HI
I have began working with the sandboxie program.
Question: Does the AV still work under this virtual environment? or maybe it works but no need for it there, only outside of the sandbox ?
Thanks
EP
HI
I have began working with the sandboxie program.
Question: Does the AV still work under this virtual environment? or maybe it works but no need for it there, only outside of the sandbox ?
Thanks
EP
HII have begun working with the sandboxie program.
Question: Does the AV still work under this virtual environment? or maybe it works but no need for it there, only outside of the sandbox ?
Thanks
EP
Hi Eli,
Another darn good question from the Question Master.
I should hope that you could to test new versions of AV software.
I don't have the capacity yet for a "Sandbox" yet but I am sure interested in the answer.
I avoid any "Free stuff" unless I see it mentioned here on the forum.There is is too much Rogue software out there now.
All they want is one click to allow their download and then you are out of control of your PC.
davey
HII have began working with the sandboxie program.
Question: Does the AV still work under this virtual environment? or maybe it works but no need for it there, only outside of the sandbox ?
Thanks
EP
I dont *think* it will work. iirc the sandbox prevents drivers from installing.
But why do you want avast sandboxed anyways?
I dont *think* it will work. iirc the sandbox prevents drivers from installing.
But why do you want avast sandboxed anyways?
Hi
I shall make myself clearer : My antivirus is avast, being the fact that it works off the browser, the question is if the antivirus is able to get in to the virtual environment to do it`s job .The question comes from the looking at the antivirus , as a second defence line in case the sandbox fails to delete all the "goodies".
Thanks
EP
Hi...the question is if the antivirus is able to get in to the virtual environment to do it`s job ...
Hi Eli.
I just did this experiment...it may answer your Q.
1. Opened IE7 sandboxed with avast running.
2. Went to the eicar test virus site: http://www.eicar.org/anti_virus_test_file.htm
- eicar files are not real virus files, but they trigger an antivirus alert.
3. Tried to download the test virus files. Avast caught them, so they never downloaded into the sandbox.
4. Turned off avast on access scanner. One really shouldn't do that, but I did anyway.
5. Downloaded the eicar test files. They went into the sandbox, not the folder I sent'em to, of course.
6. Turned avast back on.
7. Scanned the sandbox with avast. avast found and removed the all the eicar test files, so they are no longer present in the sandbox.
So: avast prevented the download of a (not really) malicious file, and then removed it from the sandbox after it was downloaded anyway. Doesn't really mean that avast can be installed into a sandbox, don't know about that, but does mean that if a malicious file gets there, avast will find it just as it would at some other place on the hard drive.
You can use windows explorer to look at the sandbox; on this computer it is located at c:\sandbox and contains all the files and folders modified during a sandboxed session. You may need to have the "show hidden files and folders" option checked.
Also, I think the siren when avast finds something is nifty.
I use avira and sandboxie. I do not use avira sandboxed, just my browser.
Avira will warn me if I go to a page with a virus etc and suggest deny access. I say yes.
If I then look in avira events it will list it saying it found it in the sandbox, and that gets emptied anyway
Hi Eli.
I just did this experiment...it may answer your Q.
1. Opened IE7 sandboxed with avast running.
2. Went to the eicar test virus site: http://www.eicar.org/anti_virus_test_file.htm
- eicar files are not real virus files, but they trigger an antivirus alert.
3. Tried to download the test virus files. Avast caught them, so they never downloaded into the sandbox.
4. Turned off avast on access scanner. One really shouldn't do that, but I did anyway.
5. Downloaded the eicar test files. They went into the sandbox, not the folder I sent'em to, of course.
6. Turned avast back on.
7. Scanned the sandbox with avast. avast found and removed the all the eicar test files, so they are no longer present in the sandbox.
So: avast prevented the download of a (not really) malicious file, and then removed it from the sandbox after it was downloaded anyway. Doesn't really mean that avast can be installed into a sandbox, don't know about that, but does mean that if a malicious file gets there, avast will find it just as it would at some other place on the hard drive.
You can use windows explorer to look at the sandbox; on this computer it is located at c:\sandbox and contains all the files and folders modified during a sandboxed session. You may need to have the "show hidden files and folders" option checked.
Also, I think the siren when avast finds something is nifty.
HI
Thank you for your very thorough reply.
I forgot to post it ,but last week I was surfing sandboxed and guess what?...avast gave me the
awakening with it`s siren..., it detected a virus and didn't let in the sandbox just as you described in your test ,the only difference was that this virus was for real!
Regards
Eli