My company recommends Avast Free for home users (and upsells to Pro and Suite as needed and for Business clients). We are on track to meet $30,000 in sales this period.
I have concerns about Auto-Sandbox being defaulted to “On” and “ask”. I’d prefer it Off AND Auto as default.
I need our antivirus solution to be pretty much prompt-free for standard PC usage, and I’m finding I get a million support calls asking what auto-sandbox is and why they are being prompted. Generally when a novice gets a prompt they saying something like “Avast has blocked something suspicious, do you want to sandbox it” they think they are infected, even though they aren’t and they call me.
So now we turn it off every time we install it. But that doesn’t cover people we recommend it to. Which means I hesitate to recommend it.
Help me out here, that default is no good. AV should be silent by default, even at the loss of some functionality in “extra” protection. Anyone agree, or should I start looking around for other solutions? I’d chalk this up to “beta” testing defaults, but this is 6.0 release direct from the consumer-facing avast.com page. If this is already changed in a beta, I am unaware.
I thought I’d get an opinion on this before I take it up with B2B.
In fact, I raised this issue in a recent post of my own. The Avast Sandbox should DEFINITELY be set to Auto as a default setting in the next release. Far too many inexperienced users do not understand the Sandbox concept, will see something suspicious if set to “Ask”, and believe they have an infected system. The less prompts for newbies. the better for those businesses that may not understand how computer protection works.
People with more experience on the other hand, would know how to set the prompt to “Ask” or could easily find out. However a cosign from me in agreement about this users’ post.
Question to the OP:
Has your company been prompted with a lot of strange files from Avast AV recently?
Prompted as far as files that trigger the AutoSandbox?
Occasionally from programs installed as components to hardware driver installations (things that run on startup providing things like webcam functionality, etc). The only thing I can name specifically is our remote access software which is based on TeamViewer (which is I believe based on a VNC varient - it triggers AutoSandbox every time).
If your question was the “Please click here to send files to Avast for inspection”, although I don’t remember the specific wording… Yes, I’ve seen it a few times in the last couple of weeks. On one occasion it asked again to resubmit the files after closing and opening the program again. I do recall the program running ok, though.
I also had a case where the user upgraded to a new build of Avast and the sandbox appeared to put the Avast installer into a sandbox. That didn’t turn out so well for the installation. That was with IE running under sandbox mode (Avast version 5, not 6).
I understand your point though I have not (yet) received any negative feedback myself.
Establishing a single default configuration that will suit everybody is always going to problematic.
I doubt very much that we’ll see AutoSandbox disabled by default but as both the implementation of the restricted environment and the detection processes that invoke it mature, it may at some stage be considered safe enough to change the default from “Ask” to Auto".
If set to “Auto”, is there currently any notification to the user that a process has been virtualized?
If not, maybe a non-alarming popup message as below could be considered.
As an extra precaution avast! has allowed [Program name (i.e.not process name)] by [Vendor name] to operate in a way that ensures maximum security for your computer.
If you are sure that this program is completely safe, click here to allow it to operate normally in future.
I have concerns about Auto-Sandbox being defaulted to "On" and "ask". I'd prefer it Off AND Auto as default.
if you prefer it “off” by default, then it doesn’t matter whether it’s set on auto or ask… okay this said I’m not sure that Avast’s ready to turn off by default a new feature, aka auto-sandbox … although I can imagine the confusion for a majority of users/noobs, so I would tend to agree with your request.
I’ve never had auto sandbox alert or need to sandbox anything (and I use Team Viewer with no issues) Even have it set to “High” in settings. My concern would be what are people doing to get very many calls for sandboxing in the first place. Business software should be be common for the most part–unless your company writes their own. If not they are likely using what many others are using, which should not trigger many responses by sandbox.
You’re right, my statement does seem a bit confusing now that I read it, I apologize it was very early in the morning
I suppose I meant Off or Auto. Essentially I do not trust sandbox to perform software installs yet. Occasionally yes, I have users install unsigned applications. Not our own, but from various hardware vendors. It is not uncommon for specialized software to be unsigned unfortunately. From what I understand, they are more prone to trigger it. But it isn’t just installs, I have seen it triggered on programs already installed that run at boot time. I really wish I had some examples handy but I came here more to protest the defaults than any possible bugs or side effects.
I never have problems either, connecting to other people. It’s the people receiving my request for connection. I just tested it now using the version currently available on teamviewer.com and am unable to reproduce it on my home network but have seen it twice in the last week when connecting to customer’s machines. The first week it was released it was half a dozen incidents a day. That triggered us to disable it since then. No in-house software used currently.
Maybe the solution is as simple as better wording on the dialog box that comes up. A big “what should I do?” button for the novice right smack in the middle would be ideal. Malware is so rampant that people are nervous to click anything that is not made extremely simple to them nowadays. Some people don’t even trust update prompts from Windows now because some malware have disguised their dialog boxes to look official in the past.
-1 - basically completely defeats the purpose of the feature. And that is valid for both default Off and default Auto. If avast! had enough information about the files, you would not need this feature, basically.
The way I interpreted the OP’s concern was they would like to still have the Auto Sandbox as a feature, but just have it “do its thing” in the background without the current default setting of “Ask.”
I think Sandboxing should NEVER be turned off by default, just set to Auto Detection by default. This process might make things easier for the average user.
okay this said I’m not sure that Avast’s ready to turn off by default a new feature, aka auto-sandbox … although I can imagine the confusion for a majority of users/noobs, so I would tend to agree with your request.