Am i missing something?

Right i`m trying to manually upgrade Foxit Reader to the latest version. I do it through the program itself and it goes to update then i get access is denied and a sandbox alert appears which i ask for the file not to be sandboxed.
But guess what! They are still sandboxed!

Why is this? The executables concerned are signed by Foxit is signed and Foxit is in the list of trusted vendors.

Comodo has just secured my PC by automatically isolating this application ??? Sorry no means my Foxit reader is not updated to the current version which has some security updates!

So what to do? I move the files from My Pending over to My Safe but what does that achieve? Nothing at all because when i run Foxit reader i am still using the old version 3,3.0.3040

I can go to my User->X->AppData->Local->Temp. That`s where the new Foxit Reader.exe is and run it from there.

Looks like i may have to reinstall to get the latest version which is crazy… :-TD

Im sorry but im starting to find this whole Sandbox thing a complete waste of time. It seems like it`s just a slightly modified pending files which completely messes up certain things.

Has anyone else experienced similar things i.e. Signed Trusted Software not being able to update properly?

Almost same thing today but I’ve updated Foxit through Filehippo updater (I’m a lazy guy and from time to time I’m checking for updates with FileHippo Update Checker).
Installed newest Foxit launch it and Sandbox popped up. Move it to My Own safe files, publisher is trusted and no more alerts but IMO it was an odd behavior from Sandbox.

Did you try disabling the Sandbox before running the updater? You are still protected by D+. If you trust the FoxIt updater, you should have no problems.

Got similar results after installing Foxit 3.2 (3.2.0.303) and attempting to update using “Help > Check for Updates Now…” (Add Reader Update\Foxit Reader 3.3.1.0518 Upgrade + Install )

The updater downloaded two files (Foxit Reader.exe and Upgrade.exe) in the %Temp% folder

Upgrade.exe got automatically sandboxed.

Both downloaded executables Digital certificates fail Windows validation (Error message: “This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.”) The issuer CA is Godaddy.

The (already installed) Foxit 3.2 Digital certificate is successfully validated though it got a different issuer CA (Thawte )


Windows XP 32 bit SP3 and later updates CF 4.0.141842.828 "Automatically detect the installers/updaters and run them outside the Sandbox " Disabled
%Temp%\Upgrade.exe Digital signatures pics: [url=https://forums.comodo.com/index.php?action=dlattach;topic=56672.0;attach=50206;image]upgrade-1.jpg[/url], [url=https://forums.comodo.com/index.php?action=dlattach;topic=56672.0;attach=50208;image]upgrade-2.jpg[/url] %Temp%\Upgrade.exe doesn't appear to have an UAC elevation manifest

%Temp%%Temp%\Foxit Reader.exe Digital signatures pics: foxit_temp-1.jpg, foxit_temp-2.jpg

%ProgramFiles%\Foxit Software\Foxit Reader\Foxit Reader.exe (ver 3.2) Digital signatures pics: Foxit_3.2-a.jpg, Foxit_3.2-b.jpg

Adding " Go Daddy Class 2 Certification Authority" to Windows repository of Trusted root certificates (Installing.root.jpg , Adding-Root.jpg) made possible for Windows to successfully validate the executables downloaded in %Temp% folder…

…but even after a reboot D+ does not recognize them (eg Adding to Trusted vendor result message “digital cert is not valid”) and automated sandboxing will still be applied.

I might be wrong but it looks like D+ don’t rely on Windows Trusted Root Certification Authorities store (maybe for security purposes) ???

[attachment deleted by admin]

This happened to me also. I disabled SandBox until it can be refined.
edit.
I also had to add the program to ‘My Own Safe Files’ to get it to work correctly.

Superb research Endymion!

On the quoted issue. I have noticed sigverif giving different results to CIS in signature checks in the past. Have not raised this as I was not sure whether the users involved were using sigverif correctlly. It’s easy to forget to fill in all the info (inc. extensions) on the advanced tab.

Maybe CIS is performing deeper checks. Maybe its checking vs the Windows catalogue sometimes for Windows files - not relevant in this case I know, but sometimes running sfc or reinstalling a service pack seems to solve things when nothing else will.

Best wishes

Mouse

Good stuff Endy :-TU

This is the type of thing that just leaves you ???

Do i untick “Automatically run unrecognized programs in the sandbox”!

I have “Automatically detect installers/updaters and run them outside the sandbox” and “Automatically trust files from trusted installers”

p.s. On my 7 box the digital sigs ( By GoDaddy counter signed by Verisign) conform to windows Verification :o

Wheres my bucket and spade? Im gonna build a castle ;D

[attachment deleted by admin]

Yep. In my case nor even windows validation was successful. :o ;D

Found Configure Trusted Roots and Disallowed Certificates | Microsoft Learn update was necessary to avoid adding godaddy root manually.

Looks like Foxit Reader 3.2 got a slightly different vendor name “Foxit Software Company” whereas Upgrade.exe got “Foxit Corporation”

Please confirm if “Foxit Corporation” vendor name is not in CIS list of trusted vendors

Still looking into it. After applying kb931125 I was able to add “Foxit Corporation” to My trusted vendors whereas adding godaddy root manually I get “This file does not seem to be valid signed executable” error.

Hopefully somebody else using XP (without kb931125) can confirm if they can reproduce this aspect.

Though necessary to mention the settings I was using whereas they could have affected the results.

And that was part of the description of what happened on my system.

Thought you asked if anyone else experienced similar things.

Am I missing something? ???

I cannot exclude an issue on my system and it looks like I get different results after applying kb931125 root updates.

Please confirm if manually adding “Go Daddy Class 2 Certification Authority” to Windows’ Trusted Root Certification Authorities store sitll prevent D+ to validate Upgrade.exe certificate (when adding to Trusted Vendors) unlike what happens if kb931125 is installed.

I seem to have them both as Foxit Corporation signed with the GoDaddy Class 2 Certificate which is in the Windows Trusted Root Certification Authorities store.

Maybe a name change from Foxit Software Company to Foxit Corporation is a factor as like you suggested when i add to “My Trusted Software Vendors” using the digital signature of Upgrade.exe a new entry appears labelled Foxit Corporation. So D+ must be validating the signature.
Me thinks we need to get Foxit Corporation added to the Trusted Vendor list…

No it`s just me being facetious and failing terribly :-[

[attachment deleted by admin]

There might be another aspect to Foxit upgrade scenario. Took a copy of upgrade and tested using detect installer enabled.

A D+ elevation prompt was not triggered though it could have been a possibility whenever Upgrade.exe does not apparently have an UAC elevation manifest.

Does Win 7 usually trigger an UAC prompt for Upgrade.exe during Foxit updates?