Avast sandbox BSOD

I’m a developer working in Python, which often causes Avast’s 15 second sandbox (free version) to scan some of my package entrypoints. An entrypoint is an .exe file python/setuptools creates to enable users to start a specific script from the commandline. This is normally ok, and can be canceled when I know I trust it, but there is a special case that causes the sandbox to BSOD Windows: If the entry point calls Python’s standard library functions for opening a browser to a specific URL (in a new thread), then a new tab will be opened in my already open instance of Firefox. Upon completion (or close to completion) of the sandbox scan, a blue screen will appear, and the OS will restart.

The python code in question:


import webbrowser
import threading

browser = webbrowser.get()

def launch_browser():
    browser.open(url, new=2)

threading.Thread(target=launch_browser).start()

I can submit a minidump, but an initial analysis says that it is firefox.exe that is the failing process, but aswSnx.sys is also involved. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

Other relevant info:
Windows version: 10.0.16299.371 (WinBuild.160101.0800)
Avast version: 18.3.3860.316
Firefox version: 59.0.3

And to be clear: If I am able to cancel the sandbox scan before the browser url is launched, the BSOD is avoided.

As you’re a developer, read here…

https://support.avast.com/article/229/
https://support.avast.com/article/228/

This sounds it is DeepScreen that is causing the issue. You’ll need to upload a dump before I can get this escalated to an Avast dev.

You can follow Asyn link to get your files whitelisted so DeepScreen will not scan your entrypoints.

What are the routines for uploading the dump? I’ve seen ftp://ftp.avast.com/incoming/ around in search results before, but I’m not sure what the usage pattern is (filename, how to tie back to discussion here, etc).

Pick a unique name (and post it here), so the devs can find it. Thanks

I uploaded the file according to this guide: https://support.avast.com/en-eu/article/FTP-file-upload
I followed its recommendation of using my email as the filename (but I’d prefer to not post that openly). Hopefully the devs can see my email from my forum profile?

Sure.

Hi Aboratt, the issue is already fixed internally, thank you for reporting.