Avast! 7 strikes av-comparatives again

[true indian]

This is going to much off topic... But anyway..

here are certain things i recognized in avast autosandbox that makes it show the file is malware warning:

-The malware should drop malicious files that get picked up by file shield

-the malware should try connecting to maicious URL's that network shield can pick up

-And of course it should be running in avast sandbox while doing all that 

[RejZoR]

That's all in theory but in real world i've maybe seen it do that like twice, maybe... Other gazillion times, nothing. Got sandboxed and no additional warnings or verdics were given.

[true indian]

That's all in theory but in real world i've maybe seen it do that like twice, maybe... Other gazillion times, nothing. Got sandboxed and no additional warnings or verdics were given.

Well...the thing i mentioned is what is supposed to be actually called malware behaviour by autosandbox...and this what a regular user will come across 

Again this topic is for avast 7 av-comp results...isnt all this stuff supposed to be in an another thread hmmm....

[RejZoR]

And what you said pretty much never happens. And yes, it has to do with AV-Comparatives. It's the real world test where things get executed and if they'd actually make things right, we wouldn't be 5th best but first or second best.  Because being 5th is nothing to be cheerful about, even with free version. Because as far as protection modules go, paid version isn't any different, making paid version look bad as well.

[true indian]

And what you said pretty much never happens. And yes, it has to do with AV-Comparatives. It's the real world test where things get executed and if they'd actually make things right, we wouldn't be 5th best but first or second best.  Because being 5th is nothing to be cheerful about, even with free version. Because as far as protection modules go, paid version isn't any different, making paid version look bad as well.

and how that makes sense...when it is sandboxed it should be counted as a block isnt it

[RejZoR]

When an expert is sitting in front of a computer, yes. But when it gets sandboxed in front of a casual user, he sees that as an annoyance. How do you know they won't just exclude it or disabled Auto Sandbox if it doesn't give any clear indication what the thing that got sandboxed really is? If it says "Sandboxed because it is trying to modify many system files", most will get scared and leave at it. But if it says there wasn't enough data to make a conclusion, 99% of users will consider it safe and run it outside the sandbox. And then all the crap will spawn...
As much as they've thought things to take clueless users into account they haven't thought about this at all. And what AV-C says as a real-world score doesn't really reflect it in actual real world. And that's what i'm concerned about. Being 5th with such way of doing things makes it even worse than it scored...

[true indian]

isnt the static analysis finds file suspicious reason enough for a average user??

[mikaelrask]

good work avast team keep it up i must say.

[RejZoR]

isnt the static analysis finds file suspicious reason enough for a average user??

When it says that on pretty much anything even mildly suspicious it kind of loses its purpose. Even for me as an advanced user, seing it trigger bunch of times on clean files it even almost made me disable this darn thing altogether and just keep file reputation feature on...

[true indian]

isnt the static analysis finds file suspicious reason enough for a average user??

When it says that on pretty much anything even mildly suspicious it kind of loses its purpose. Even for me as an advanced user, seing it trigger bunch of times on clean files it even almost made me disable this darn thing altogether and just keep file reputation feature on...

I guess a normal user...wouldnt touch it even if it comes up with the same reason or will he/she??

[RejZoR]

It's a far lower chance of them running it anyway...

[true indian]

Well i have also seen some alerts with reason: filerep is low/heuristic context

[RejZoR]

Low reputation spawns a window of it's own with "Abort connection" being default. Plus there is a good description in the window that appears for it.

[AntiVirusASeT]

hmm for me i do not find the static analysis triggered often though. i have more incidents of low reputation triggers. thus i trust static analysis quite highly.

though i do wonder why steam games do trigger static analysis. it would be good if an expert from avast shed some light on it 

[bob3160]

I haven't seen a trigger of the sandbox in many month.