I have an app running on client machine. Yesterday I got a call that all the stuff they had put in the database over the last few days is missing.
I went to clients office today and when I started the app up came this dialog warning me about the app and talking about sand box. I selected run normally from the drop down and the app proceeded to open. The app GUI was surrounded by a bright red line.
Never saw this before. I asked the client about the dialog and they said they didn’t know what it was and clicked Ok thus running in the sandbox and discarding all their input. I was shocked.
I have never seen anything like this and whoever designed it to function like this deserves the stupid programmer award.
After disabling this feature, I came back to my office and check the versions of Avast on my 2 other computers. Neither has this option. Where did it come from and on what version?
Did it ever occur to you to not install it in an enabled condition and pop up a dialog explaining what it is and asking if the user wants this running??
I spent 4 hours with the client inputting the data that was lost to this stupid improvement.
Sounds like the OP needs to do a better job of learning and understanding the software he is installing on his clients machines, and then, the OP needs to do a better job of explaining to his clients how to use the software.
I selected run normally from the drop down and the app proceeded to open. The app GUI was surrounded by a bright red line.
This is not possible unless the client told it to run sandboxed and then,and only then, also told avast to remember the answer. (But, this is not possible either since the option to remember is greyed out if you choose to run the app sandboxed) If you click on run normally, there will be no red border around the apps gui and the program will function fully.
There was such anger in his post and he had only one post, so I was concerned he might be a troll. The Sandbox is a wonderful feature! It provides protection for programs that might be suspicious, but have not yet been confirmed as viruses. Sandboxing, in Avast 6, allows the users to either prompt (default), auto-run, or disable working with files of this nature. When sandboxed, the system and your identity cannot be harmed. When you close the program, it “disappears” from the sandbox and system, like it was never there. This is part of Avast’s virtualized environment. A barrier that protects you the user, and your files.
In my opinion, autosandbox warning box is shown for a lot of applications very often and I think heuristic is too strict. Unfortunately, vlk & other viruslab guys do this on purpose (marketing). I’d like to see autosnx box only when avast is really not sure about the application which is going to be executed. I’m sure, most our avast free users (where autosnx feature is included) don’t have a clue what’s the sandbox and how it works. They just need silent antivirus, running in background and without additional configuration - showing annoying popups don’t really help.
Interesting. I’m not seeing all that much popups. So far the only problematic stuff were Adobe Flash based games on Steam (like Machinarium or Windosill). Those usually trigger Auto Sandbox dialog. But if you think of it, Flash content running in browser and executed through Steam. I’d be suspicious as well.
But certainly this requires refinement over time to make less popups when not needed like you pk suggested.
I don’t see the autosandbox that frequently on my two systems Desktop XP Pro and netbook win7.
I have downloaded lots of small applications/tools, etc. and or updates and running them on the XP Pro system seems to bring up more autosandbox pop-ups than the win7 netbook.
This is strange as frequently I just copy the app/tool onto a USB stick and install it on the win7 netbook from the USB. I would have thought that in doing it this way I would get more autosandbox pop-ups rather than less.
Marketing? I’m not sure what you mean here, i.e. how would it help avast (in any way) if the autosandbox popups were too frequent (or inaccurate).
The algorithm is being fine-tuned continuously, and also, before a new heuristics method is added, we also test it quite extensively (i.e. once we implement the algorithm, we deploy it to the user base, but instead of popping up the autosandbox offer we just report about the samples so that we can check what they are and whether the detection is accurate.
On the other hand, I’d like to add an easier way to report autosandbox false positives (i.e give users a simple way to report FPs directly from the offer dialog).
Well, as for me I’d like to see popups only for very suspicious applications. When such application will be executed in sandbox, tiny popup on right side of screen should notify user that app was executed in sandbox. When it terminates itself, another popup should tell user how many operations were suspicious/blocked and show user-friendly information report.
Isn’t this really were the avast ComminityIQ should come in, for every alert/notification of the autosandbox, shouldn’t that information be passed up the CommunityIQ chain ?
Diving slightly off topic, but still on the FP and CommunityIQ theme, anti-rootkit suspicious alerts have been on the rise with a number of FPs reported in the topics. This too is an area that it needs to be easier for users to report possible FPs. Currently that is non-existent and I don’t know what happens in relation to the CommunityIQ and suspicious anti-rootkit pop-ups ?
But the problem is that the user isn’t aware that what happens in the autosandbox is lost at the end of the autosandbox session (part of the OPs irate post). Any installation as such isn’t happening in the real environment and the user wonders why his program hasn’t installed.