How can that be? That folder is totally unnamed and in defense+ event log it is not even showing its path! Can any wise guy help me to understand about this?
For a couple of days defense+ is showing message that is asking that whether it should run that unnamed folder in sandbox or out of sandbox!
The Folder has no name. Just an usual yellow icon. Even though I have several times said it to keep it in sandbox, defense plus often showing the question message after starting pc.
I have encountered this when duplicating another user’s similar problem with ClickClean installed under Chrome.
The problem appeared to be a very long path.
You can find out which file is doing this by installing Microsoft process explorer, and under options turning off all highlighting except ‘Job’. When you get the alert, look at process explorer and report here which files are coloured brown. Even better post a screen shot!
I am afraid this is probably being caused by a process that opens and closes too quickly to easily catch it in p/e. Best thing is to try to work out the circumstances under which it happens. What have you done just before, then try to catch a file opening at about that time using process explorer - regrettably process explorer does not always have enough time to colour it brown.
I just can’t figure it out that how can I catch it?
Anyway, One thing I can remember is that before uninstalling Adobe creative suite this problem was not present.
One thing more, I installed flash player executable direct from adobe for firefox. Normally it gives a download link which is used by firefox to download the plugin. But in my case After downloading the flash player for firefox executable I installed it and after a while uninstalled it because that was unable to play youtube. Later I downloaded the plugin (by firefox).
I don’t know whether these can help you to suggest any remedy.
Whatever, I appreciate your support and take my thanks for spending your time and effort for helping me.
Adobe apps. often have their own updater so that is a possibility - although I’d expect the updater to be code signed, maybe some of the updates are not. You could try defining any adobe updater you can find as an installer updater in the Computer Security Policy. I would also check to see what executable you have that are in folders with long path lengths, then try running them to see if you can dupliocate the alert. Browser extensions are particularly likely as they can have long [paths esp. Chrome/Dragon. ClickClean, a browser cleaner does this on my system.
[Edit: It’s also worth looking in my pending files and making all the files in there that you trust safe, then rebooting].
If all else fails. You can install process monitor from Microsoft. This will log everything that is happening on your computer (well seemingly) - but you can filter it if you know what you are doing. Simply hours of fun! When you get a sandbox alert check the exact system time, and try to marry it up to a .exe invocation during the previous few minutes.
This post will self destruct in 5 seconds! (Seriously thanks for your thanks, not everyone realises we mods are volunteers!)