Virtualization in Avast Pro 5.0-How Exactly Does It Work ?

Discussion in 'other anti-virus software' started by Securon, Mar 20, 2010.

Thread Status:
Not open for further replies.
  1. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,935
    Location:
    London On
    Good Afternoon ! Currently using Avast Pro 5.0 and as you know one of it's features is Virtualization. Being a newbie I placed Firefox 3.6 in Virtualization Mode, and in doing so a thin red strip appears around the perimeter of the browser, does this indicate it's activated ? And as a footnote how exactly does it work ? Sincerely...Securon
     
  2. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    If you got the red border that is an indication that it is indeed working for you. I have never been able to get it to work on my box even after following instructions to the letter...:rolleyes: :)
     
  3. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    Yes, the red line indicates it's activated. To be sure you could also check if in
    Process Virtualization menu in Avast, Firefox appears as a virtualized process. How exactly it works I don't really know. What I know is the running process/application cannot harm the rest of the system if virtualized...at least this is what sandboxes promise to do.
     
  4. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    I have lost the right click option: run virtualized but I can start virtualized processes from inside avast's interface and all work well, including the red line. I have noticed that the red line and the virtualization does not work, if for example you have already opened a firefox window ( but this could be normal ).
     
  5. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    I can't get Firefox or IE to open at all. Someday I will look into it more. Otherwise the Suite seems to run great...
     
  6. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    It works flawlessly for me. I have turned off the red border though. I find it annoying. I have IE set to only run virtualized and FF to set only to run virtualized. The main question I have is how does it work? If Avast flags something as suspicious and auto-deletes or auto-quarantines it is it safe to turn off the Avast shields and run it virtualized to see what happens without risking infection?
     
  7. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,935
    Location:
    London On
    Good Evening ! Thanks for everyone's input. Another observation is when I tried to enter and run I.E.Explorer 8 a window pops up stating I.E.8 can't be located,very strange, I don't know why this is,because my wife uses I.E.8 exclusively,so too my eyes it's online. And someone else observed the steps taken are you have to first enable Virtualization and then open the browser,I suppose from a security protocol this makes sense. I believe I read on Avast 5 forum at Alwil that I.E.8 and Windows 7 aren't compatible with Virtualization, I'm not entirely sure about how accurate the statement is but it might explain as to why I might not be able to enter I.E. 8. Although in retrospect it's hard to fathom why it wouldn't be compatible. If someone can help it would be appreciated. Sincerely...Securon
     
  8. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    It works in Win7x64 Pro as seen by my screenshot.

    Now when you enable it are you guys going into Avast and making sure the process virtualization is on and then adding the exact location with the browse button?

    When I first installed Avast I had issues like this. I uninstalled and reinstalled. Try that out. You may have a corrupt module somewhere causing conflicts.
     

    Attached Files:

  9. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Does avast pro w/ the virtualized run slow or no impact?
     
  10. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    It doesnt impact the system. It slows browser start up a tad, but only the start up. Other than that its fine.
     
  11. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    yeah sandboxie slows my browser startup a little bit too.
     
  12. Securon

    Securon Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    1,935
    Location:
    London On
    Good Evening ! Thanks for the advice whitedragon551,I went to the advanced user mode within the Virtualization Process module and was able to add I.E.8 to my user list. The trick as you mentioned is going to the module first and entering the required information. Sincerely...Securon
     
  13. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    Glad to help. Now we have some info to find. The main question I have is how does it work? If Avast flags something as suspicious and auto-deletes or auto-quarantines it is it safe to turn off the Avast shields and run it virtualized to see what happens without risking infection? Lets say that file is deleted or closed does the information from that program that was sandboxed just get deleted and disappear or does it linger?
     
  14. Vladimyr

    Vladimyr Registered Member

    Joined:
    Feb 11, 2009
    Posts:
    461
    Location:
    Australia
  15. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    Heres the info for anyone that doesnt want to link to Avast.

    All file-system changes done by a sandboxed application are virtualized (these modified files are stored in the hidden folder in root: "\## aswSnx private storage"). The folder can be visible if you set HideTarget=0 in "%avast data folder%\snx_lconfig.xml" file. File changes are cached in memory, so any unapproved file modifications in this hidden folder may lead to "undefined" state. I think these attempts are also blocked by our driver (not sure right now). All registry changes are also virtualized (see "HKEY_CURRENT_USERS\__aswSnx private storage" hive), all named objects (events, sections, ...) are virtualized (download winobj.zip to see Windows Object Manager namespaces), in-process communication (LPC/ALPC) is virtualized. Process/Thread/... modifications are blocked or limited. Windows names/classes/SCM/WinHooks will be virtualized in next version.

    Avast sandbox uses pre-defined exceptions for the most browsers (see snx_gconfig.xml), i.e. bookmarks/cookies/history are excluded automatically from the virtualization and everything you'll download (by standard way, e.g. by using SaveAs dialogs, ...) are also excluded. However, every file which would be saved by malware is virtualized. We plan to add more options into expert settings in upcoming versions.
     
Loading...
Thread Status:
Not open for further replies.