I tested Avast with default settings & when it finds the suspicious behvaiour it autosandbox the file & analyzes & after the analyzes completes it terminates the sandboxed app & give the option to sandbox or normal open nextime.
The prob is if you choose to select the app to open next time sandboxed, it again does the same thing & terminates the apps. So this means you can only open the app normally & not sandboxed, right? Then whats the benefit of full virtualization of Avast autosandbox?
autosandbox when set to auto mode is purely meant for Avast! to perform further analysis on suspicious files rather than for the user himself to make a personal verdict if the file is safe or not. thus the application will always be terminated after a few seconds.
however, when set to ask, u can than do ur own analysis on the file in question as Avast! will not terminate the application in the sandbox
So whats the use of Sandbox if you cannot open & use any suspicious app in the sandbox?
If you cannot open & use any suspicious app in sandbox then its the same like threat detected & Avast can throw behaviour shield popup instead of autosandbox.
Autosandbox being the full virtualization, suspicious apps should open in it.
Do you mean if autosandbox is set to ask then the suspicious apps can be run in sandbox? So does this mean autosandbox set to ask, analysis is not performed?
There is some misunderstanding about the autosandbox and the full sandbox feature in the paid versions Pro/AIS. See image, of the autosandbox options.
The autosandbox is essentially for testing and there is no option to open sandboxed for the autosandbox. So presumably you have Avast Pro or the Internet Security application ?
If so yes you can use the full sandbox feature, however, that may not stop it from being intercepted by the autosandbox, so essentially you would need to add that file to the autosandbox exclusions so it doesn’t intercept it. That should then allow you to run it in the full sandbox.
And the screenshot you have attached is of AutoSandbox when set to ask, right? So what happens if I select the default open in sandbox, does the app opens in sandbox & can be used?
Yes that is the autosandbox when set to Ask.
You can’t elect to run an application in the autosandbox, it doesn’t have that functionality, it is for analysis only.
If anything malicious were found it should report that or that there is insufficient information to confirm it is malicious, with that analysis don it shuts everything down. You them decide if you want to run it normally.
If you are looking for something more, e.g. the full sandbox feature then you would need to get either avast pro or Avast Internet Security (AIS).
There is no different approach, when in Auto Mode the autosandbox would make the decision if it should be tested in the sandbox or not, in Ask Mode, it displays the screen I posted and you decide if it should be tested in the autosandbox or not.
But it will not run the application in the sandbox so that it can be used, for that you need the full Sandbox of the avast Pro/AIS versions.
@ DavidR: i tested out the autosandbox in ‘ask’ mode using autosandboxme tool by Avast. it displays as in ur screenshot and allows the sandboxed app to run within the autosandbox without terminating it.
so i believe that when autosandbox is set to ‘ask’ mode, the user still cannot choose which application to be sandboxed as in all autosandbox modes (auto/ask), but the user can run the app (which Avast chooses to sandbox) indefinitely in the sandbox.
No I didn’t say that apps can be run in sandbox and not terminated in Ask mode, all that Ask mode does is take away the decision if the app should be run/tested by the autosandbox, primarily so that the user can elect to run it outside of the autosandbox.
Anything in Ask Mode run in the sandbox will run virtualised (a Red Border round the Window), so any interactions made or changes, etc. will be lost as the sandbox is wiped when closed. You can’t elect to always run this program sandboxed, but when you try to run it the autosandbox would butt in, if you have it set to Ask you can run it sandboxed or outside of it normally (that choice can be remembered), but it still runs through the analysis process.
The Auto Mode just elects to run it sandboxed to do its analysis, this displays a pop-up (see attached image) once it has analysed the program it will notify you of the finding, image2. If at this point you can select how the next execution is handled (sandboxed or normally), but it still runs through the analysis process and the program terminated at the end of the analysis if you selected run sandboxed.
So in choosing Ask Mode, there appears to be an anomaly (which I believe wasn’t intended to be in the free version) where it will actually run the program sandboxed - personally, even if it doesn’t terminate an application there really is little point in running it sandboxed as when closed everything is history. Any interaction or changes made when running the application are lost. Where in the Full sandbox feature in the Pro and AIS have other settings for running programs like browsers sandboxed and still have some of the changes, etc. saved.
Okay, so how do I set this avast 7.0.1426 Sandbox to Ask Mode.
I can’t even find any Sandbox Settings.
All I know is that now every time that I bring up PortableApps.com, the Sandbox pops up and I’m not even given a chance to select “Remember my selection for this App” or whatever the previous avast used to say.
Ahhh, the ole hidden in plain sight trick, huh? ;D
Okay, I set it to Ask now.
I tested it by bringing up PortableApps.com IrfanView and it did now go back to working like the avast 6.x Sandbox.
This time I WAS given the chance to select “Remember my selection for this App” or whatever it says. Cool.
Yes hidden in plain sight, most people would consider it another shield (rather than an extension of other shields, file system shield) is which is why you didn’t find it in the real-time shields.
OK, tested today with default autosandbox & set to ask.
Default - analysis & terminates the apps & cant be run sandboxed whether first time or next time or any time.
ask - popup is there & the recommended is run in sandbox & if selected the apps runs in sandbox with a red border. No automatic termination & no analysis window.
I think the apps should be allowed to run in sandbox in default settings as the sandbox is full virtualization & not limited rights thing so no harm to the system & thats the main benefit & use of sandbox or full virtualization.
If there is autosandbox & its a full sandbox then running apps in autosandbox should be allowed. Offcoz what apps should run & is suspicious should be decided by Avast as it is now. For running selected apps in sandbox Avast Pro is there but what Avast decides should be autosandboxed atleast those apps should be allowed to run in sandbox in default settings in Avast free.