jZip able to extract files from sandbox as untrusted [NBZ]

The bug/issue

  1. What you did:Extracted file from .zip archive
  2. What actually happened or you actually saw:the file was successfully extracted
  3. What you expected to happen or see:not to be able to do the above, because the program was in the SB and threated as untrusted
  4. How you tried to fix it & what happened:n/a
  5. Details (exact version) of any software involved with download link: http://www.jzip.com/
  6. Any other information (eg your guess regarding the cause, with reasons):n/a

Files appended

  1. Screenshots illustrating the bug:n/a
  2. Screenshots of related event logs or the active processes list:n/a
  3. A CIS config report or file. n/a
  4. Crash or freeze dump file:n/a

Your set-up

  1. CIS version, AV database version & configuration used:CIS 5 complete, internet security mode
  2. Whether you imported a configuration, if so from what version: no
  3. Defense+ and Sandbox OR Firewall security level:see above
  4. OS version, service pack, no of bits, UAC setting, & account type:Win 7 x 64 ultimate
  5. Other security and utility software running:MBAM on demand
  6. Virtual machine used (Please do NOT use Virtual box):no

Can you tell us to what folder you were unzipping to? Was the program automatically or manually sandboxed?

1.To Desktop
2.Automatically as unknown and untrusted.

It behaves the same here. The desktop is not one of the protected areas as far as I know. I remember we had a topic in the feedback board about this. It can be confusing to have something dropped there.

There is one in bugs topic for shortcuts not sure if you mean that one.


That’s the one. I had forgotten it was eventually posted in the bug board after it was first brought to attention in the feedback/announcement/news board.

I don’t think its probably reasonable to generally prevent sandboxed files writing to the desktop? Too many progs would fai?. So I guess this is a help issue, if Bequick wants to do this he needs to add an additional protected folder?


I agree it can be simply worked around by adding the Desktop to the protected areas.

I don’t think is’t probably reasonable a sandboxed program to do a thing.It’s sandboxed, right? Or it’s an illusion of sandboxing?
If I say untrusted, I mean untrusted.
IO don’t want a workaround.I want working CIS.

Maybe I’m not understanding what you are trying to accomplish. Are you saying your zip program was sandboxed, or the .zip file?

I would expect a program to run in the sandbox. Especially an action such as unzipping an archive, as that isn’t actually trying to execute anything inside the archive. What I wouldn’t expect it to do is harm my system in any lasting way. Did it do that? Perhaps then you might say CIS isn’t working…

Do you use Sandboxie? Try sandboxing your zip program and watch it unzip a file.

My program was sandboxed as UNKNOWN and was threated as UNTRUSTED.How is it possible for a program, which is sandboxed, unknown and untrusted to do it’s stuff without a problem?
I hope you understand now.It was a test and I didn’t expect jZip to work in these conditions.

Sorry I am afraid we all missed this even though you included it above but not in Set up.

I just presumed that when you said untrusted it mean running the sandbox at default

You have change your Defense+ settings for the Sandbox from Partially Limited to Untrusted.

Then ran the program which was Unknown was sandboxed.

So no files should have been extracted to the Desktop.

Yes I missed this too, apologies. The mods are currently discussing this interesting issue, and one of us will get back to you soon.

Best wishes


Thank You!

OK forwarding this to format verified, on the basis that, from a users perspective, files treated as untrusted should not be able to drop files on the desktop.

The problem here is that changing this will probably require quite deep changes to CIS. (Protected files/folders to vary accoring to ‘treat file as’ setting). So I’m not sure this will change.

Happily you can adapte yourself by adding the desktop to protected files and using the | terminator. (plaese ask in help if you are not sure how). As a result some unrecognised files may not run - but you may feel this is a reasonable trade-off?

Best wishes