Little Virtual Kiosk Test

XP SP3 32 Bits Real System
CFW & D+ without AV
HitmanPro detected nothing

I opened Virtual Kiosk & downloaded 20 malware on desktop. I ran every malware. Only 1 was detected by Cloud AV. After testing I restarted the system & reset the sandbox.

HitmanPro found malware in system restore information. Is it fine to found malware in system restore information when the test was done in VK?

Is it confirmed that CAV & Cloud AV detects malware in VK?

Definitely yes…it could be a problem…could someone take care of this topic??

Is it possible that something running on your real computer caused a new system restore point to be made? If this occurred then the files sitting in the Kiosk may have been backed up to the system restore point in System Restore Information.

I could absolutely be wrong, but this is my thought. Naren, can you please check to see if perhaps a System Restore Point was made around that time?

Hummm… I’m not sure about that: I mean, what’s the point in having a sandboxing software if files running inside the sandbox/VK can be saved in the System restore information? ???

I’m not sure how it works with Sandboxie either, but I’d love to hear from Naren as to whether or not this is actually the issue.

It looks like it does you have to change the sandbox path to C:\Temp\Sandbox to stop system restore saving the files.

Sorry, after the test I cleaned everything, disabled system restore & enabled it again that deleted all the restore points.

I will do a test again & post the results here.

:-TU

Thanks for this.

I did the test again, restarted the system.

Didn’t reset the sandbox - HitmanPro found malware in VT.

Reset the sandbox - HitmanPro found malware in system restore.

So I think reset the sandbox the files goes to system restore.

Attached is the screenshot. I forgot to take the screenshot of HitmanPro found malware in VT i.e before reset the sandbox.

Another thing…

I installed Avast AV in VK & Avast creates restore point. In real system Avast restore point is there, is it fine?

[attachment deleted by admin]