Dismiss my previous post. Disabled some options in Sandbox (Automatically recognise installer/updaters and run them outside Sandbox) and I started getting crazy thanks to our dear D+ alerts.
Blocked them all systematically and got 340/340 xD
Haha, I love Default Deny xD
I got 340/340. Enable ALL options under Image Execution Control Settings, Defense+ Settings (Paranoid Mode) and of course, disable “Automatically run unrecognized programs inside the Sandbox” and “Automatically recognize installers and run them outside the Sandbox”.
This is how I get 340/340 I set CIS to proactive mode. Then I go to the firewall settings, to the setalth port wizard, and select “alert me to incoming connections…”, then I go to the sandbox setting and uncheck " automatically detect installers and run…" how run the leaktest, if you block everything you will see that it passes just fine without too many questions.
CLT was not designed to be used in a sandbox. It was designed to test the firewall and D+/HIPS only
Using it inside a sandbox or with a sandbox gives erroneous results
and Yes, you can enable the sandbox without compromising security. The CLT program is not designed to test the sandbox, and that it why you are supposed to turn off the sandbox for the test. The developers tested 15,000 malware files against the sandbox, and none of the malware files were able to run after rebooting (some harmless files may get dropped on your hard drive, but the malware cannot “infect” your computer and cause harm).