Hi,
I have latest version CIS Pro. I use setting by Chiron. I have this settings:
AV - stateful
FW- custom
HIPS - OFF
Sandbox - fully virtualized
I found some suspect file today from malwaredomainlist.com. I downloaded it. When I try launch this file, CIS allow to run the virus. File is not launched in sandbox. Why?
The file is signed by Microsoft (probably it is false). Sorry for me English.
Which folder was the file downloaded to?
Also, can you please upload the file in question to VirusTotal and post a link to the results?
In addition, can you please explain what you are seeing that convinces you that the file is run outside the sandbox?
Sorry for so many questions. I just want to fully understand the situation.
Thanks.
Send it to VirusTotal and CAMAS for analysis.
I think you answered your own question when you stated the file was microsoft signed as comodo trusts these files.
what kind of “malicious” has Microsoft sign ??
Indeed!!
is the file malicious at all?
Makes you wonder.
How can a file be falsely signed?