AutoSandbox challenges everything

[fidmas]

Every VB6 program I ever wrote gets trapped by the AutoSandbox.  I excluded one after the other Until the system refused to come up because system processes were being run in the sandbox.  I had to disable the sandbox.  My boot time still stinks, but it "might" get better.  Everything is just unstable.  Is there a avast6 someplace I can use to reinstall after cleaning this POS out?. :-/

Enough for today.  I'll try again in the morning (EST).

/Bob
--

[Para-Noid]

http://filehippo.com/download_avast_antivirus/
Look to the right.

Was your v7.0 install a clean install? If so you might want to try to update from the v6.0.xxxx UI.
Maintenance>update program>reboot 

[DarkRadience]

Every VB6 program I ever wrote gets trapped by the AutoSandbox.  I excluded one after the other Until the system refused to come up because system processes were being run in the sandbox.  I had to disable the sandbox.  My boot time still stinks, but it "might" get better.  Everything is just unstable.  Is there a avast6 someplace I can use to reinstall after cleaning this POS out?. :-/

Enough for today.  I'll try again in the morning (EST).

/Bob
--

Really your post provides little info on the root problem, I would guess the VB6 applications are setting off the sandbox because they are programmed by yourself?  Having no prior information on them the sandbox assumes they could be threats to the system.

....
My boot time still stinks, but it "might" get better.  Everything is just unstable.
...

This may be a sign of other system instability from a virus or other Mal-ware or maybe improperly configured ro installed software or drivers.

...
Is there a avast6 someplace I can use to reinstall after cleaning this POS out?. :-/

Enough for today.  I'll try again in the morning (EST).

/Bob
--

Avast! Free Antivirus 6.0.1367
http://www.filehippo.com/download_avast_antivirus/11113/

[fidmas]

Thanks to all.  I'll invistigate more in the morning.

The V7 was an update from V6, and all hell broke loose.  I'm sory about the lack of details.  I got frustrated.  You mean that any program avast7 never heard of is going to go in the sandbox?  If so, I can just leave the sandbox off.  I'm trying to remember the process that ran in the sandbox, at boot time, without asking, (white popup).  I had to just power down and try again and pray.  It came up long enough to kill the sandbox.

The boot time is back to where it was prior to V7.

I'm getting punchy.  Hope to get more info in the morning.

[Charyb-0]

Would it help if you changed the autosandbox mode to "ask" ?
Then you would receive a recommendation which you could select "open normally" and check "remember my answer for this program."

This would automatically populate the exclusion list and you would no longer hear from avast regarding this particular program (until you deleted it from exclusions, changed the name or location). Also, this skips the auto-analysis process.

[fidmas]

MY mistake.  The process that kept the system from booting was:

2/24/2012 6:48:06 PM   Autosandbox candidate: C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
   [Source: ]
   [Opened by: C:\Program Files\Portrait Displays\PerfectSuite\dthtml.exe]
    --> Result: Sandboxing (because policy set to Auto).

DTHTML.EXE is the screen color correction software for the ViewSonic monitor.  It had been trapped by avast6 a long time ago and added as an exception.  I guess avast just found another or their programs "HookManager.exe" it didn't like.  I don't know however why it didn't bitch on "every" bootup.

Tomorrow for real now....... :-)

[fidmas]

Would it help if you changed the autosandbox mode to "ask" ?
Then you would receive a recommendation which you could select "open normally" and check "remember my answer for this program."

This would automatically populate the exclusion list and you would no longer hear from avast regarding this particular program (until you deleted it from exclusions, changed the name or location). Also, this skips the auto-analysis process.

I'll try that.  I had been answering that way for my own programs.  I never looked at the setting.  Would "Auto"ask about some and not others?

[Charyb-0]

Would "Auto"ask about some and not others?

I don't know all of the criteria for a program to be a candidate for AutoSandboxing. I know that a program that is not digitally signed will be sandboxed.

Another way to do it is exclude the entire folder these programs are in under the File System Shield. Keep in mind anything here is excluded from scanning.
You would probably need to check all three boxes- read, write, execute.

[fidmas]

Yes.  I just realized that while changing AutoSandbox from Auto to Ask is a good idea, in general, It does nothing to help "Startup" programs that get trapped.  Usually, you can't change the sandbox status of a startup program because the system just hangs.

I will change the sandbox option to "Ask", and then find all the Startup programs and non-Microsoft Processes, and exempt them and/or their directories.  Then I'll try turning AutoSandbox back on.

It would be nice if avast could auto-exempt programs than have been running on your system for years.......?  As I recall, Comodo did something like that back when I tried it years ago.

This kind of work is not for the faint of heart.  Unfortunately, that's why I still have to recommend AVG to non-computer literate people. :-(

This will take a while.  I'll let you know.

