D+ Engine could not able to intercept malware properly

Soon? :BNC (:CLP) When? ;D

Thanks Egemen and J2045 for your kind analysis and replys…

Good news is that CIS could able to intercept properly outside the sanboxie… But i still wanted to get clarifed on some questions -

  1. Is that BO alert came from Antivirus or Image Exec Ctrl Settings → Detect Shell Code? Bcoz i have disabled real time virus scanner and using NOD32 for real time.
  1. If thats the case then how come it got alerted for sysgaurd.exe when it tried to create [at] c:\Sandbox\Harsha\DefaultBox\drive\C.….. path but not for host file changes

Thanks,
Harsha.

It came from D+ Detect Shell Code

You could try adding Sandbox folder to My protected files/folders.
Also Detection for this rouge with CAV’s has been added!

Omletguy,

I believe you did not understand my 2nd question clearly i guess. i have updated it again…nywayz here it is –
Why CIS alerted only for file creation (sysguard.exe) but not for host file changes even though their path is same for the both [b]C:\Sandbox\Harsha\DefaultBox\drive\C\WINDOWS[/b] which is not in the My Protected Files List. Or else am i missing something?

Thanks,
Harsha.

That alert you get is the installer reading the real windows folder

you see sandboxie lets anything running in it read outside folders but cant change them all changes happen in sanboxie folder thats not protected.

Hope this explains it!

Ok! Omletguy…ThanX for the explanation…