Is it possible to see whats running in the sandbox?

Is it possible to see whats running in the sandbox?

Currently Untrusted/ Sandboxed files will be in “My pending files” and logged in defense + events log. But to see whether they are running in memory you will have to use task manager.


There is no way to determine if a program is currently running the sandbox. “My pending files” and the events log only tell you when an untrusted program has been previously sandboxed, but they do not tell you what is currently running in the sandbox (neither does task manager).

Many people have already suggested a “Currently sandboxed applications” option (see pics). These issues seem to be a low priority, but hopefully they will fix it.

[attachment deleted by admin]

Well if you get the sandbox pop for say 1.exe and its still running in memory (in task manager under processes) you can be pretty certain is currently sandboxed.

That is assuming you were sitting at your computer and saw the alert when it occurred. What if you are running a long malware scan or downloading a large file and you leave your computer unattended while doing these time consuming tasks? You will not see the alert!
Furthermore, a user should not have to assume something is in the sandbox. So, far the sandbox interface is rather poorly implemented.

That is precisely my point. It is one way of seeing. And I agree fully that there needs to be a better way to see what’s in there.

So do I. It’s on Whoop’s great list of improvements and my sandbox issues list so, hopefully…

Best wishes


If you terminate the process in the sandbox, will there be a button to eliminate the application if a person is 100% sure it´s malware, or it will have to wait for the signatures?

By the way does anyone know if the rest of the pop up´s of defense + (like key log or screen grab, set windows hooks), are being worked to be totally eliminated, and be even more user friendly (once the application is in the sandbox, no more questions are asked, except the firewall) .