Avast Sandbox affecting my application badly

Hi,

I work in an application (https://github.com/renatoferreirarenatoferreira/quickmon) that was giving weird errors (image attached) in one Windows 10 workstation.

I started to think that it was happening due something with Windows 10 and then I took a process monitor dump. Analyzing the dump I faced the avast sandbox feature for the first time. It was, basically, pre-running the application with errors and then, after that, the application suddenly runs again working perfectly.

What do I have to do to get my application working with the sandbox?

Thanks!

Renato A. Ferreira

The sandbox has been gone for a long time.
If you still have it, why are you running that application in it ?

What do you mean with “has been gone”? The laptop I’m referring to is running the Avast Business Security and I think its version is 11.1. I don’t have control over it, as this laptop was provided by the company I work for. It is running automatically by intercepting system calls and then verifying if the file has been checked already with a file called URL.db. It happens only in the first time that the application opens, but if I change the directory that the executable is located avast runs again the sandbox.

Since you running a business version, you posted in the wrong forum.

But, Hey… I’m not looking for support to any version/edition, I’m trying only to understand how to avoid my application from reporting errors while running in the sandbox.

But, ok… If it is really required, may someone move this thread to the appropriated forum area? Or I have to recreate the thread there?

Is there a developers area or somewhere to discuss these things?

Why are you running the program in the Sandbox?

Do you think the application is not safe?

The Avast Sandbox is a special security feature which allows you to run potentially suspicious applications automatically in a completely isolated environment. This is particularly useful if you don’t completely trust whatever you just downloaded or you visit dodgy websites because programs running within the sandbox have limited access to your files and system, so there is no risk to your computer or any of your other files.

Here’s how it works: By default, if an application is started and Avast detects anything suspicious, it will automatically run the application in the Sandbox. The advantage of running an application in the Sandbox is that it allows you to check suspicious applications while remaining completely protected against any malicious actions that an infected application might try to perform.

The browser or other application will then open in a special window, indicating that it is being run inside the Sandbox. When the Sandbox is closed, it will be restored to its original state and any downloaded files or changed browser settings will be automatically deleted.

https://blog.avast.com/2015/09/09/what-does-the-avast-sandbox-do/

I don’t have control over that, it is running automatically. I simply tried to use in a specific computer and noted the error. I figured out that it is was being caused by the avast sandbox while capturing data for debugging using process monitor.

It is safe, I developed the application… I did that as an opens ource project: https://github.com/renatoferreirarenatoferreira/quickmon

I don’t believe Renato is intentionally running it sandboxed, more like the DeepScreen (or possibly the Hardened Mode (if enabled) is intercepting the application to analyse it and that causes the internal program errors.

@ Renato
Do you have or are you able to capture a screenshot of the intercept by avast ?

Is this app digitally signed ?

Hmm’ could it be the NG ?
Although that doesn’t exist anymore either in the latest version according to a post from VLK.

The OP isn’t using the latest avast version, but the business edition:

The laptop I'm referring to is running the Avast Business Security and I think its version is 11.1.

I’m not even sure if NG is in the Business version.

The only screenshot I have is that one already attached to the first message. It is happening before the application opens the main window.

I have only the process monitor dump showing the AvastSvc.exe reading the executable, checking the URL.db and then the application runs making calls to lots of avast stuff (HKU__AVAST! SANDBOX* registry keys, DLLs and others).

No…

  1. OK, I was hoping that if it was the DeepScreen you would see its intercept window of whichever file, letting you know it is being scanned by DeepScreen. See attached example image.

  2. Generally the file being digitally signed helps.

This needs some input from the avast team I will try to attract some attention to it.

Hi,

if the problem is on your computer only, that you can either add the folder with the file to the exception for deepscreen, or turn-off deepscreen completely – if that is your problem.

Lukas.

I don’t have the password to access the Avast configuration, but it is not being a problem for me as after this first run in the sandbox the application start to work.

What I’m looking for is some practice to avoid the error messages to make the other users comfortable using the application, without error messages. Something I can change inside de application to avoid that error.

Will the application be ignored by sandbox feature if it is digitally signed?