Bug report

system · January 26, 2012, 11:01am

Hi everyone, on 20.01.2012 I submitted a ticket to avast! Support Center containing informations about a bug I’ve found but I had no reply about this.
Is there another way (or place) where I could submit bug info?

Thanks a lot, Carlo Di Dato

DavidR · January 26, 2012, 11:33am

Yes there is another way outline the problem here, it might not be a bug or there might be a workaround.

Give your Operating System and SP number (e.g. SP1, etc.), the full avast type and version including build (e.g. avast free, 6.0.1367).

system · January 26, 2012, 2:09pm

Hi DavidR, thanks for your prompt reply. The issue (maybe it’s better to call issue rather than bug) was succesfully tested on:

Microsoft Windows 7 Professional (32 bit)
Service Pack 1

and

Microsoft Windows 7 Ultimate (64 bit)
Service Pack 1

This is the version of avast!

http://shinnai.altervista.org/avast/version.jpg

and I’ve found a way to bypass real time access protection (see below)

http://shinnai.altervista.org/avast/protection.jpg

I mean, whatever I choose (sandbox or cancel operation) the executable will run without restrictions.
I think that talk about the way to do this on the forum, could be dangerous.

DavidR · January 26, 2012, 2:43pm

Well that certainly isn’t what I would consider normal. Though I’m using avast free the autosandbox function is the same (as far as I’m aware). I rarely open in the sandbox as for the most cases what avast is warning against I know about so I tend to select open normally and I have never opted to cancel opening (as it was me initiating the running of the file/app).

How do you know that the open in sandbox was bypassed ?

The one that would be easiest to test and the one of most concern would be the cancel opening as when it runs we know for sure it isn’t running in the sandbox.

Unfortunately I haven’t been able to dig out any application that I can test it on knowing it should trigger the autosandbox, as my normal problem with a good firewall with HIPS based protection is that steps in first on its 'System and Application Guard. So it blocks me from running unsigned files from usb so for me somewhat hard to test.

I will try and draw this to the attention of one of the developers.

system · January 26, 2012, 4:01pm

I agree with you. In my test:

Run the file
Choose “Cancel opening”
the executable runs, write a batch, then execute it

that’s why I consider this dangerous.
For sandbox question, I used Process Explorer and I see that the executable run in session 1 and out of the context of avast

pk · January 28, 2012, 7:48am

Thanks for info.

“Run the file” from network is fixed in avast7 beta.
“Cancel opening” is also fixed in avast7 beta… we removed this option

avast7 beta will be released soon, you can retest it, thanks.

RejZoR · January 28, 2012, 8:51am

Hm, why was Cancel opening removed? I found it useful when you just decided not to run it at all when the popup jumps up. It’s like clicking NO in the UAC popups. It just prevents the app in question from running at all.

pk · January 28, 2012, 8:53am

We redesigned autosandbox popup, please wait for beta, thanks.

RejZoR · January 28, 2012, 8:56am

Sure thing, i’m waiting eagerly for it

system · January 30, 2012, 7:56am

Hi and thanks for your answer. I’ll wait for avast7 beta.

Regards

Bug report

Announcements