Problem with Sandbox


I hope that someone help me how to properly use Sandbox in CIS.

The first is that I have a problem with one file in my system, which is “svchost.exe”. Sandbox is continuously trying to isolate this program. The very odd thing about it is that when I click on the program name in the window which appears to inform me that Sandbox is about to isolate this program, the another message appears: “Windows cannot find ‘C:\Users<login name>\AppData\Local\Temp\svchost.exe’. Make sure you typed the name correctly, and then try again.” I am confused seriously. What is happening here?

The second thing … I have noticed that recently Sandbox started to appear much I mean really much more often that it used to, right after I installed CIS. Why has it been changed.

Thanks for any suggestions :slight_smile:



Legit svchost.exe runs always at C:\Windows\system32\svchost.exe and it is a Microsoft signed file. Are you sure your computer is not infected? Did you run a full scanning?

Having svchost.exe in a non standard place is a very suspect. Please follow What to do if you’re infected - eXPerience Rev.3 and report back.

Can you please follow the methods in the link on How to Know If Your Computer Is Infected and let us know what you find?