(1) I went to uninstall my TFC (temporary files cleaner), but my NEWLY updated version of Avast 7 told me it was a “potentially unwanted program” and should be kept in the Sandbox when opening it. That concerned me, but I went ahead and uninstalled it anyway.
(2) NEXT…I had not updated to the latest version of Sea Monkey recently, so I opened the browser and clicked on “update check”, BUT I was alerted of the possibility that someone was trying to trick me and that it might not be a ligitimate site…which was, needless to say, a scary feeling!
THEREFORE, I opened Firefox and downloaded a latest version of Sea Monkey directly from the website. After I scanned it, I tried opening it up…BUT…Avast popped up and said it was a “potentially unwanted program” and placed it in the Sandbox.
(3) I tried downloading the Sea Monkey browser a few more times, but EACH TIME Avast told me it was a “potentially unwanted program”, and placed it in the Sandbox. Now that really made me apprehensive!
I have never had this happen to me before and it has only happened since I got updated to Avast 7.
QUESTION: Since Avast believes the Sea Monkey browser to be “suspicious”, am I to simply forget about using that browser? Is there really something suspicious about Sea Monkey?
The avast7 version of the autosandbox is much more sensitive than avast6, which many asked to be more strict.
The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.
However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.
Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean and of course that you intentionally initiated the program.
QUESTIONS:
(1) According to your reply, I guess I am to assume that there might likely be many more “potential threat warnings” from Avast and that I should simply get used to it?
(2) Regarding Sea Monkey…why does Avast think the Sea Monkey browser is “potentially” dangerous?
Yes there is the possibility of further detections after all that is the autosandbox’s task to run when directed by one of the shields (primarily the file system shield, FSS) if it considers it suspicious or rather an element of doubt. You the user have to have some knowledge of what you have installed, that it was downloaded from a reputable source, what it does, etc. You too may not have that information which would be suspicious to you to and would be a good thing to run once through the autosandbox.
I can’t tell you why it considers it suspect, the FSS has rules, etc. one no doubt is is the file digitally signed, etc. the more that is triggered the more likely it will be handed off to the autosandbox. Now you can elect to run it first time in the autosandbox, avast would be able to run this in a virtual environment where it can do no harm; if anything were found that would be reported.
It is just another level of protection basically to try and catch, previously undetected malware, by examination and not solely on virus signatures.