Hi,
avast seems to have problems containing TDL, the MBR or drivers are infected despite the dropper being run in the sandbox.
This has been the case since v5 got out and there don’t seem to be any improvements in the sandbox in that regard.
I appreciate that there are other modules protecting me (like BS), but the sandbox should be capable of managing this on its own.
Tested with the latest 1027 Pre-release.
I can provide droppers/MD5s if necessary (although I haven’t found a single TDL dropper that is successfully contained.)
(bump)
I forgot to mention that I’ve tested on 32bit XP only, I can’t say anything about TDL4@64bit.
I’d appreciate if I can get a confirmation that this is a known issue.
Just wanted to inform everyone that I can confirm the issue is fixed with 1044
- improvements in the avast! sandbox (better TDL shielding etc)Thanks to avast team, especially Petr Kurtin who contacted me over email. :)
Thanks 13N for testing that and allowing protection to all users.
Do you have any other sample that “bypasses” the avast sandbox?
I haven’t done extensive tests so far, just with TDL because I remember it was a problem with previous versions.
I’ll post if I find anything else worth reporting.
Thanks again!