Sandbox flags O&O Defrag 2000 Free as potentially unsafe

C:\WINDOWS\system32\OOD2000.exe, opened by C:\WINDOWS\system32\services.exe

I’m fairly certain you can tell Avast that O&O Defrag is safe. -kd5-

Well if you select Run normally and remember this answer, etc.

I believe if you subscribe to the avast Community IQ feature then that information should be communicated to avast, to help other avast users with this same application, though it is very old if 2000 relates to the year.

Perhaps newer versions might not be considered suspicious.

  1. I did select ‘Run Normally’ and ‘Remember this answer’ but why should I have to do that for a legitimate application?

  2. I’m letting the Community know now, in this thread, that it’s happening, so this is a moot point.

  3. It shouldn’t matter that O&O Defrag 2000 Free is an older application and I don’t understand why that should have any bearing on this issue. If Avast’s Sandboxing is going to protest legitimate applications, regardless of how old they are, from running on my computer, or my customer’s computers, then Avast’s Sandboxing is not nearly as intelligent as it needs to be for it to be a viable solution to the problems it is attempting to protect us from. -kd5-

I just tried to install Nero 6, Avast’s Sandboxing protested to Nero’s installers.

You have got to be kidding me. -kd5-

Kd5, I understand your concerns, but on the other hand, from what you have just said, the O&O executable file really looks incredibly suspicious…

I mean, look at this:

  • the file is located in the Windows directory - something that legitimate software rarely does, but malware does all the time
  • the file is obviously not digitally signed (which is against good habits)
  • the file is likely to be internally encrypted

All in all, it really looks like a piece of malware.
Now, of course, we can whitelist files like this, but the fact is that the AutoSandbox was designed to alert on those “gray zone” files, really.

Thanks
Vlk

I’m satisfied with how the AutoSandbox works. It alerted on C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe on my machine. I set it to run normally, as it has been on my machine since 2006. It’s part of the software that came with my HP 7310 AIO printer, and HP software just isn’t the best. As an extra precaution, I sent the file to VirusTotal which gave it a clean bill of health.

As far as I’m concerned, the AutoSandbox is working as advertised.

Auto sandbox is also warning Primo PDF 5.2 (pdf printer driver) as potentially unsafe.

Had AutoSandbox ask me about sandboxing HDD Health v2.1 Beta Build 159 as well. I simply told it to run normally and remember my choice as I’ve used the program for a couple years now and is most certainly legit as far as I’m concerned.

I see no problem, seeing as AutoSandbox is merely suggesting the use of sandboxing rather than forcing sandbox or blocking the program. It’s just Avast being nice and saying “Umm, do you really want to run this? I find this software strange, just tell me if it isn’t. :)”