Hi,
wanted to ask if AutoSandbox creates a logfile of those actions initiated by the sandboxed file (exe).

I would like to know what a sandboxed app is trying to do on my computer, i.e. modify registry, install stuff, connect to internet etc., so that I can actually decide on an informed basis whether to allow this program next time or leave it in sandbox.

Does Avast already now create such a log, or is it possible to trigger the logging somehow?

If it is not possible: Can it be integrated into a future update? Seems fundamental to me.

Cheers,
M

Well you could change the AutoSandbox settings to Ask, is one option.

C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\log\autosandbox.log XP location.
C:\ProgramData\AVAST Software\Avast\log\autosandbox.log Vista/win7 location.

Thanks for the super fast reply!

And thanks for the log location.

HOWEVER, this log is only which file is run in the sandbox, not what processes that said file is trying to execute.

There should be a logfile created for the file that is run, telling e.g.:

• trying to modify/overwrite xxx.dll
• trying to modify registry entry xxx
• trying to connect to internet IP 01.01.01
• etc.

Should this post be transferred to the Sandbox wishlist thread?

Cheers,
M

I rather doubt that this would be something they are likely to add, as depending on the application what it could be doing could be quite complex and verbose. There is nothing to stop you adding it to the sandbox wishlist, but I believe that is for the actual Sandbox/SafeZone and that is different to the AutoSandbox…

The AutoSandbox is a simple means of allowing it to run in a sandbox to determine if what it does is malicious and should alert if it was.

As an avast user like yourself I can’t really be more detailed.

Report file can be generated only in Sandbox (Pro/IS).

Autosandbox doesn’t have such option - and it won’t have in next version, because this component should be simple (no complex settings, simple dialogs, etc). Autosandbox was improved in v7 - suspicious app is automatically executed in the sandbox, we analyze its behavior in the background and then we show you results. We had a discussion if there should be a link to report file, but such report file would be interested only for experts, not for the average users.

Thanks for the input pk.

Thanks PX, depending on what exactly this “and then we show you result” will look like I probably would be satisfied.

Bottom line of a sandbox for me is to know what a program is trying to do to my OS, therefore I need this sandbox to log and list me those activities. I understand that you want to keep AutoSandbox as simple and easy as possible, and any activity log would only be for techies, but creating a logfile does not necessarily mean that you have to force users to read it, right?

Cheers, and thanks for all the good work and fast replies!
M

PS @pk: on another matter: I am not that happy about that “run the app automatically in the sandbox” bit you mention: I am of the opinion that you should leave users the freedom to run an app in a sandbox or not (i.e. leave the “ask me” option): they should have the freedom to mess up their system if they want to…!

Then do as I suggested in my first reply set it to Ask and you have total control over it.