Photoshop Elements false sandbox?

Avast Free Antivirus / Premium Security
1

AvastPro 7.0.1426 has AutoSandboxed Photoshop Elements (v 1.0.1) with the reason “The file prevalence/reputation is low”. I’ve had the programme for years and used it yesterday without it being sandboxed, so I think this may be a false positive. I’ve added it to exclusions but thought somebody might want to know.

2

sett sandbox to ask…then nextime from droppdown menu “run normal”

3

Thanks - I’d spotted “Run normal” but didn’t realise I could set it to ask. Done.

But I was really just thinking that it might be useful to know that something has changed that’s picking false positives.

Chris

4

AutoSandbox – why are you annoying me?
https://blog.avast.com/2012/03/20/autosandbox-why-are-you-annoying-me/

5

Well it isn’t really a false positive as avast is not alerting on it, but making a recommendation. This looks like a very old version of Photoshop Elements and it probably isn’t signed or have a high prevalence/reputation and may also hit more of the things that the autosandbox is looking at. The end result being a recommendation to run in the sandbox.

The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.

However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.

Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean and of course that you intentionally initiated the program.

6

Thanks both. Now I know a bit more about the sandbox. I haven’t seen it in action until now. I’m happy with the concept, but I’d prefer the default to be Ask (as I’ve now set it) rather than Auto. The Auto locked up the application for several minutes while it did the diagnosis - and as you say, it’s an old program and won’t be digitally signed, but I’ve been using it for years and had just launched it, so if asked I’d have OK’d it.

Chris

7

I have said that all along, Ask gives greater interactive control over the autosandbox.

Unfortunately, that also is likely to generate lots of questions for the user and in a lot of cases they may not be in a position to answer them.

8

I have tried several times to install Photoshop, and it says it is installed but it appears that it is not: no icon on the desktop, and no .exe file that I can find anywhere. I have not seen any message saying that anything is blocking Photoshop from installing, it just never works. I have opened up Avast and shut down about everything that I can find (I have noticed that others have had trouble with sandbox, and I have not found any reference to sandbox in the Avast settings, but I shut down the fss and lots of other settings).

Running a Dell with an I7 cpu and Windows 7.

It came with McAfee. I have avoided doing anything with that, even though frequently 2 popups pop up to warn me that the Internet is going to eat my computer if I don’t run the Mcf anti-virus. I suppose I should just uninstall the son of a bleep and be done with it, but I would rather keep it around just in case, and shut it down so it would leave me alone; haven’t had time to mess with it. It appears to be shut off, but it’s hard to be sure.

Help?

9

Having two resident anti-virus scanners installed (even if you aren’t really using it) is one too many and not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable. So yes it needs to be uninstalled and I would go a step further and run its removal tool. Even if shut off, a resident AV will have drivers running in the background, these are used to hook files so that they can be scanned before being allowed to run, it is these drivers that can com into conflict.

Shutting down the FSS is like plying Russian roulette, sooner or later you will get burned.

Set the autosandbox to Ask, the autosandbox is an integral part of the FSS and you can access its settings from the avastUI, Real-Time Shields, FSS, Expert Settings, AutoSandbox. You can also add the file name (including full path) to the Files that will be excluded from automatic sandboxing.