Auto Sandbox Sensitivity (Free)

First off, thanks for an awesome product, and keep up the great work!

Is there any way of adjusting the sensitivity of the Auto Sandbox feature in the free version? If not, is it feasible to make this an option in future builds?

The number of false positives I’ve experienced has increased exponentially in the last couple of weeks. I’m hesitant to disable the feature completely for security’s sake, but honestly, it has yet to encounter anything dangerous, and has only succeeded in identifying perfectly legitimate install programs from trusted websites, gumming up the installation process, and generally being annoying.

same here , it is sensitive on legit programs ,but it doesnt seem to work that well on actual malware , but hey , it is still new , im sure they will improve it step by step.

What do you mean by that? What malware? Can you give further details?

Any sandbox will have this problem till the whitelist is built up.

Well, I was asking for details, but - alas! - he gave none. I do not have those problems in a quantity that I would complain about. As a matter of fact it happens very, very rarely to kick in on benign programs.

Exactly…Its not like its fully automatic. It only recommends that you run the program in the sandbox. You do have the option to open it up up normally. Heck Norton quarantines things automatically without even asking.

works with heuristics, not a white/black list.

Good suggestion (but already done before).

But it still detect the infected material which is the main purpose.

Are you sure? Why? Just because clean files are flagged as suspicious?

There is NOT a whitelist. avast is a behavior shield/heuristic scanner and not a white/blacklist.

Sorry thought it was a whitelist thing. So its just like Kaspersky’s High and low restrictions which is in program controls.

No, like mentioned above it is heuristic based, and those are added/improved with the VPS updates :slight_smile:

Greetz, Red.

Unless you know how Kaspersky works don’t say no. Kaspersky uses heuristic to analyze a program and place it into 3 categories. High,low restricted or untrusted. It’s not a sandbox but once a program is there it cannot do any harm to the system. So Avast uses heuristics to decide if a program should be ran under a sandbox. Same thing.

My answer was only related to the first part of your post, I should have mentioned that. I am sorry :-[

Greetz, Red.

Sure ,

I test avast with malwarelinks , from malwaredomainlist.com , or malc0de.com/database

It does very well , only i never see a autosandbox popup , maybe 1 time i saw it when the signatures didnt cought it.

So i mean , i seen the popup on more legitimate programs then i saw it on actual malware.
For example in the Comodo auto sandbox , it really does sandbox any unknown malware , avast still needs to work on that , but that is understandable , because it is still new in avast.

Effectively you shouldn’t see the autosandbox come up as the blocking is going one at web shield or network shield level.

If you aren’t actually downloading something to your system and then running that file, first the file system shield would scan it and depending on a) signature check, b) heuristics and c) emulation (plus digital signature, location, what it does, etc.), would the decision be made to hand it off to the autosandbox. So there are a lot of steps/checks before it even gets that far down the chain.

There is no way to compare the comodo auto sand box as far as I’m aware it isn’t the same it is a block all (malware or otherwise), where avast doesn’t block all, only that which after all the checking is still considered suspect.