What are things needed that my software will not be marked as “suspicious” ?
If you’re a develper:
It should be clean and not a PUP.
It also should pass all the autosandbox testings (screenshot).
If you’re an user and you sure it’s clean, you can make an exception into the autosandbox settings.
I’m developer.
My files are clean, I’m checking it on virustotal.com.
I don’t know how to avoid that my exe is not suspicious or that my exe file have not low reputation.
I can only confirm that file is not run from removable media, other conditions are still unclear for me.
I’m interested what I can do (for example) to avoid this: Static analysis finds the file suspicious.
What are conditions that Avast think that file is suspicious?
If possible, please send me all solutions (for all conditions), because I will not that my exe is threated as potentially unsafe.
P.S. What is PUP?
I (as developer) can not be sure, so I can not tell my customer - you can uncheck autosandbox feature. I have not right to do that (because I can no guarantee that my file is not somehow infected).
Problem is - file is NOT infected, but suspicious. Why?
Today I was remote connected by customer and can not put some exe in the exceptions. At the end, I need to uninstall Avast.
Thank you.
Well, I think that the developers can only talk “generically” or malware creators will just follow the guide
I need to solve problem with Avast Sandbox. Please help me regarding that.
I’m not writting viruses, I make my living with my software.
Thank you.
@freecrm@live.com: i am not 100% sure if generating a support ticket would be the way to get ur programme whitelisted by Avast? but i think its worth the try.
see the screenshot to generate support ticket
edit: u can also submit support ticket from here: http://support.avast.com/index.php?languageid=1&group=eng
I do not think you are going to solve it.
Avast! has ventured into the realm of fuzzy definitions. Meaning it is no longer just about traditional Positive vs. False Positive. Now Avast! will also say it is “Unsure”. And the decision will be left to whomever uses your software to trust it or not. You are surely not the only small developer who will be annoyed by this…see here for more on this and scroll down to the comments to see others like yourself>>https://blog.avast.com/2012/03/20/autosandbox-why-are-you-annoying-me/
I’m not 100% sure either, but I think that there is no Whitelist, just the various checks, and File Rep. Avast! has always stayed away from the Whitelist approach.
Thank you for your suggestion.
I have written to support.
I have send them whole setup from one of my application.
No nswer at all. That was before 31 day.
I do not think you are going to solve it.
Thanks for the link.
It seems to me that Avast plays God - I decide on the basis of my and my only reason, that your file is suspicious.
They do not want to listen to - it’s not a problem to turn off the sandbox, the problem is to explain to potential customer that I can not buy a digital certificate, but I just want to earn some money from my software.
Another thing - they can not confirm that digital sign will stop the sandbox.
And problem is to explain a customer that file is each time they run it - suspicious. Looks like one time is not enough.
Funny thing is - sandbox popup’s each time and tell: I’m not found problem, but I’m not sure, but you should be carefull when run that file …
I simply do not understand things, instead Avast give to the developers full support, they decide what is suspicious based on they reasons (which they will not tell).
It is so easy to ignore someone. Avast do that again and again. I’m just asking for help.
So, Avast company, please help me solve problems which you produced.
For start, what I need to do to stop Sandbox to research same file again and again?
Digital signing is one of the first things to do.
have do that already. and moved my app to \Program files\ folder. and added manifest to exe.
problem is - i never don’t know am I done or not, because, sometime - same file - is sandboxed, sometime not. same file. same conditions, same day.
that’s frustrating, and from developers side, thing are 1 or 0, black or white, things can not be 0.5 or gray.
I can accept that my file is infected. I can accept that I go to jail if I write viruses, but I can not accept that someone decide to drive some rules and will not explain conditions.
I can also not accept that ignorance and silence. Have posted setup to them more them month ago - nothing. no one word. I have also posted many questions on this forum. nothing. why is that? why such arrogance ? I’m asking just to solve my problem. Instead, I’m wasting my time writting this and previous post, connectiong to my customers and uninstalling Avast… I just can not understand. What that Avast people think? Is there some higher level of support or some manager? I’m asking some explanation, so people, please stop to play games and start to explain. Please.
