I tested a piece of malware and while the program was sandboxed (apparently), the program was able to set two tasks in the Task Scheduler. These tasks run different malicious EXEs at logon and at certain time intervals (but thankfully they get sandboxed). I thought tasks were meant to be protected?
I can upload the malware if anybody else wants to test.
I’m thinking that the program actually executes other EXEs outside of the sandbox.
Are you running this on Vista/Win7 or WinXP? and as Admin or as standard/limited user?
Can you PM me the link to this one, but it think sandboxed apps are able to create new files, so creating a scheduled task could be possible.
I think a limited user on XP can also create a scheduled task. So it could be normal behavior.
As long as the executed files are also sandboxed at system startup and/or schedule execution time.