I noticed the following behaviour (I’m running 5.8 beta) which appears to me somehow dangerous :
If I try to run some malware, the file is
sanboxed as an unrecognized file
blocked by the antivirus
The problem is that you might (as I did), at stage 1, click “automatically” (because I often do that for files that I know safe) on “Don’t isolate again” which results in making the file trusted!
Then the next time you run the file…
So I was wondering if this could be changed, that is to say we wouldn’t get a sanbox alert when a file is blocked by the antivirus, avoiding the danger of possibly making it trusted.
By the way, maybe it’s a good idea to quarantine automatically threats found by the resident instead of blocking them.
What do you think?
You can change the behavior from Block to Quarantine if you wish. Antivirus → Scanner Settings → Real Time Scanning.
As for the issue of accidentally trusting the wrong file, all I can say is that it would be a good idea to read the alert before clicking on anything. Answering any alert incorrectly could compromise the security of your system.
I always liked the previous autosandbox alert. Where it was simple for average users & option for experts. The alert use to say “There is nothing you have to do” which was good for average users & More Options was there on the alert wherein “Dont Isolate & Hide This Alert” were there which was good for expert users.