I’m curious about what triggers the Autosandbox in Avast 6 Free Edition. If the virus scanner itself returns a clean result, why would a program (or its installer) be “suspicious”?
Alternately, if there’s something truly suspicious about it, why doesn’t the virus scanner say so?
Thanks!
Heuristic analysis and behavior analysis are done deeply and thoroughly by the autosandbox.
It’s a pro active protection that goes “further” than the regular scanning.
Simply because it’s less suspicious than to report an ordinary detection, yet more than a normal file usually is.
There is no simple trigger - there are many rules, possibly combined somehow together, that form the “suspiciousness” (and those rules are updated, sometimes daily, just like the rest of the virus definitions).
Thanks for the quick responses 
I was wondering if it could be because one of the libraries/dependencies had a known vulnerability or something. But it’s possible that the program is actually 100% clean?
I see sandbox prompts for programs I’ve used for years without issue. If they’re susceptible to a known exploit, I’ll run them in a sandbox, but if they’re clean I’d prefer to just run them normally.
It’s most probably clean.
But you can check with www.virustotal.com
The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.
However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.
Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean and of course that you intentionally initiated the program.
I replied to the wrong thread (Web Shield) ;D
Thanks for drawing this to my attention. I posted concerning a program called Wordfast towards the end of September, which is a program like Trados for translators. These rely on glossaries of translated words that are acceptable to any given customer (regradless of whether correct or not you have to adhere to them in order to get paid!!)
My problem was that the glossaries would not download. After trying various possible remedies, I found that disabling Sandbox allowed Wordfast to download with customer approved translation matches.
However, the translation agency with whom I had started on 1st September parted company with me the following week - because of customer complaints of my non-adherence to their glossary guides - guides that I could not downlaod apparently becuase of Sandbox. 
The link please.
Hi
It was on “general topics” and dated between 21 and 30 September 2011.
I will start scrolling back - see who gets there first?
Replying to Asyn
Here we are http://forum.avast.com/index.php?topic=85256.0
Hellooooo !! Asyn? Anyone have any idea about this (regarding Wordfast)?
I wanted the download links for the guides…! 
The forum did not inform my Thunderbird Inbox that you had replied (I will rectify). It is late, but tomorrow I will post a typical TM (Translatin Memory) file for Wordfast that did not install for the translation job for the given customer.
I get sandbox alerts for old utility programs for old games. I think not having a certificate or exhibiting behavior common to some form of malware without matching a signature in the database will trigger the sandboxing.
OK here is a “Textdokument” (laptop bought in Germany) extracted from a typical zipped files for a given job which would only download and install on Wordfast, when AutoSandbox was off.
I tried, but of course the typical file is too big to send. The Textdok file is 13557 KB. (Containing words in German and the customers preferred English translations.)