I use Avast Free V6 on Windows XP SP3.
I find the Auto Sandbox feature interesting but very limited.
If a downloaded file is suspect, Avast offers to run it in a sandbox. If a file is suspect, I really want to delete it rather that play with it.
On the other hand, if I download a suspect file and Avast doesn’t think it’s suspect (but I might), there appears to be no way to run it in a sandbox.
Am I missing something, and a file can be run in the sandbox if it’s not suspect?
Thank you
Frank1
No, you need Pro/AIS for full sandbox features.
Thank you doktornotor.
dude, you got no idea of what you are talking about…
in case the av has found a match with his signatures, he will pop up a virus notification, trust avast.
if it says that the file is a suspect, it means that no match has been actually found,a file might be suspected if it has no file details,
or has something which shows that its a trusted file.
honestly, a file which is suspected usually won’t be harmful, and even if it is, which i doubt, he can’t do much, cuz it works on a virtual machine
It’s not as simple as you make out thisiscool. I use Avast now and have done so for years. I often do a boot scan and nearly every time Avast finds some viruses. Why? The only way they can get onto my computer is if Avast allows them. So, why were they not caught? Probably because the viruses were too new, and later doing the boot scan with newer definition databases the viruses are found. This means that the viruses were sitting on my computer for a time with avast running.
So, when you say “trust Avast”, I say yes, to some degree only.
I didn’t mean to complain about the sandbox being available for suspect files. I complained about NOT having a sandbox for files I suspect. But now I understand that I need the Pro for that, which is disappointing.
Frank1
Unfortunately without any information on what was found (file name, location, malware name, etc.), then it is somewhat hard to speculate on the reason why.
The boot-time scan has different settings from the Quick and Full System scans and would also be scanning archives, etc. (that are inert), which aren’t scanned in the pre-defined scans.
David, its not like it happened once, it happens often. I do boot scans on c:\Documents and Settings, C:\Windows and c:\Program Files. Over the years all the viruses I’ve collected have been in these directories or their sub dirs. So, Once I do this boot scan I would expect Avast within its normal operation to find viruses that are downloaded as a matter of course. If I repeat a boot scan again some time later, in a perfect world, it should not find any viruses. But this is not the case.
Unfortunately, I like to delete viruses, that way I don’t need to worry about again.
a malware can get inside your machine in another way:
u got a virus which avast hasn’t knew yet, and when avast got a newer virus definition, he could find that virus.
so? when you scan you will find in a “magic way” this virus lying in your system!
as i’ve said before, if u run a file in a virtual machine, even if your name is Chuck Norris, this file can’t do any harm.
I have already linked the article here before, but whatever.
"It is not always certain that an item is 100 percent clean but with AutoSandbox virtualization, we‘ve created a safe space between the known good and bad content which will make life safer for all avast users – whether they are using our free or paid-for products. ... AutoSandbox shifts virtualization from being an 'IT geek‘ specialty to an automatic, easily accessible safety feature for all avast users. ... It‘s a win-win for users; if the item is dangerous it just shuts down the virtual computer and the user‘s real machine remains safe. And, if the item is safe, there is no hassle from a false positive," Vlcek [CTO of Avast Software] explained.
HTH.
doktornotor I agree that the sandbox is a good way try out suspect software. My complaint was that I cannot use the Avast sandbox to try out a program that Avast thinks is o/k. I understand that this is only a limitation of the free version.
thisiscool, if I understand correctly what stated, that it doesn’t matter if a virus stays on the machine for a few days because Avast didn’t detect it yet until a new definition file is obtained. If the virus does minor things like, slow down the machine or produces popups, then no problem. However, if the virus on the machine for a days is a type of virus that deletes the hard disk or is a keylogger and recorded my bank password, then it is not acceptable. These are the types of viruses that worry me.
If you want a free full-featured sandbox, use Sandboxie.
