Hi, when i execute certain files they are detected as unrecognized, which isolates the application, but the problem is i cant run the application at all. I guess when an application isolated you should still be able to run it. But i get a " application failed to initialize properly " error. If i right click on it and sandbox it manually it works fine.
This is because when you choose right click run in the sandbox you are manually sandboxing the executable, and this by default virtualizes writes to protected folders.
When executables are automatically sandboxed they are prevented from writing to protected folders and keys. Most executables will still work because they don’t need to write to protected folders/keys, but a few won’t
In version 6.0 we expect (hope) that virtualisation will be extended to automatic sandboxing.
This isn’t the case at present IMO because the vitualisation facility needs further development (ie it does not quite work well enough!).
Thanks for the response
One more question, i believe you’re familiar with spyshelter keylogger test program. I wanted to determine how D+ would respond to the test program.
First i disabled the sandboxing feature, because as i mentioned earlier i wasnt able to run the application. And i had to disable D+ because it wouldnt let me run the app either. After managing to run the app, i re enabled D+, and launched the test, and it wasnt able to hook the keyboard or caprture my screen, D+ successfully blocked every attack(No pop ups).
Now, i right clicked on the test program and sandboxed it, and launched the app. It wasnt able to hook the keyboard, but it somehow managed to grab 3 screenshots from my system.
Can you please explain to me why this happens, why sandboxing it made me more vulnerable than when i was only being protected by D+?