/Bob

[fidmas]

I was about to say that "Image1" and "image2" were working ok, when WordPerfect, that had no problem yesterday and today, got challenged.  As you can see, I added it to the exceptions list "Image3".

It looks very much like random programs are being challenged at random times.  Since "I" have Sandboxie http://www.sandboxie.com/ to run IE and OE in, I suspect avast's sandbox is going to be annoying and redundant.

Am I the only one finding this new AutoSandbox a royal pain?

[MikeBCda]

I just totally disabled the auto-sandbox -- since it makes no diff whether you tick "ask" or "auto", it terminates any app not in its database, which so far seems to be nearly empty.  Sure, "remember next time" helps a teensy bit, but not at the expense of having to restart nearly every app, most of which have been on my system for years.

When and if the database gets properly populated, terminating unknown apps won't be such a pita, but meanwhile everything seems to be "unknown".

[fidmas]

I just totally disabled the auto-sandbox -- since it makes no diff whether you tick "ask" or "auto", it terminates any app not in its database, which so far seems to be nearly empty.  Sure, "remember next time" helps a teensy bit, but not at the expense of having to restart nearly every app, most of which have been on my system for years.

When and if the database gets properly populated, terminating unknown apps won't be such a pita, but meanwhile everything seems to be "unknown".

Yup.  You gotta pay "once" for Sandboxie if you want to force Applications into the sandbox, but it's a lot more flexable.  Anything I run into on the net, gets sandboxxed.  Anything I decide i really want to save can be recovered with a single click.  If i run email sandboxed the email folders and address book get recovered automagically.  If the email is infected, it simply infects the sandbox.  The infection gets saved with all the other mail, but so what.  If you're stupid enough to open it again, it simply infects the sandbox again.

Sure makes more sense than telling avast every program i've had for years is really ok.

I love avast, but this new dumber sandbox feature has to go. :-(

[AntiVirusASeT]

fidmas, tried downloading webmon from Download.com and it poped a filerep alert. however, i do see that it is not a very popular software from the website (only 15 downloads last week at the time of viewing, total downloads only 11000 plus) thus the reason for trigger? *need confirmation.

dun agree that Avast! should not sandbox programmes already on the pc as many users download software/cracked stuff that maybe malicious but they have no idea that it is as it seems to work as they want it to (eg. perhaps a photo viewer programme could be modified in a way that upon execution, it runs the viewer but also runs a malicious script in the background)

perhaps u could try turning off the autosandbox 1st then add all programmes that u think are unpopular with normal users to exclusion before turning it on?
if u think they are popular, maybe u want to report it as a bug report? so that Avast! can improve the filerep feature

just inputing my thoughts here

[fidmas]

fidmas, tried downloading webmon from Download.com and it poped a filerep alert. however, i do see that it is not a very popular software from the website (only 15 downloads last week at the time of viewing, total downloads only 11000 plus) thus the reason for trigger? *need confirmation.

Actuall Webmon is one that avast never complained about.  My little program "RunWebmon.exe" gets started at bootup, and delays the running of Webmon a couple minutes.  it's my RunWebmon that avast bitched about.

dun agree that Avast! should not sandbox programmes already on the pc as many users download software/cracked stuff that maybe malicious but they have no idea that it is as it seems to work as they want it to (eg. perhaps a photo viewer programme could be modified in a way that upon execution, it runs the viewer but also runs a malicious script in the background)

I can understand that point of view.  However, if he's been running this malicious thing for years, it has already done its damage.  It really becomes the user's responsibility.  I actually have not that much gripe with avast warning you of a program on Heuristics grounds and offering to run it sandboxed.  But, not just sandboxing anything it doesn't know about!  The REAL problem is avast sandboxing "Startup" programs and preventing the system from coming up!  In my case, I couldn't even bring it down afterward. :-(

perhaps u could try turning off the autosandbox 1st then add all programmes that u think are unpopular with normal users to exclusion before turning it on?
if u think they are popular, maybe u want to report it as a bug report? so that Avast! can improve the filerep feature

Yeah, I tried just that.  One big problem is that avast can be perfectly happy with some program one time and then bitch about it another.  Actually, if you stop it and run it again, it may not get caught the next time.  Avast doesn't understand that they can't whitlist every perficly good program/utility written for Windows.  If they challenge every program people run, people will just start to get used to ignoring the warning, and whitelist everything.

For me, I'd rather sandbox everything new, that's at all questionable.  Then look in the sandbox to see what damage it's trying to do, if it's not obious,  It's actually fun watching Malware running things and creating registry keys and installing files, in the Sandboxie sandbox.  Of course, as with any sandbox, you have to realize that while it's running, it may have access to "read" information from your real persomal files.

just inputing my thoughts here

Thanks.  I guess it's a matter of choice.  I never really cared that much untill V7 stopped my system from booting.

Just "my" thoughts. :-p