Example: Download Dolphin download either 32 or 64 bit version current latest version 3.0.415 and unpack it somewhere
Now start dolphin.exe.
with “Automatically detect the installers / updaters and run them outside the Sandbox” enabled (default) Defence+ won’t react to it in anyway, will not add to trusted list, will not add to unrecognized list, will not give any alerts, nothing.
Uncheck “Automatically detect the installers / updaters and run them outside the Sandbox” option and it will be “sandboxed”
I mean if an emulator can run with installer rights (unrestricted) why can’t malware?
and unchecking this option by default will cause trouble with normal installers…without trusted signature.
P.s. Auto sandbox message is misleading… message says “Application isolated” when it’s not, application rights are just slightly dropped (depending on your “treat unrecognized files as” setting)
CIS categorises any programs that asks for raised privileges as an installer, if it trusts the program it grants installer/updater rights. If it does not (ie its unrecognised) it sandboxes it.
I agree this is a bit confusing, maybe it should call such programs ‘privileged’ or something. However the basic principle is that trusted means fully trusted, so if a trusted file needs extra rights it gets them.
Also agree re isolated - but finding a word that is not used as a policy name is difficult - and the actual name of te auto-sandbox policy is not very reassuring - ‘partially limited’. ‘Limited’ would be OK, but its the name of the policy that used to be used for sandboxing, and so would confuse. Maybe ‘constrained’ or 'placed under control’l?
If that’s true then how come it “trusts” the file with “Automatically detect the installers / updaters and run them outside the Sandbox” option on (doesn’t give any alerts \ logs) and doesn’t trust the same file with this option off so the file goes in unrecognized files?
As for “auto sandbox” message why not say as is meaning “application rights are dropped to partially limited \ limited”
Well it should not, and if it does on your system then I guess the installation may be corrupt, or it may be a bug. I’ll fire up a VM and see what happens.
I have checked carefully using Super build 49, and all functions correctly in my Vmware XP SP3 virtual machine.
Super is looked up online and declared safe whether ‘automatically detect’ is set off or on.
It does not appear in unrecognised files. It runs correctly with raised privs.
I think probably either you have configured CIS in an unusual way or your installation is perhaps corrupt. I’d suggest firing up a standard configuration first using More ~ Manage Configurations. If this fails, a complete re-install using the normal uninstaller, then the forced re-installer may be called for.
Or maybe you are using a different OS. Can anyone replicate this on another non-XP OS?
Now when detect installers is chacked super.exe is detected as safe and placed in trusted files list, no further alerts or logs.
With the option unchecked (super.exe deleted from trusted list for testing purposes), super.exe gets detected again and put in trusted list, but file \spk\flvdec.spk gets sandboxed.
Situation with dolphin emulator remains the same (no alerts with checked option and sandboxed without it).
I have just tried full installation on a XP SP3 VM, and Dolphin is correctly detected as an unrecognised file and sandboxed.
And then tried just Dolphin.exe on my production Win7 machine, and it is correctly detected as an unrecognised file and samdboxed.
One thing to check would be whether you have enhanced protection mode switched on under D+ ~ D+ settings.
Another would be whether you have any other security programs running as they can conflict. If so try uninstalling them as see if that helps. If it does you may be able to resolve the conflic using the suggestions here.
A third thing to do would be to try a complete bare metal re-install using the forced reinstaller as described here.