Defence+ detects some programs as installer\updater that are not installers

Example: Download Dolphin download either 32 or 64 bit version current latest version 3.0.415 and unpack it somewhere

Now start dolphin.exe.

with “Automatically detect the installers / updaters and run them outside the Sandbox” enabled (default) Defence+ won’t react to it in anyway, will not add to trusted list, will not add to unrecognized list, will not give any alerts, nothing.

Uncheck “Automatically detect the installers / updaters and run them outside the Sandbox” option and it will be “sandboxed”

I mean if an emulator can run with installer rights (unrestricted) why can’t malware?

and unchecking this option by default will cause trouble with normal installers…without trusted signature.

P.s. Auto sandbox message is misleading… message says “Application isolated” when it’s not, application rights are just slightly dropped (depending on your “treat unrecognized files as” setting)

p.s. 2 if you have something against emulators you can try free video converter called super Download SUPER 2021.Build.78+3D+Recorder for Windows - same thing happens

CIS categorises any programs that asks for raised privileges as an installer, if it trusts the program it grants installer/updater rights. If it does not (ie its unrecognised) it sandboxes it.

I agree this is a bit confusing, maybe it should call such programs ‘privileged’ or something. However the basic principle is that trusted means fully trusted, so if a trusted file needs extra rights it gets them.

Also agree re isolated - but finding a word that is not used as a policy name is difficult - and the actual name of te auto-sandbox policy is not very reassuring - ‘partially limited’. ‘Limited’ would be OK, but its the name of the policy that used to be used for sandboxing, and so would confuse. Maybe ‘constrained’ or 'placed under control’l?

Best wishes


If that’s true then how come it “trusts” the file with “Automatically detect the installers / updaters and run them outside the Sandbox” option on (doesn’t give any alerts \ logs) and doesn’t trust the same file with this option off so the file goes in unrecognized files?

As for “auto sandbox” message why not say as is meaning “application rights are dropped to partially limited \ limited”

It’s likely moot at this point, because the upcoming version 6 is supposed to have a fully virtualized automatic sandbox. So then it will be isolated.

Well it should not, and if it does on your system then I guess the installation may be corrupt, or it may be a bug. I’ll fire up a VM and see what happens.

Best wishes


I have checked carefully using Super build 49, and all functions correctly in my Vmware XP SP3 virtual machine.

Super is looked up online and declared safe whether ‘automatically detect’ is set off or on.

It does not appear in unrecognised files. It runs correctly with raised privs.

I think probably either you have configured CIS in an unusual way or your installation is perhaps corrupt. I’d suggest firing up a standard configuration first using More ~ Manage Configurations. If this fails, a complete re-install using the normal uninstaller, then the forced re-installer may be called for.

Or maybe you are using a different OS. Can anyone replicate this on another non-XP OS?

Best wishes


I did complete re-install of CIS.

Now when detect installers is chacked super.exe is detected as safe and placed in trusted files list, no further alerts or logs.

With the option unchecked (super.exe deleted from trusted list for testing purposes), super.exe gets detected again and put in trusted list, but file \spk\flvdec.spk gets sandboxed.

Situation with dolphin emulator remains the same (no alerts with checked option and sandboxed without it).

os: win 7 sp1 x64

Try adding dolphin.exe to the Exclusions of Detect shellcode injections (i.e. Buffer overflow protection) and see if that helps.

Sorry you continue to have this problem,

I have just tried full installation on a XP SP3 VM, and Dolphin is correctly detected as an unrecognised file and sandboxed.

And then tried just Dolphin.exe on my production Win7 machine, and it is correctly detected as an unrecognised file and samdboxed.

One thing to check would be whether you have enhanced protection mode switched on under D+ ~ D+ settings.

Another would be whether you have any other security programs running as they can conflict. If so try uninstalling them as see if that helps. If it does you may be able to resolve the conflic using the suggestions here.

A third thing to do would be to try a complete bare metal re-install using the forced reinstaller as described here.

Hope this helps