newbie with Avast Autosandbox

how does it work this nice feature?
When I run any program, nothing happens. I have yet set the interactive activity has to ask. Or does it only runs on the newly installed software? After installing Avast?
If it will go as it should, Avast has a competitive edge
Thanks for the advice
Peter

https://support.avast.com/index.php?languageid=1&group=eng&_m=knowledgebase&_a=viewarticle&kbarticleid=602
asyn

It certainly works… check the log:

20.2.2011 19:21:46	Autosandbox candidate: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
	[Source: ]
	[Opened by: C:\windows\Explorer.EXE]
	 --> Result: Not sandboxing (based on user's decision).

20.2.2011 19:22:32	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\DTLite.exe
	[Source: ]
	[Opened by: C:\windows\Explorer.EXE]
	 --> Result: Not sandboxing (because the file is trusted).

20.2.2011 19:22:43	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\Engine.dll
	[Source: ]
	[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
	 --> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

20.2.2011 19:22:45	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\imgengine.dll
	[Source: ]
	[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
	 --> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

20.2.2011 23:39:43	Autosandbox candidate: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
	[Source: ]
	[Opened by: C:\windows\Explorer.EXE]
	 --> Result: Not sandboxing (because the file is in the exception list).

20.2.2011 23:39:48	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\DTLite.exe
	[Source: ]
	[Opened by: C:\windows\Explorer.EXE]
	 --> Result: Not sandboxing (because the file is trusted).

20.2.2011 23:40:10	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\Engine.dll
	[Source: ]
	[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
	 --> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

20.2.2011 23:40:13	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\imgengine.dll
	[Source: ]
	[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
	 --> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

22.2.2011 7:29:03	Autosandbox candidate: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
	[Source: ]
	[Opened by: C:\windows\Explorer.EXE]
	 --> Result: Not sandboxing (because the file is in the exception list).

22.2.2011 7:29:08	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\DTLite.exe
	[Source: ]
	[Opened by: C:\windows\Explorer.EXE]
	 --> Result: Not sandboxing (because the file is trusted).

22.2.2011 7:29:14	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\Engine.dll
	[Source: ]
	[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
	 --> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

22.2.2011 7:29:16	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\imgengine.dll
	[Source: ]
	[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
	 --> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

24.2.2011 3:00:55	Autosandbox candidate: C:\Windows\SoftwareDistribution\Download\Install\Windows6.1-7601-X86-NeutralCab.EXE
	[Source: ]
	[Opened by: C:\windows\system32\wuauclt.exe]
	 --> Result: Not sandboxing (because the file is trusted).

24.2.2011 3:01:02	Autosandbox candidate: C:\Windows\SoftwareDistribution\Download\Install\Windows6.1-7601-X86-CAB4.EXE
	[Source: ]
	[Opened by: C:\windows\system32\wuauclt.exe]
	 --> Result: Not sandboxing (because the file is trusted).

24.2.2011 3:01:08	Autosandbox candidate: C:\Windows\SoftwareDistribution\Download\Install\CheckSURPackage.EXE
	[Source: ]
	[Opened by: C:\windows\system32\wuauclt.exe]
	 --> Result: Not sandboxing (because the file is trusted).

24.2.2011 5:00:53	Autosandbox candidate: C:\Windows\System32\Wat\WatAdminSvc.exe
	[Source: ]
	[Opened by: C:\windows\system32\services.exe]
	 --> Result: Not sandboxing (because the file is trusted).

24.2.2011 10:54:05	Autosandbox candidate: C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
	[Source: ]
	[Opened by: C:\windows\Explorer.EXE]
	 --> Result: Not sandboxing (because the file is in the exception list).

24.2.2011 10:54:09	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\DTLite.exe
	[Source: ]
	[Opened by: C:\windows\Explorer.EXE]
	 --> Result: Not sandboxing (because the file is trusted).

24.2.2011 10:54:14	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\Engine.dll
	[Source: ]
	[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
	 --> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

24.2.2011 10:54:17	Autosandbox candidate: C:\Program Files\DAEMON Tools Lite\imgengine.dll
	[Source: ]
	[Opened by: C:\Program Files\DAEMON Tools Lite\DTLite.exe]
	 --> Result: Not sandboxing (because of unsupported file type (typically a DLL/SYS)).

Where are the logs in avast?.Can they be accsessed through the gui somewhere?
m

Where do you find that log? I can find all of the shield logs but nothing concerning the sandboxing.

%ALLUSERSPROFILE%\AVAST Software\Avast\log\autosandbox.log

There is no such log file on my system.

If you upgraded from 5.x to 6.0, the path will differ. Anyway, it’s pretty trivial to find autosandbox.log via normal file search in Windows.

I think it only creates a log if it thinks something is potentially dangerous and runs it in the sandbox. i.e. a “sandbox candidate”.

I did the search, the file does not exist, anywhere.

Do you have the autosandbox set to Ask ?
If so I don’t know if it would record any actions.

I have the file in that location on my win7 netbook. But not in XP Pro (C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report), I can’t recall if I have had any autosandbox alerts since a clean install of 6.0.1000, so perhaps that is correct.

Or maybe the sandboxing is not working correctly in XP? I need something to test it with since nothing I have installed has given an alert.

same question - need sm to test it.
As I know Sandboxie sw, there is clear and work it. Here nothing.
I cannot also find that autosandbox.log under my winxp.
Or maybe because I just installed new Avast6 only today, that log is missing yet, without running any sw?
What does it mean “potentially suspicious application”? How does it know, if any?

nobody knows?

As shown on the log I’ve posted, AnyDVD causes a prompt here at least, plus DAEMON Tools Lite gets logged (no prompt as it’s trusted though). Someone also mentioned elsewhere that HDD Health utility produces an autosandbox prompt.

Installed HDD Health. There are entries in the Behavior Shield log which allowed it’s actions but there was no sandbox alert and there still is no sandbox log file. The Behavior Shield is set to auto-decide and the sandbox to ask.

well, tried this HDD Health, worked properly with Autosandbox. And that log file was made based on this decision.
I found another detail in it: I opened Anvir Task Manager before first one and Avast registered this activity without asking…
How he knows to do it as needed to prompt?
Peter

28.2.2011 15:18:47 Autosandbox candidate: C:\TOOLS\ANVIR TASK MANAGER FREE\ANVIR.EXE
[Source: ]
[Opened by: C:\Tools\AnVir Task Manager Free\AnVir.exe]
→ Result: Not sandboxing (because the file is trusted).

28.2.2011 15:24:22 Autosandbox candidate: C:\Program Files\HDD Health\hddhealth.exe
[Source: ]
[Opened by: C:\Documents and Settings\Administrator\Plocha\hddh.exe]
→ Result: Sandboxing (based on user’s decision).

Hi,

In Windows 7 32bit my autoSandbox log is in Local Disk (C:)>ProgramData>Awil Software>Avast5>log.

cheers
blinky

That is because you did an update from avast 5.x to avast 6.0 as it would have been a massive task to change the program folder name and all associated registry entries.

Those who did a clean install of avast 6.0 will have a new Avast Software folder instead of Alwil Software and a sub-folder of Avast instead of avast5.

of course clean install: to a new directory. Do not mix together, never with the old one. So I do now, but the result is the same.
I am interested in assessing how the program is suspect for Autosandbox?