I’m having a bit of an annoying problem with the most recent version of Sandbox isolating the file (atiphexx.exe) repeatedly. I defined this file as a trusted file, yet it keeps getting sandboxed as untrusted, everytime I logon to my PC. This causes the executable to hang and crash, without fail, upon trying to load. When I view the event in Firewall and right click the file and select add to trusted files, it states that this file is already a safe file… I’ve researched the file and I’ve narrowed out the troubleshooting steps, that involved the possibility of this file changing it’s hash, so it doesn’t seem this is the reason. Upon research, it’s determined that this file is an ATI Control Panel executable, that is often given the scarlet letter, due to naming similarity to the AGOBOT worm of '04 88)
I’ve considered the option of defining the file as trusted by it’s file name instead of hash, however, considering the situation, it seems that this would be highly risky, since there is a worm that commonly uses the same name. However I’ve verified this file as clean, (please refer to VT/Jotti links below). Any help would be much appreciated as this is becoming a bit of a nagging issue.
http://virusscan.jotti.org/en/scanresult/9f2419517fe610b142b89eb79495b1a988c17417