No one is “playing games”. We have the same info you do as to as to what triggers the autosandbox; the image that Tech posted above.
If you expect every single facet of what triggers the autosandbox to be completely transparent (to anyone but Avast! internally), I have a feeling you are going to be disappointed.
Like Tech said, if they told everyone exactly how it worked, it would not be effective against malware for very long.
Plus, different things will likely trigger it at different times; they will adjust it to try and catch current malware outbreaks and behaviors. So on concrete response to “what triggers it?” might not even be possible.
I’m afraid no matter how much you want this to be about 1s and 0s, it is about 0.5s or grays. What you want is the same as all developers who run into this want; a whitelist. And as I mentioned, Avast! has always strayed from this approach.
As far as management goes, it does not get much higher than the CTO>>http://forum.avast.com/index.php?action=profile;u=4 , you can try to email him, can’t guarantee he will respond, nor can I say he will give you any better news than I did, but nothing is stopping you from trying.
Obviously you can not put in my role, but please try.
I am a shareware author, my program can be downloaded from lot of pages. A potential customer wants to try the program and this time Avast show a message about a suspicious file.
If I were a potential customer, I would believe in Avast and not a some “noname” authors. I think I will not execute the program, but immediately shut down it and uninstall. I think I would not read what it says, enough for me to see a message that something is wrong. I have too much valuable data on my computer and do not want to risk.
I am not looking for things to cheat sandbox, but to tell him I’m not a virus?
On the other hand, the better idea is that I do not have to think about it, but Avast analyze my file and realizes that it is not a virus, not that 100 times and checked every time he says I do not have enough information but be careful … This is what I do not understand - Avast does not know to solve a problem than a “thought” that the file is suspected by me indicates a potentially unsafe authors. For some time I’m ruined.
This is the case, what kind of arrogance I have seen in the business world and ignore the proven obvious problems.
@freecrm@live.com: the thing is that grey area is needed because it is impossible to convict every single file to malicious or not malicious.
autosandbox suspects ur file for valid reasons, not being without such. (refer to tech’s screenshot at post 2)
i understand Avast cannot reveal how they convict ur file cause of competition, making it ineffective.
however, i do empathise with u that potential revenue will be lost due to this.
continue trying at least for the next week. todays still the weekends so theres likely to be no Avast team ppl around.
we as normal users cannot do anything for u but place our thoughts here…sry
Thank you for your try to help, but I have sent them some of my installations before 1.5 month. I have written lot of posts here (on non weekend days). I have posted some support ticket’s …
That’s the things that I’m talking about. They will not answer, try to help or something.
They say (just like you) that there are valid reasons:
Maybe this one:
Avast: Static analysis finds the file suspicious …
Avast: you know, we can not tell you …
or this one:
Avast: The file reputation is low…
Avast: you know, we can not tell you …
I just can not believe how simple is that what I’m asking and nobody can understand.
Again, I have nothing against you or against other users who try to help.
Basically avast sandbox is saying it doesn’t have enough info about those files to make a decision, the next time you get the sandbox warning popup you can tell it to open normally next time and then you wont recieve the alert again, once avast has enough info about those files which they do collect via the community feature they will be added to the database as was some of the Realflight.exe files i run for my flight simulator, up until to two weeks ago i had to have them excluded in the sandbox but there not detected anymore now so it just takes time.
hopefully it does not take too long for his files to be added to database (it seems like he has been waiting for 1.5 mths)
@freecrm@live.com: have u tried running the files recently again? do they still trigger the autosandbox?
some info about how filerep is linked to autosandbox: http://www.avast.com/pr-avast-software-detection-is-faster-when-filerep-knows-all-the-clean-files
there, it says ’ The FileRep database includes several billion executable files with additional files added daily’. based on that, i would also infer that Avast is still collecting info on ur files to decide whether to release ur files from autosandbox or not.
Alot depends on how often the file is being reported to avast, i can remember one of the mods saying that after a file has been reported a couple of hundred times they have a good idea if it is safe or not, as the Realfight simulator i was using is a very popular program and iv had it for the last 3 months and it wasn’t included till two weeks ago.