Sandbox Alert for Java Update Scheduler

Just wondering if anyone has seen a Sandbox Alert when the Java Update Scheduler opens? Thank you.

Vista Premium on an Epson, just in case you feel it’s relevant.

Sorry, I forgot:

Avast! Free Antivirus

Program version: 6.0.1367

V. definition version: 120102-1

Well, not really here with jusched.exe.

I never see it as I never allow it to be an auto startup item, so it never runs on any of my systems.

The avast free autosandbox isn’t an ‘alert’ as such (otherwise it would have been the file system shield alerting), but a recommendation.

The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.

However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.

Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean and of course that you intentionally initiated the program.

Well, I am supposing I’ve not seen that happen on the other computers because I normally don’t have any Java Updates set at that once a month thingy. I just got this Epson a short time ago and forgot to set that correctly. Well, correctly for what I think is correct, as it seems others agree.

Fact is I’ve never seen this “alert” pop up before. Yes, I know alert isn’t such a good choice of vocabulary, but it’s a bit like that – all orange and scary and everything.

The file and such were written up like this:

File: C:\Program Files\Java\jrel.6.0\bin\java.exe

Opened by:
C:\Program Files\Java\jrel.6.0\bin\jusched.exe

Quite frankly, I figured it to be a false whatever and simply clicked the close button in the upper-right corner after doing a screen capture. Not sure if that was a smart action, but I was kind of busy and all and I couldn’t see how the updater tool could be a problem and – well, that’s what I did.

Still, I’m kind of curious what triggered that?

Oh yes, almost forgot to thank you for the attention to this topic.

I suspect that the files aren’t digitally signed, that would be step one, locations outside say program files or in temp/usb sticks, etc. could be step two and the emulation check would also see that it would be trying to get an internet connection.

So it starts to build up a chain of events/suspicion that results in the security recommendation.

Obviously the above points are speculative as I’m not privy to the exact checks that are done or how many are required to trigger the autosandbox recommendation.

Okey-dokey, appreciate the feedback.

Doesn’t seem it was such a serious problem.

There was one thing, though, that caught my attention right quickly. That was the warning down at the bottom about losing saved data when the sandbox is closed. But before I can better understand that I have to get a better handle on this sandbox stuff – do some homework. Not had time for that. But that does seem mighty significant. Can see why that’s in red.

Anyway, I’ll keep an eye on this thread just in case anything else is to be added.

You’re welcome.

That is the point to get your attention ;D

The point of loss of data relates to running an application ‘in the sandbox’ everything is in a virtual environment, so when you close the sandbox/application any data generated ‘in the sandbox’ would be lost. This is not about data on your system ‘outside the sandbox.’

I found this thread to study:

http://forum.avast.com/index.php?topic=71259.0

And I must state the information is a little lacking. That little box of information doesn’t touch upon the “no data saved” thing. Sure seems that would be mighty important even before trying the tool.

Or with the case of Free we only can use it when it’s recommended, right?

I’m afraid that thread isn’t helping me quite get the picture.

If I’m going to lose “data saved” then I am not really “saving” it to begin with, right? Sort of like that air guitar thing – going through the motions but it doesn’t exist, no?

I sure wish somebody might give an ideal example about this.

I guess, virtual something-or-other as it relates to the Net or my computer hasn’t sunk in yet.

The problem with that topic it was never stated what the OP was on about the autosandbox (available in the free version) or the Full Sandbox (available in the Pro or AIS versions only).

The two are completely different, my comments above relate to the autosandbox function as you have avast free.