1

Hello,

Is it possible to exclude whole folders, including subfolders from being sandboxed with CyberCapture?
I tried and it still sandboxes executables in that folder. These folders being my software development folders it hinders (.NET) development. :frowning:

Thanks

ā€“ Ytrog

2

As youā€™re a developer, read here:

ā†’ https://www.avast.com/faq.php?article=AVKB229
ā†’ https://www.avast.com/faq.php?article=AVKB228

3

Those links donā€™t really help if you donā€™t want to get sandboxed right in the debugger as is happening to me. The problem is that I launch my program from Visual Studio and it gets sandboxed.

4

Well, either disable CC or set exclusions.

5

Which I did. I excluded the folders my Visual Studio projects are in. It didnā€™t work.

Disabling the entire feature was what I did when I first encountered the problem. ::slight_smile:

6
  • Which Avastā€¦? (Free/Pro/IS/Premier)
  • Which versionā€¦?
  • OSā€¦? (32/64 Bitā€¦? - which SP/Buildā€¦?)
  • Other security related software installedā€¦?
7

Avast Free Antivirus
Version: 17.2.2288 (build 17.2.3419.64)
OS: Windows 7 Enterprise, 64 bit, SP 1 (strange, I have updates on)
Other security (non-standard): EMET 5.52.6156.38091

8

Update to the latest version (17.3.2291): https://forum.avast.com/index.php?topic=199715.0

9

Arenā€™t we talking about Behavior Shield instead of CyberCapture?
CC only manages PE executables downloaded from web.

10

I had been thinking this, it could be the Behaviour Shield as the CyberCapture function as far as I can remember is to stop a file from running put a block on it, send the sample to avast for deeper analysis.

Whereas the Behaviour Shield can send it to the virus chest in 2 of 3 options.

11

It was a blue border around my console program having the title ā€œCyberCaptureā€. See screenshot. I made this after updating to 17.3.2291

12

That is certainly somewhat strange, as Lisandro mentioned, we thought that the CyberCapture function only dealt with executables downloaded from the internet. Whilst we understood that this restriction to only that would be expanded at some point, but I hadnā€™t seen anything to say that its scope had changed.

This is certainly the first that I have seen outside of executables downloaded from the internet.

This needs feedback from avast developers.

13

I make mine these David words. Anyway, have you uploaded the executables and then downloaded them to use?

14

I have reported the topic to see if we can get some clarity.

15

Reply from the devs: He needs to make sure that he has * at the end of the path to ensure the exclusion works such that if I want to exclude all files in D:\test I need to add exclusion as D:\test*

16

So this I take it is also confirmation that the CyberCapture function doesnā€™t only dealt with executables downloaded from the internet and has been expanded ?

If so it would be nice to know its scope now, what files and areas are covered ?

17

DR: First of all it is not CyberCapture, but DeepScreen (sandbox)

18

Pretty damn confusing then having the ā€œCyberCaptureā€ Blue tab at the top of the window.

19

Iā€™ve got the following official clarification:

Deepscreen (sandbox) is now also called CyberCapture (it's displayed in the blue border around scanned app's windows). It's because both DeepScreen and CyberCapture are enabled/disabled by the same checkbox in the UI. So the user's issue is that the files are getting into Deepscreen rather than CyberCapture.
20

Thanks for that.

Should we also be changing the DeepScreen reference in the avastUI > Settings > Exclusions and calling it CyberCapture to avoid confusion.

Also we still donā€™t have clarification on the expansion of CyberCapture scans as it would appear it doesnā€™t only dealt with executables downloaded from the internet and has been expanded.

It would be nice to know its scope now, what files and areas are covered ?