i'm using proactive internet security and more importantly i could able to see below entry under D+ --> My Protected Files = %windir%\system32\*. So, logically i guess an alert or entry should be blocked. or else am i missing some thing??
The
install.exe did not try to access this Path...
%windir%\system32\Because it was running in the Sandbox, it tried to access this Path instead...
C:\Sandbox\Harsha\DefaultBox\drive\C\WINDOWS\It seems that 'Sandboxie' allows it to make changes INSIDE the Sandbox, and then Defense+ Stops it because it thinks its about to try to do something OUTSIDE of the Sandbox.
This would explain why you saw the Host File had changed INSIDE the Sandbox.
I could be wrong, I'm just guessing here...

Hope this helps.
