Can anyone confirm that the auto-sandbox in the free version works in XP? I have seen no alerts even when running things that others have said will give them alerts.
I was just examining the .ini file for the filesystem shield and there is nothing in it about the sandboxing. I have it turned on in the options. Should there be an entry in the .ini file? There is for all of the other options as far as I can tell.
[Common]
ActionOnPackedFile=onlyfile
OverwriteReport=0
PUPAction=trezor iffailed delete
PerformActionOnStartup=1
Report=TXT
ReportName=*
ReportRecords=Infected;HardErrors
ScanFullFiles=0
ScanPUP=0
ScanPackers=EXE;WinExec;Drop;Streams
ShowAppliedActionNotification=1
SuspiciousAction=trezor iffailed delete
TaskSensitivity=80
UseCodeEmulation=1
VirusAction=trezor iffailed delete
ProviderEnabled=1
[FileSystem]
ScanAutorun=1
ScanDLLOnLoad=1
ScanDiskette=1
ScanExceptions=?:\PageFile.sys;\System.da?;\User.da?;.fon;.txt;.log;.ini;\Bootstat.dat;\firefox\profiles*sessionstore*.js
ScanOnExecute=1
ScanOnOpenAllFiles=0
ScanOnOpenCustomExtensions=0
ScanOnOpenDocuments=1
ScanOnWriteAllFiles=0
ScanOnWriteCustomExtensions=0
ScanOnWriteDefault=1
ScanScriptsOnExecute=1
SkipSystemDlls=1
UsePersistentCache=1
UseTransientCache=1
I have tried several small utilities in both win7 starter and XP Pro and I haven’t had any response on any of them, so I can’t say if it is working in one and not the other.
As far as an entry in the ini file goes, default options tend not to be in the ini file, so if you were to disable auto-sandbox, that may place an entry which you could see and then enable the sandbox again.
I have one program that alerted the AutoSandbox, which is set to Ask. It’s a trusted program for my HP 7310 AIO printer. I excluded it from being sandboxed by selecting run normally. It shows in the autosandbox log.
I don’t think the autosandbox.log is created until the first alert. All I see in mine are multiple entries listing the program I excluded and stating that it was sandboxed due to my exclusion. The log is in a subdirectory under All Users\Application Data.
Interesting. I will say that after the clean install of v6, I was not told to reboot. It just said Avast! was running and protecting my system. When I went into the GUI and looked in Additional Protection / AutoSandbox, it said the feature would not be available until after a restart. It has not given any alerts or created a log file yet.
I can confirm that there’s a little problem in the Windows XP implementation of the AutoSandbox. It is offered less often than it’s supposed to (and also compared to Vista/W7, where it works correctly).
This bug has already been fixed in the internal branch, and will be part of the next program update.
Just another report on how the auto-sandbox is not functioning correctly in XP. Last night I got my first alert from the sandbox. It was for a game called F.E.A.R. and it alerted me about the main .exe for the game called, strangely enough, fear.exe . This would have been okay except for one thing. It only alerted on the third execution of the file. The first two times I started up the game from scratch, there was no alert. This is a serious flaw since if it did that with a malicious file, only being alerted on the third execution would be far too late obviously.
The fixed version needs to be pushed out ASAP in my opinion.
I’ve just encountered a similar problem this afternoon with a program that was previously working just fine. Now, every time I boot up the program, Avast indicates it may be a problem and recommends opening it in Sandbox.
I’ve run a full scan on my computer and I’ve run a scan on the program folder and Avast doesn’t find anything.
In the several years I’ve been using the Free version of Avast, this is the first problem I’ve run into.