avast ais v6.1125 sandbox

ok updated and for smirks and giggles I had a old program I wanted to install so I right click and select run in sandbox. meanwhile defense+ plus comes up and says xxx wants to run and I say ok and select install mode for d+.
check to see if avast does indeed have it running in the sandbox and it does.
so program installs and actually installs!
why? thought the purpose of the sandbox was to not effect the system in anyway? so how can this be?

Are you saying that you run an app inside the sandbox, and it was able to make modifications to the system? Which app are you talking about? And is it the manual sandbox, or the AutoSandbox? (also, how did you check if it’s really running sandboxed? [as you said]).

Thanks
Vlk

Since you installed the program in the sandbox. No permentant changes were made to to your computer’s sensitive areas (registry, drivers, etc…) and the program does not have access to your system or personal files.

If you empty the sandbox (don’t delete it), the program should just disappear, leaving behind no trace it was ever there. Think how handy that will be when you get hit with a fake av, or other driveby nasty. Pretty slick huh.

well I right clicked on the setup.exe and selected run in sandox (avast). went thru the install and it actually installed. the program was adobe photo album 2 from years ago. it also installed adobe reader 6.0. and they actually installed to system and made registry entries etc. as well as in the program features it listed both in the add/remove programs. and I uninstalled adobe reader 6 from there.
I knew they were not malicious but was just shocked that they were actually installed.
I had the avast ui open and it said it was running in the sandbox or was sandboxed.
and I assumed that since it was sandboxed any child processes would also be sandboxed. guess it is true what they say about assuming.
win 7 ultimate x 64 os

Hummm… That makes me nervous too. That kind of behavior is not what I expect from a sandbox. I don’t really care if its safe, signed or whatever. If I run the installer it in the sandbox (not autosandbox), I expect the program to be installed in the sandbox and stay there and go away when I empty the sandbox. Anything less makes me question what protection is actually being provided.

Can you repeat the test? I just installed a program in sandbox and cannot find it anyware :slight_smile:

yp just got done reinstalling after an uninstall. same results. with reboots and reg clean between all.
I checked to make a log file but cannot find where avast stores the logs.
but something is off to say the least.

Maybe selecting it to run as an installer in D+ overrode the sandboxing protections?

I agree with this opinion.

DJBone

I disabled d+ second time and rebooted. same results.
and yes comodo sandbox is disabled too and always is. do not trust it.
not a newbie at this.

I’ve tried to install multiple programs running installers in the sandbox, including Adobe reader. Nothing penetrated the sandbox. I couldn’t find an installation that would complete. I’m a happy bunnie. I’m wondering if something is going on with the “dragon” (commodo). I haven’t let that stuff near my computers since the firewall flamed an installation about a year ago.

hey vlk any clues as to why this was not sandboxed?