Hi everyone
Well i know that the auto sandbox in the free version is triggered when it find some executable file suspicious. I want to know who will finally decide the executable file is malware or not?? if i run a unknown program in the autosandbox and it turn out to be malware then what will happen? Which shield of avast will detect it?
Do i also need to research about the files suspiciousness?
Thanks for your time
Interesting question 
In the past ReyZoR and me asked the same question. And during our meeting in Prague I asked Igor ( one of the Avast Developers ) about it , and he told me that analyzing what is AutoSandboxed ( Behaviour Analisis ??? ) is maybe something for the future. I don’t know anything more about it yet. Sorry :-\
Greetz, Red.
Its a secret formula
Seriously the heuristics and algorithmic formulas that Avast uses are probably proprietary and maybe even protected by law.
However, the Avast White Paper on the link below gives some general guidelines
http://download851.avast.com/files/marketing/materials/whitepaper_scriptengine.pdf
Already kinda covered in this thread, particularly these posts:
http://forum.avast.com/index.php?topic=72517.msg604551#msg604551
http://forum.avast.com/index.php?topic=72517.msg604738#msg604738
http://forum.avast.com/index.php?topic=72517.msg605468#msg605468
@ Nesivos that was really interesting reading thanks for the link
@ Doktornotor thanks for the link i get the general idea. But still not clear, the main reason for me to asking this question is that for now avast is triggering the auto sandbox for harmless files in my system such as TFC, KM player, download accelerator plus, tera copy etc. I added all those in the exclution list because i am using those for years. Now suppose i downloaded some stuff (which may come bundled with malware) and want to install and sandbox comes into play and i decided to run sandboxed…then will avast somehow notify me of the danger during the sandboxed installation process?
As far as i know avast wont notify me because the main reason the autosandbox poping up means avast does not certainly know the file is harmless or not. ( hope i am wrong
KM Player has been known to install ad-ware
KMPlayer, new version, comes with CoolGram ad-ware
TFC.EXE has been seen to perform the following behavior:
Adds products to the system registry
Writes to another Process's Virtual Memory (Process Hijacking)
This Process Deletes Other Processes From Disk
Executes a Process
This process creates other processes on disk
Can communicate with other computer systems using HTTP protocols
Removes Scheduled Tasks from the Windows task queue
The Process is packed and/or encrypted using a software packing process
Found on infected systems and resists interrogation by security products
TFC.EXE has been the subject of the following behavior:
Added as a Registry auto start to load Program on Boot up
Created as a process on disk
Executed as a Process
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process
You might want to reconsider your use of these two products unless the above doesn’t bother you.
Here is some info on TeraCopy which I use and have excluded in AIS
. TeraCopy is packed with Obsidium for protection and registration key management.
Looks like some viruses was packed with Obsidium too and above AV companies added its signature as dangerous.
Hi doktornotor thanks for the article… now reading the article it seems that if some malicious program run inside the sandbox then the sandbox will automatically shutdown leaving the real pc unharmed… this is cool 
@ Nesivos thaks to u too, i really had no idea i am running this kind of program. Thankfully i have not got that adware from KM player may be because i downloaded it from cnet. But still I think i will drop KM… well i hv vlc which can play almost anything so i wont miss KM 
As for TFC, is this same TFC from oldtimer which many forum member advice to clean temp file??? Well i can delete that too as ccleaner will do the necessary work… I actually liked TFC it cleans up very thoroughly… …
As for tera copy i think i have to keep it…it really increases the copying speed.
Thanks again guys couldn’t live with out this forum…
With regards
Gautam7