ImgBurn/Avast 7

Avast Free Antivirus / Premium Security
1

Since updating to version 7 i am experiencing a problem with ImgBurn.
ImgBurn will open normally but closes automatically after 10 secconds.
There are no messages of any kind.
I have found that if i change the setting in AutoSandbox from Auto to Ask ImgBurn behaves normally.
If anybody has any comments please let me know.
Rgeards.

Windows 7 SP1
Avast 7.0.1407

2

Set the Autosandbox to Ask and leave it there so you are in control of the decisions. When you say Run Normally, also check the Remember my answer for this program (or words to that effect), this will add it to the exclusions and it won’t be pinged again.

Obviously when doing this you have to have confidence that tha application is A) legit, B from a known reputable source and C) not infected. The latter is fairly easy as if it were infected the file system shield would have alerted instead of handing it off to the autosandbox.

3

Thanks.
I have set to Ask permanently.

4

Another clear example of why the “ask” option is very important for the users.

5

I was able to get ImgBurn to run normally with the sandbox on auto. Yes it got sandboxed, analyzed and terminated the first time, but the analysis window remained open and I was able to choose run normally the next time. ImgBurn was added to the exclusions automatically and from then on opened and functioned perfectly. The sandbox doesn’t have to be set to ask but you do need to let the analysis progress popups to show. Do not turn that function off or the program will open sandboxed, and terminate without you having the option to allow it to run normally the next time. It will then just repeat the same procedure forever.

6

The Avast sandbox is not very smart. It looks like it based on a whitelist not backlist. If something is not digitally signed, it gets sandboxed and even if Avast doesn’t find any malicious code, the default option is still to open in a sandbox. So for people who don’t read the prompts, they will naturally just click next and then subsequently wonder where their program went or why it is not working properly.

From a security perspective this may be prudent, but what really happens is it creates user fatigue to the sandbox prompt b/c programs they use and know are safe are getting sandboxed so when real malware comes along, they run the risk of allowing it through either b/c they set the settings to “ask” or they just allow past the sandbox prompt b/c that what did with prior programs.

7

There is not a whitelist or blacklist.
The criteria is the file behavior and caracteristics.

It is a very wise to consider suspicious an executable not signed imho.

There is no protection common user fault proof. The decision of autosandbox is the better for this kind of user. Advanced, the ones who read the prompts, can take other decision. Common users and common programs (signed) won’t fight with autosandbox decisions that frequently.
Besides, the autosandbox will be improved next 7.x version and it is NOT a HIPS to be a pain to the user with popups.