I have downloaded an exe file that is a setup file to install a programme. I ran it sandboxed, and it failed.
So I tried scanning it, before making it a trusted file in the hope of unlocking it. However the scan simply refuses to work, instantly flashing up 0 objects scanned and not action indicator movement. Even after I made it trusted it will still not scan.
Any advice appreciated. I am still a bit puzzled about how the sandbox works and how to get a programme out of it once in.
If a program got automatically sandboxed it was added to the list of Unrecognised Files. You can select the file in Unrecognised Files and moved it to Trusted Files. Then restart the program and it should normally be run as trusted application.
I don’t know why the AV says it scanned 0 objects. Is it bigger than 20 MB?
Is there anywhere that lays out sandboxing, releasing, and the implications of sandboxing, please? I would really like to know exactly what goes on, what it stops from happening, both from the POV of the programme and from the POV of protection. Some installs do not care about SB, while others do and fail to install.
Yes it is over 20MB. I sortedf by size and yes everything over 20MB fails to scan. Can that limit be set somewhere? Even for manual scans?
Actually I am still not sure why the 20MB size limit is there. Isn’t a large file just as likely to have an embedded nasty as a small file. I realise that many nasties come in small files, but can’t they infect an exe etc and just sit and wait? Also if I dl a large file, it may well have a nasty in it. There are so many large downloads these days. Something seems to have either mined me, or somebody who has a couple of my email addresses recently.
The limit can be set under Anti Virus → Scanner Settings for the On Access scanning, manual scanning and scheduled scanning.
Actually I am still not sure why the 20MB size limit is there. Isn't a large file just as likely to have an embedded nasty as a small file. I realise that many nasties come in small files, but can't they infect an exe etc and just sit and wait? Also if I dl a large file, it may well have a nasty in it. There are so many large downloads these days. Something seems to have either mined me, or somebody who has a couple of my email addresses recently.
That size is the result of design considerations. Big files are often archives and may take a long time to scan. Why make the scan of big archives longer when the malware will be seen once you unpack it?
It just boils down to your own preferences with this. Simply test and try and set it to your needs.
