandbox was bypassed ?

The one that would be easiest to test and the one of most concern would be the cancel opening as when it runs we know for sure it isn't running in the sandbox.

Unfortunately I haven't been able to dig out any application that I can test it on knowing it should trigger the autosandbox, as my normal problem with a good firewall with HIPS based protection is that steps in first on its 'System and Application Guard. So it blocks me from running unsigned files from usb so for me somewhat hard to test.

I will try and draw this to the attention of one of the developers.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.9.6034 (build 22.9.7554.734) UI 1.0.728/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

shinnai

  • Guest
Re: Bug report
« Reply #4 on: January 26, 2012, 05:01:46 PM »
The one that would be easiest to test and the one of most concern would be the cancel opening as when it runs we know for sure it isn't running in the sandbox.

I agree with you. In my test:
1) Run the file
2) Choose "Cancel opening"
3) the executable runs, write a batch, then execute it

that's why I consider this dangerous.
For sandbox question, I used Process Explorer and I see that the executable run in session 1 and out of the context of avast


Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2084
Re: Bug report
« Reply #5 on: January 28, 2012, 08:48:26 AM »
Thanks for info.

1. "Run the file" from network is fixed in avast7 beta.
2. "Cancel opening" is also fixed in avast7 beta... we removed this option

avast7 beta will be released soon, you can retest it, thanks.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9407
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Bug report
« Reply #6 on: January 28, 2012, 09:51:45 AM »
Hm, why was Cancel opening removed? I found it useful when you just decided not to run it at all when the popup jumps up. It's like clicking NO in the UAC popups. It just prevents the app in question from running at all.
Visit my webpage Angry Sheep Blog

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2084
Re: Bug report
« Reply #7 on: January 28, 2012, 09:53:31 AM »
Hm, why was Cancel opening removed? I found it useful when you just decided not to run it at all when the popup jumps up. It's like clicking NO in the UAC popups. It just prevents the app in question from running at all.

We redesigned autosandbox popup, please wait for beta, thanks.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9407
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Bug report
« Reply #8 on: January 28, 2012, 09:56:38 AM »
Sure thing, i'm waiting eagerly for it :D
Visit my webpage Angry Sheep Blog

shinnai

  • Guest
Re: Bug report
« Reply #9 on: January 30, 2012, 08:56:52 AM »
Thanks for info.

1. "Run the file" from network is fixed in avast7 beta.
2. "Cancel opening" is also fixed in avast7 beta... we removed this option

avast7 beta will be released soon, you can retest it, thanks.

Hi and thanks for your answer. I'll wait for avast7 beta.

Regards