Like many others, I found auto-sandboxing’s inability to handle the user’s choices for a given app “on the fly” (i.e., immediately) quite irritating … regardless of your choice, the app is terminated immediately and must be restarted even if you’ve selected “run normally”, only applying the choice to the restart.
Since the vast majority of auto-sandboxing (in my case, anyway) occurrences involved the insufficient-data parameter with apps I’ve had for years, I’ve unticked that, and the removable-media one, to rely strictly on static and heuristic analysis of the files as well as suspicious sources. And the auto-sandbox is almost never kicking in any more. So in its settings I’ve got only the first, third, and last options ticked.
I realize this is one of those security-vs.-usability choices, but I doubt if my risk is increased significantly since a real threat should probably be caught by other parts of the file shield, or by one of the other shields. This choice will become more critical as an alternative to completely disabling auto-sandboxing, since I understand Avast intends to eliminate the “ask” option sometime in the relatively near future.
Comments, particularly with regard to whether I’ve underestimated the risks?
I second this complaint. I have just had an annoying experience where I was trying to view a PDF on line and Avast! kept popping up the sandbox message and blocking the display. There seemed to be no way to get around it, except to close down the browser and modify my Avast! settings in the way Mike suggests. The problem occurs whenever I upgrade a program to the latest version. Avast! doesn’t recognize this situation and complains about the lack of reputation.
Well, the default option for the autosandbox is Ask, it was only the early build versions of avast7 that had it set to Auto.
In the short time that it was set to Auto the forums were alive with complaints about its autonomous actions. Mostly because it was pinging ‘old programs’ that were never before picked up. That was I feel a bit of a misunderstanding of what the autosandbox seeks to do. It isn’t saying the file is infected (as it has primarily passed a conventional scan by the FSS), but it has triggered a number of the things the autosandbox is looking for when trying to protect against unknown/zero day infections which wouldn’t be caught by conventional scanning.
It is essentially another level of protection and one which for it to do its job is difficult to find a balance where it isn’t to sensitive, yet not so lax as to be of little worth.
So mine is on Ask and I am able to make decisions on the fly (as you say), as soon as an application triggers the autosandbox, I’m able to make my decision to Open Normally and select ‘Remember my answer for this program’ and that is it done.
Mine was set to auto. I can only assume that since I installed an early version of avast!7 that
none of the subsequent updates ever changed that setting.
I’ve now manually made the change but I’m not the only one to have started with an early version of avast! 7.