I’ve just installed the latest version of Irfanview on 3 different computers today, Avast wanted me to open Irfanview’s installer in its sandbox all 3 times (only because I’d set Auto to Ask). Looks like the sandboxing needs to be looked into, it seems a tad too stringent, thread right below mine says the sandbox is interfereing with Google Chrome as well. How many other legitimate applications has Avast’s sandbox targeted? I hope Avast’s authors leave the ability to choose whether or not the sandboxing remains on Automatic vs. the ability to change that to Ask. -kd5-
There is not a whitelist (legitimate application database).
A file to trigger the AutoSandbox should be into one of the criteria.
What version of Irfanview do you have ?
I have 4.3 and not a problem on my XP Pro and win7 systems and no interaction with the autosandbox.
It wasn’t all that long a go that the complaint was that the autosandbox wasn’t doing anything.
EDIT: Just updated to 4.33 and no problems there either.
same here
Wanted a clean install of 4.33 so I uninstalled the old, installed the new on 3 computers, all running XP Home, Avast’s sandbox protested all 3 times. Since I set the sandbox to Ask me, I was able to install normally. If I’d left them on Auto, I’m guessing the installs would’ve went badly.
Why is the sandbox trying to block legitimate application installs? -kd5-
It isn’t, it is just notifying you that it doesn’t know much about it, not digitally signed, its location and source, etc. etc. Though why it acts differently on your system to mine is still a mystery.
The autosandbox never batted an eyelid when I installed the 4.33 version over the top of the existing installation and I have mine on Ask and no exception/s for Irfanview.
I wander if the culprit may be the famous “Monitor the system for unauthorized modifications” option of the Behavior Shield.
Option that both of us have unchecked…
It is something that I have been considering also, but again I can’t see the direct connection between that and the behavior shield triggering the autosandbox check.
So I would have to wonder where the autosandbox gets its information for the last option in the list of triggers (“Generic heuristics / suspicious context”) from. Plus how many of these triggers would it take to be met before the autosandbox intervenes.
Yeah, probably from Behavior Shield I guess:
“the main thing the Behavior Shield does is provide context information for other shields (mainly FileSystem Shield), i.e. making many of the heuristic detections work (i.e. something invisible, but important performed on background)…”
(Igor: http://forum.avast.com/index.php?topic=96562.msg770287#msg770287)
Well the file system shield uses heuristics and also the emulation function (sf.bin), since Irfanview (certainly during installation) is likely make system changes, not lease file associations in the registry.