Virtualization in Avast Pro 5.0-How Exactly Does It Work ?

Good Afternoon ! Currently using Avast Pro 5.0 and as you know one of it's features is Virtualization. Being a newbie I placed Firefox 3.6 in Virtualization Mode, and in doing so a thin red strip appears around the perimeter of the browser, does this indicate it's activated ? And as a footnote how exactly does it work ? Sincerely...Securon

 

If you got the red border that is an indication that it is indeed working for you. I have never been able to get it to work on my box even after following instructions to the letter...

 

Yes, the red line indicates it's activated. To be sure you could also check if in
Process Virtualization menu in Avast, Firefox appears as a virtualized process. How exactly it works I don't really know. What I know is the running process/application cannot harm the rest of the system if virtualized...at least this is what sandboxes promise to do.

 

I have lost the right click option: run virtualized but I can start virtualized processes from inside avast's interface and all work well, including the red line. I have noticed that the red line and the virtualization does not work, if for example you have already opened a firefox window ( but this could be normal ).

 

I can't get Firefox or IE to open at all. Someday I will look into it more. Otherwise the Suite seems to run great...

 

It works flawlessly for me. I have turned off the red border though. I find it annoying. I have IE set to only run virtualized and FF to set only to run virtualized. The main question I have is how does it work? If Avast flags something as suspicious and auto-deletes or auto-quarantines it is it safe to turn off the Avast shields and run it virtualized to see what happens without risking infection?

 

Good Evening ! Thanks for everyone's input. Another observation is when I tried to enter and run I.E.Explorer 8 a window pops up stating I.E.8 can't be located,very strange, I don't know why this is,because my wife uses I.E.8 exclusively,so too my eyes it's online. And someone else observed the steps taken are you have to first enable Virtualization and then open the browser,I suppose from a security protocol this makes sense. I believe I read on Avast 5 forum at Alwil that I.E.8 and Windows 7 aren't compatible with Virtualization, I'm not entirely sure about how accurate the statement is but it might explain as to why I might not be able to enter I.E. 8. Although in retrospect it's hard to fathom why it wouldn't be compatible. If someone can help it would be appreciated. Sincerely...Securon

 

It works in Win7x64 Pro as seen by my screenshot.

Now when you enable it are you guys going into Avast and making sure the process virtualization is on and then adding the exact location with the browse button?

When I first installed Avast I had issues like this. I uninstalled and reinstalled. Try that out. You may have a corrupt module somewhere causing conflicts.

 

Does avast pro w/ the virtualized run slow or no impact?

 

It doesnt impact the system. It slows browser start up a tad, but only the start up. Other than that its fine.

 

yeah sandboxie slows my browser startup a little bit too.

 

Good Evening ! Thanks for the advice whitedragon551,I went to the advanced user mode within the Virtualization Process module and was able to add I.E.8 to my user list. The trick as you mentioned is going to the module first and entering the required information. Sincerely...Securon

 

Glad to help. Now we have some info to find. The main question I have is how does it work? If Avast flags something as suspicious and auto-deletes or auto-quarantines it is it safe to turn off the Avast shields and run it virtualized to see what happens without risking infection? Lets say that file is deleted or closed does the information from that program that was sandboxed just get deleted and disappear or does it linger?

 

From pk on the avast! forum

 

Heres the info for anyone that doesnt want to link to Avast.

All file-system changes done by a sandboxed application are virtualized (these modified files are stored in the hidden folder in root: "\## aswSnx private storage"). The folder can be visible if you set HideTarget=0 in "%avast data folder%\snx_lconfig.xml" file. File changes are cached in memory, so any unapproved file modifications in this hidden folder may lead to "undefined" state. I think these attempts are also blocked by our driver (not sure right now). All registry changes are also virtualized (see "HKEY_CURRENT_USERS\__aswSnx private storage" hive), all named objects (events, sections, ...) are virtualized (download winobj.zip to see Windows Object Manager namespaces), in-process communication (LPC/ALPC) is virtualized. Process/Thread/... modifications are blocked or limited. Windows names/classes/SCM/WinHooks will be virtualized in next version.

Avast sandbox uses pre-defined exceptions for the most browsers (see snx_gconfig.xml), i.e. bookmarks/cookies/history are excluded automatically from the virtualization and everything you'll download (by standard way, e.g. by using SaveAs dialogs, ...) are also excluded. However, every file which would be saved by malware is virtualized. We plan to add more options into expert settings in upcoming versions.