Hi Frank1
I’ve been using Sandboxie for about a week now - & - Love It! 8)
Sandboxie: http://www.sandboxie.com/
Hally
This is what I understand about the differences in Avast Sandbox in Free vs. Pro Avast Versions-
In the Free Version of Avast 6 the file or program is checked against a known list of “Good Sites, files, and programs.” If Avast is not sure whether or not a file or program is good, it allows the program to run in the Avast Sandbox, which is a virutuallized environment. This means that the file is bordered from the rest of the system and an identity with the user. When in the Avast Sandbox, the file is isolated from the computer, so it can do no damage. Sandboxing can be activated through a prompt, automatically, or turned off.
In the Paid versions of Avast 5 and 6, autosandboxing exists. This allows users to isolate ANY file or program from the computer or users’ identity by running it in the sandbox, But the idea is the same. You also have Safe Zone features for on-line banking in the paid versions.
You cannot really HEAL a virus or a Trojan, because the virus or Trojan is bad from the start. The best action is to quarantine the files. The reason why you do not want to delete the file, only using delete as a last resort, is because many viruses and malware will attack good files! So if you delete the virus, you could also delete the file that goes with it that could be good. Quarantining isolates the file, and in Avast, you use quarantining by moving the file to the Virus Chest. Some other AV companies may call it the Virus Vault.
Sometimes a file will be called a virus that is not a virus but a false positive. Submit the suspected file in a password protected Zip folder with the name of the password in the description for the lab. Users should keep the suspected files in the chest for at least 3 weeks. Rescan the files in the chest if you want during that time. If the files in the chest that you scanned come back clean, after the next Avast definitions update or two, you had a false positive, and can restore the file to it’s original location. If after several updates later, you scan those files in the chest and they show nasties, keep them in the chest, because than they are really viruses.
I read that the statistics for false positives from Avast are very, very rare. Techs, what’s the stat on this? I think less than 3%. That means that Avast when it says you have a virus, or it blocks a virus, chances are that it is something bad that you have, or something bad that it blocked.
However, as good as Avast is, it is impossible to for any AV software to 100% perfect. My favorite protections are Avast, Web of Trust (WOT) and Malware Bytes Anti-Malware, (free version only, on Demand, required update in free version before scanning.)
Jack
Jack, that’s a good description.
Sandboxie is an option but I have some problems with it. Firstly, often, Windows Update crashes Sandboxie. Sandboxie has to be upgraded. This happens too often. Secondly, Sandboxie is not free. Avast Pro is not free.
http://www.sandboxie.com/index.php?FAQ_Licensing
Q. Is Sandboxie freeware or shareware? A. Sandboxie is shareware software. The free version is missing a few features which are available in the paid version. After 30 days of use, the free version displays reminders to upgrade to the paid version, but remains functional. For personal use, you are encouraged, but not required, to upgrade to the paid version. • For non-personal use (including commercial, eductional, governmental, and not-for-profit use), Sandboxie must be properly licensed. See Commercial Licensing.Q. Which features are available in the paid version?
A. Two features:
• “Force” programs: Automatically run programs under Sandboxie even when they are not started directly through Sandboxie. Programs can be “forced” by name or by containing folder.
• Run programs in more than one sandbox at the same time. This causes error SBIE1303 in the free version.
This is the description at the Avast Support Center
Note: For avast! Internet Security 6.x and avast! Pro Antivirus 6.x the main settings of full Sandbox module will be applied also for the AutoSandbox, for example whether a downloaded files and other application options should be automatically deleted, or not, when the sandbox is closed.In avast! Free Antivirus 6.x any downloaded files and application settings will be automatically deleted when the AutoSandbox is closed because this version doesn’t include full Sandbox module and its enhancements.
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=602&nav=0,615
nop, u didnt.
i said that if its suspicious, then avast has the ability to run the file on a protected virtual machine, which will cause no harm!
as for definition failure on finding a virus, keylogger- always make sure to have a firewall so any virus which steal data will fail.
other - i always check the computer manually to see that nothing is suspicious, but u can download a secondary anti-malware software if u dont trust avast
nop.
if u were right, then what’s stopping from avast to configure the delete option like that:
- enter the file into the virus vault.
- delete the file without any approval for doing that.
*tell the user that the virus has been deleted.
you see? no sense at all
Err, what? This is like, default setting… ? Yeah, no sense at all indeed. ???